softokn3.dll

First submission 2023-06-27 13:01:02 Last sumbission 2023-09-30 19:20:02

File details

File type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 251.83 KB (257872 bytes)
Compile time: 2022-09-02 18:53:07
MD5: 4e52d739c324db8225bd9ab2695f262f
SHA1: 71c3da43dc5a0d2a1941e874a6d015a071783889
SHA256: 74ebbac956e519e16923abdc5ab8912098a4f64e38ddcb2eae23969f306afe5a
Import Hash : 32ef7516974ac0c43943c0635266c6fd
Sections 6 .text .rdata .data .00cfg .rsrc .reloc
Directories 6 import export resource debug relocation security
Virus Total: 0/70 VT report date: 2023-06-24 22:31:23

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 6

URL Host (FQDN/IP) Date Added
hXXp://217.196.96.138/063ec44b1db69f0e/softokn3.dll VirusTotal Report 217.196.96.138 VirusTotal Report 2023-09-30 19:20:03
hXXp://45.140.147.83/0d79b00b81d1cdb5/softokn3.dll VirusTotal Report 45.140.147.83 VirusTotal Report 2023-09-30 19:19:03
hXXp://208.91.189.189/05b85f6a6b0e9444/softokn3.dll VirusTotal Report 208.91.189.189 VirusTotal Report 2023-09-28 18:54:05
hXXp://193.201.8.110/c67be317e1e6e8d4/softokn3.dll VirusTotal Report 193.201.8.110 VirusTotal Report 2023-09-28 18:46:03
hXXp://91.103.253.2/bdc46bd1e5d3e260/softokn3.dll VirusTotal Report 91.103.253.2 VirusTotal Report 2023-09-26 07:03:03
hXXp://185.161.251.81/a4cf60df505c17ab/softokn3.dll VirusTotal Report 185.161.251.81 VirusTotal Report 2023-09-24 16:22:03

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x2cb26 183296 2563cae8f6ad3f00fefe8709bf061dde5e35b398 cf77805859da8b1eb38c9e516d626df2
.rdata 0x2e000 0xabd4 44032 08db63c25e87713b8bb0c11243d643dd02b95a2d f6c6d56ba05bf3a969fcb268a9414d52
.data 0x39000 0xb98 2048 25d9134492ea59c34a511bf61d6015437c1707c0 2eb7215637c07a785f3ce6637a38512a
.00cfg 0x3a000 0x4 512 9143293090898ce0f6f65ad11ed9b4dfba79143e 611b8bebadf9127cbc32c240e50e912b
.rsrc 0x3b000 0x380 1024 6bd94126c0049f56629e98865f7229922c737a4f 298e8022aff6d987ef704d938c8c749f
.reloc 0x3c000 0x35c8 13824 33dd7b681c589faa00de30bada40e2b0f33bd94c 2086b88b13f50734eedbe1ff42e1a2ba

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x3b060 796

Meta infos 12

LegalCopyright: License: MPL 2
InternalName:
FileVersion: 104.0.2
CompanyName: Mozilla Foundation
BuildID: 20220902153754
LegalTrademarks: Mozilla
Comments:
ProductName: Firefox
ProductVersion: 104.0.2
FileDescription:
Translation: 0x0000 0x04b0
OriginalFilename: softokn3.dll

Packers detected 1

Borland Delphi 3.0 (???)

Anti debug functions 4

IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter

File signature

MD5 SHA1 Block size Virtual Address
a6fcdf133ec4df52523d6b678a8729b3 a2de4a7649b2f9bbb78a432a26b3083f595440fc 12112 245760

Strings analysis - File found

Database
%s%c%s%s%d.db
_dOeSnotExist_.db
Library
softokn3.dll
api-ms-win-crt-utility-l1-1-0.dll
freebl3.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
nss3.dll
api-ms-win-crt-string-l1-1-0.dll
vcruntime140.dll
api-ms-win-crt-filesystem-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-convert-l1-1-0.dll
api-ms-win-crt-environment-l1-1-0.dll
KERNEL32.dll

Strings analysis - Possible URLs found 22

http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
http://ocsp.digicert.com0
http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
http://www.digicert.com/CPS0
http://crl3.digicert.com/sha2-assured-cs-g1.crl05
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://ocsp.digicert.com0C
http://ocsp.digicert.com0A
http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
http://ocsp.digicert.com0N
https://mozilla.org0/
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
http://ocsp.digicert.com0X
http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
https://www.digicert.com/CPS0

Import functions

PE Exports 10 suspicious

Function Address
C_GetFunctionList 0x1000cd10
C_GetInterface 0x1000ceb0
C_GetInterfaceList 0x1000cd20
FC_GetFunctionList 0x10003f00
FC_GetInterface 0x10003f60
FC_GetInterfaceList 0x10003f10
NSC_GetFunctionList 0x1000cd10
NSC_GetInterface 0x1000cd70
NSC_GetInterfaceList 0x1000cd20
NSC_ModuleDBFunc 0x1000a3f0
Name Latest seen MD5
softokn3.dll 2023-09-25 17:47:02 63a1fe06be877497c4c2017ca0303537