297d73bd32d15d7cff713df0560a99fb8d853b29b5edcf795c83eade61e9ba30N

Sharing

Copy URL Twitter E-mail

General

Target

297d73bd32d15d7cff713df0560a99fb8d853b29b5edcf795c83eade61e9ba30N
Size

204KB
MD5

934e0148d8392a5236b4c09a275f9790
SHA1

6ccf3e47308e9b15a93dd55d96dbeddf82b26b83
SHA256

297d73bd32d15d7cff713df0560a99fb8d853b29b5edcf795c83eade61e9ba30
SHA512

d637c79b8744279c2ae3a9b14582747085a27c868fafdb669f9baf08466576c17a9b61994c18dc87b73368421753d6db78788c0c16df24a4aa1eb2d7a863cf58
SSDEEP

6144:zHsPNo5sDGNJ+7NDNt81DEMnKnyYyucSVp:rs2TIIDmcK

Score

1^/10

Malware Config

Signatures

Files

297d73bd32d15d7cff713df0560a99fb8d853b29b5edcf795c83eade61e9ba30N
.dll windows:5 windows x86 arch:x86

d528b55c75ad72bb62bd8c641998bd4c

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:e6:5a:d8:07:b8:49:7b:07:49:d4:15:68:d6:26:d0
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/07/2015, 00:00

Not After

13/07/2018, 12:00

Subject

CN=Mozilla Corporation,O=Mozilla Corporation,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:98:28:68:2d:12:fc:f4:be:a5:2f:4d:42:63:bd:f6:cf:73:9e:f9
Signer

Actual PE Digest

1a:98:28:68:2d:12:fc:f4:be:a5:2f:4d:42:63:bd:f6:cf:73:9e:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\obj-firefox\security\sandbox\win\src\sandboxbroker\sandboxbroker.pdb

Imports

kernel32

QueryPerformanceCounter
GetSystemTimeAsFileTime
QueryPerformanceFrequency
GetModuleHandleW
GetNativeSystemInfo
GetVersionExW
CreateProcessW
SetEvent
ReadProcessMemory
GetExitCodeProcess
GetModuleFileNameW
VirtualAllocEx
ResetEvent
CreateEventW
WriteProcessMemory
SuspendThread
LocalFree
SetInformationJobObject
GetQueuedCompletionStatus
InitializeCriticalSection
GetProcessId
RegisterWaitForSingleObject
PostQueuedCompletionStatus
CreateIoCompletionPort
TerminateJobObject
UnregisterWaitEx
VirtualFreeEx
SetHandleInformation
VirtualFree
GetProcessHandleCount
OpenProcess
GetCurrentProcessId
FreeLibrary
LoadLibraryW
CreateJobObjectW
AssignProcessToJobObject
CreateNamedPipeW
lstrlenW
DebugBreak
VirtualQueryEx
GetModuleHandleA
HeapSetInformation
SearchPathW
GetCurrentDirectoryW
TerminateProcess
GetTickCount
GetFileType
SignalObjectAndWait
CreateMutexW
UnmapViewOfFile
ProcessIdToSessionId
GetThreadContext
MapViewOfFile
CreateFileMappingW
GetFileAttributesW
GetLongPathNameW
QueryDosDeviceW
GetStdHandle
DisableThreadLibraryCalls
IsProcessorFeaturePresent
DecodePointer
EncodePointer
CloseHandle
ResumeThread
GetLastError
SetLastError
GetModuleHandleExW
GetProcAddress
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CreateThread
DuplicateHandle
GetCurrentThreadId
IsDebuggerPresent
RaiseException
Sleep
WaitForSingleObject
GetCurrentProcess
DeleteCriticalSection
VirtualProtectEx

user32

CreateWindowStationW
CloseDesktop
CloseWindowStation
CreateDesktopW
SetProcessWindowStation
GetThreadDesktop
GetUserObjectInformationW
GetProcessWindowStation

winmm

timeGetTime

advapi32

CopySid
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RevertToSelf
RegDisablePredefinedCache
CreateWellKnownSid
GetLengthSid
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateProcessAsUserW
SetThreadToken
LookupPrivilegeValueW
EqualSid
CreateRestrictedToken
OpenProcessToken
DuplicateTokenEx
DuplicateToken
ConvertStringSidToSidW
SetEntriesInAclW
SetSecurityInfo
GetSecurityInfo
SetTokenInformation
GetTokenInformation

msvcp120

?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
??Bid@locale@std@@QAEIXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_BADOFF@std@@3_JB
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ

msvcr120

_amsg_exit
_malloc_crt
_initterm
_initterm_e
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
__clean_type_info_names_internal
memcmp
memcpy
memset
memmove
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
_strnicmp
_vscwprintf_p
_vswprintf_p
free
malloc
??_V@YAXPAX@Z
abort
_wcsdup
getenv
_wcsnicmp
wmemcpy_s
rand_s
memcpy_s
_wcsicmp
_vsnwprintf_s
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
__CppXcptFilter

Exports

Exports

??0SandboxBroker@mozilla@@QAE@ABV01@@Z
??0SandboxBroker@mozilla@@QAE@XZ
??1SandboxBroker@mozilla@@UAE@XZ
??4SandboxBroker@mozilla@@QAEAAV01@ABV01@@Z
??_7SandboxBroker@mozilla@@6B@
?AddTargetPeer@SandboxBroker@mozilla@@QAE_NPAX@Z
?AllowDirectory@SandboxBroker@mozilla@@QAE_NPB_W@Z
?AllowReadFile@SandboxBroker@mozilla@@QAE_NPB_W@Z
?AllowReadWriteFile@SandboxBroker@mozilla@@QAE_NPB_W@Z
?LaunchApp@SandboxBroker@mozilla@@QAE_NPB_W0_NPAPAX@Z
?ProvideLogFunction@sandboxing@mozilla@@YAXP6AXPBD00_NI@Z@Z
?SetSecurityLevelForGMPlugin@SandboxBroker@mozilla@@QAE_NXZ
?SetSecurityLevelForIPDLUnitTestProcess@SandboxBroker@mozilla@@QAE_NXZ
?SetSecurityLevelForPluginProcess@SandboxBroker@mozilla@@QAE_NH@Z
?sBrokerService@SandboxBroker@mozilla@@0PAVBrokerServices@sandbox@@A
IsSandboxedProcess
_TargetCreateNamedPipeW@36
_TargetCreateProcessA@44
_TargetCreateProcessW@44
_TargetGdiDllInitialize@12
_TargetGetStockObject@8
_TargetNtCreateEvent@24
_TargetNtCreateFile@48
_TargetNtCreateKey@32
_TargetNtMapViewOfSection@44
_TargetNtOpenEvent@16
_TargetNtOpenFile@28
_TargetNtOpenKey@16
_TargetNtOpenKeyEx@20
_TargetNtOpenProcess@20
_TargetNtOpenProcessToken@16
_TargetNtOpenProcessTokenEx@20
_TargetNtOpenThread@20
_TargetNtOpenThreadToken@20
_TargetNtOpenThreadTokenEx@24
_TargetNtQueryAttributesFile@12
_TargetNtQueryFullAttributesFile@12
_TargetNtSetInformationFile@24
_TargetNtSetInformationThread@20
_TargetNtUnmapViewOfSection@12
_TargetRegisterClassW@8
g_handles_to_close
g_interceptions
g_nt
g_originals
g_shared_IPC_size
g_shared_delayed_integrity_level
g_shared_delayed_mitigations
g_shared_policy_size
g_shared_section

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d528b55c75ad72bb62bd8c641998bd4c

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

09:e6:5a:d8:07:b8:49:7b:07:49:d4:15:68:d6:26:d0Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1a:98:28:68:2d:12:fc:f4:be:a5:2f:4d:42:63:bd:f6:cf:73:9e:f9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

winmm

advapi32

msvcp120

msvcr120

Exports

Exports

Sections

.text Size: 98KB - Virtual size: 98KB

.rdata Size: 90KB - Virtual size: 89KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 6KB - Virtual size: 6KB

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

09:e6:5a:d8:07:b8:49:7b:07:49:d4:15:68:d6:26:d0
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1a:98:28:68:2d:12:fc:f4:be:a5:2f:4d:42:63:bd:f6:cf:73:9e:f9
Signer

.text
Size: 98KB - Virtual size: 98KB

.rdata
Size: 90KB - Virtual size: 89KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 6KB - Virtual size: 6KB