softokn3.dll
First submission 2023-06-27 13:01:02
Last sumbission 2023-09-30 19:20:02
File details
File type: | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
Mime type: | application/x-dosexec |
File size: | 251.83 KB (257872 bytes) |
Compile time: | 2022-09-02 18:53:07 |
MD5: | 4e52d739c324db8225bd9ab2695f262f |
SHA1: | 71c3da43dc5a0d2a1941e874a6d015a071783889 |
SHA256: | 74ebbac956e519e16923abdc5ab8912098a4f64e38ddcb2eae23969f306afe5a |
Import Hash : | 32ef7516974ac0c43943c0635266c6fd |
Sections 6 | .text .rdata .data .00cfg .rsrc .reloc |
Directories 6 | import export resource debug relocation security |
Virus Total: | 0/70 VT report date: 2023-06-24 22:31:23 |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
URLs, FQDN and IP indicators 6
PE Sections 1 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x1000 | 0x2cb26 | 183296 | 2563cae8f6ad3f00fefe8709bf061dde5e35b398 | cf77805859da8b1eb38c9e516d626df2 | |
.rdata | 0x2e000 | 0xabd4 | 44032 | 08db63c25e87713b8bb0c11243d643dd02b95a2d | f6c6d56ba05bf3a969fcb268a9414d52 | |
.data | 0x39000 | 0xb98 | 2048 | 25d9134492ea59c34a511bf61d6015437c1707c0 | 2eb7215637c07a785f3ce6637a38512a | |
.00cfg | 0x3a000 | 0x4 | 512 | 9143293090898ce0f6f65ad11ed9b4dfba79143e | 611b8bebadf9127cbc32c240e50e912b | |
.rsrc | 0x3b000 | 0x380 | 1024 | 6bd94126c0049f56629e98865f7229922c737a4f | 298e8022aff6d987ef704d938c8c749f | |
.reloc | 0x3c000 | 0x35c8 | 13824 | 33dd7b681c589faa00de30bada40e2b0f33bd94c | 2086b88b13f50734eedbe1ff42e1a2ba |
PE Resources 1
Name | Language | Sublanguage | Offset | Size | Data |
---|---|---|---|---|---|
RT_VERSION | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x3b060 | 796 |
Meta infos 12
LegalCopyright: | License: MPL 2 |
InternalName: | |
FileVersion: | 104.0.2 |
CompanyName: | Mozilla Foundation |
BuildID: | 20220902153754 |
LegalTrademarks: | Mozilla |
Comments: | |
ProductName: | Firefox |
ProductVersion: | 104.0.2 |
FileDescription: | |
Translation: | 0x0000 0x04b0 |
OriginalFilename: | softokn3.dll |
Packers detected 1
Borland Delphi 3.0 (???) |
Anti debug functions 4
IsDebuggerPresent |
IsProcessorFeaturePresent |
TerminateProcess |
UnhandledExceptionFilter |
File signature
MD5 | SHA1 | Block size | Virtual Address |
---|---|---|---|
a6fcdf133ec4df52523d6b678a8729b3 | a2de4a7649b2f9bbb78a432a26b3083f595440fc | 12112 | 245760 |
Strings analysis - File found
Database |
%s%c%s%s%d.db |
_dOeSnotExist_.db |
Library |
softokn3.dll |
api-ms-win-crt-utility-l1-1-0.dll |
freebl3.dll |
api-ms-win-crt-heap-l1-1-0.dll |
api-ms-win-crt-stdio-l1-1-0.dll |
nss3.dll |
api-ms-win-crt-string-l1-1-0.dll |
vcruntime140.dll |
api-ms-win-crt-filesystem-l1-1-0.dll |
api-ms-win-crt-runtime-l1-1-0.dll |
api-ms-win-crt-convert-l1-1-0.dll |
api-ms-win-crt-environment-l1-1-0.dll |
KERNEL32.dll |
Strings analysis - Possible URLs found 22
http://crl4.digicert.com/sha2-assured-cs-g1.crl0K |
http://ocsp.digicert.com0 |
http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
http://www.digicert.com/CPS0 |
http://crl3.digicert.com/sha2-assured-cs-g1.crl05 |
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
http://ocsp.digicert.com0C |
http://ocsp.digicert.com0A |
http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
http://ocsp.digicert.com0N |
https://mozilla.org0/ |
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O |
http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0 |
http://ocsp.digicert.com0X |
http://crl4.digicert.com/DigiCertGlobalRootCA.crl07 |
http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
https://www.digicert.com/CPS0 |
Import functions
api-ms-win-crt-filesystem-l1-1-0.dll 1
api-ms-win-crt-runtime-l1-1-0.dll 8
api-ms-win-crt-heap-l1-1-0.dll 3
api-ms-win-crt-convert-l1-1-0.dll 2
api-ms-win-crt-string-l1-1-0.dll 5
api-ms-win-crt-environment-l1-1-0.dll 1
nss3.dll 111
KERNEL32.dll 13
api-ms-win-crt-utility-l1-1-0.dll 1
VCRUNTIME140.dll 6
api-ms-win-crt-stdio-l1-1-0.dll 1
PE Exports 10 suspicious
Function | Address |
---|---|
C_GetFunctionList | 0x1000cd10 |
C_GetInterface | 0x1000ceb0 |
C_GetInterfaceList | 0x1000cd20 |
FC_GetFunctionList | 0x10003f00 |
FC_GetInterface | 0x10003f60 |
FC_GetInterfaceList | 0x10003f10 |
NSC_GetFunctionList | 0x1000cd10 |
NSC_GetInterface | 0x1000cd70 |
NSC_GetInterfaceList | 0x1000cd20 |
NSC_ModuleDBFunc | 0x1000a3f0 |
Name | Latest seen | MD5 |
---|---|---|
softokn3.dll | 2023-09-25 17:47:02 | 63a1fe06be877497c4c2017ca0303537 |