DigitalSide Threat Intel

softokn3.dll

First submission 2023-02-06 10:43:02 Last sumbission 2024-10-18 08:13:02

File details

File type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
File size: 251.83 KB (257872 bytes)
Compile time: 2022-09-02 18:53:07
MD5: 4e52d739c324db8225bd9ab2695f262f
SHA1: 71c3da43dc5a0d2a1941e874a6d015a071783889
SHA256: 74ebbac956e519e16923abdc5ab8912098a4f64e38ddcb2eae23969f306afe5a
Import Hash : 32ef7516974ac0c43943c0635266c6fd
Sections 6 .text .rdata .data .00cfg .rsrc .reloc
Directories 6 security relocation debug resource export import

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 0/69 VT report date: 2023-02-06 01:42:18

URLs, FQDN and IP indicators 12

URL Host (FQDN/IP) Date Added
hXXp://91.211.248.209/c3fc6c66bf3bccb0/softokn3.dll VirusTotal Report 91.211.248.209 VirusTotal Report 2024-10-18 08:13:09
hXXp://147.45.41.134/b65e93b2e3fe9102/softokn3.dll VirusTotal Report 147.45.41.134 VirusTotal Report 2024-10-17 08:36:08
hXXp://185.216.71.126/0853a005e18f0946/softokn3.dll VirusTotal Report 185.216.71.126 VirusTotal Report 2024-10-16 22:18:07
hXXp://147.45.47.86/12182f9d6e8b5491/softokn3.dll VirusTotal Report 147.45.47.86 VirusTotal Report 2024-10-16 21:59:07
hXXp://91.214.78.178/094d58d3b8547ded/softokn3.dll VirusTotal Report 91.214.78.178 VirusTotal Report 2024-10-16 21:38:07
hXXp://91.211.248.13/7e94ecaaae676f92/softokn3.dll VirusTotal Report 91.211.248.13 VirusTotal Report 2024-10-16 08:49:07
hXXp://178.63.148.7/09f5d6b1c37d35fd/softokn3.dll VirusTotal Report 178.63.148.7 VirusTotal Report 2024-10-15 09:17:03
hXXp://185.244.219.195/ac45f2162b48380d/softokn3.dll VirusTotal Report 185.244.219.195 VirusTotal Report 2024-10-15 09:07:04
hXXp://178.159.43.166/0028a0f3432ee7b2/softokn3.dll VirusTotal Report 178.159.43.166 VirusTotal Report 2024-10-13 20:31:04
hXXp://95.217.125.57/557b2ce3c387a13c/softokn3.dll VirusTotal Report 95.217.125.57 VirusTotal Report 2024-10-13 16:19:05
hXXp://178.63.215.77/a43eb2d9880da9a6/softokn3.dll VirusTotal Report 178.63.215.77 VirusTotal Report 2024-10-12 18:34:05
hXXp://45.91.200.43/b112953a9d0b6fc2/softokn3.dll VirusTotal Report 45.91.200.43 VirusTotal Report 2024-10-12 02:10:05

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x2cb26 183296 2563cae8f6ad3f00fefe8709bf061dde5e35b398 cf77805859da8b1eb38c9e516d626df2
.rdata 0x2e000 0xabd4 44032 08db63c25e87713b8bb0c11243d643dd02b95a2d f6c6d56ba05bf3a969fcb268a9414d52
.data 0x39000 0xb98 2048 25d9134492ea59c34a511bf61d6015437c1707c0 2eb7215637c07a785f3ce6637a38512a
.00cfg 0x3a000 0x4 512 9143293090898ce0f6f65ad11ed9b4dfba79143e 611b8bebadf9127cbc32c240e50e912b
.rsrc 0x3b000 0x380 1024 6bd94126c0049f56629e98865f7229922c737a4f 298e8022aff6d987ef704d938c8c749f
.reloc 0x3c000 0x35c8 13824 33dd7b681c589faa00de30bada40e2b0f33bd94c 2086b88b13f50734eedbe1ff42e1a2ba

Packers detected 1

Borland Delphi 3.0 (???)

File signature

MD5 SHA1 Block size Virtual Address
a6fcdf133ec4df52523d6b678a8729b3 a2de4a7649b2f9bbb78a432a26b3083f595440fc 12112 245760

Strings analysis - File found

Library
KERNEL32.dll
api-ms-win-crt-environment-l1-1-0.dll
api-ms-win-crt-convert-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-filesystem-l1-1-0.dll
vcruntime140.dll
api-ms-win-crt-string-l1-1-0.dll
nss3.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
freebl3.dll
api-ms-win-crt-utility-l1-1-0.dll
softokn3.dll
Database
_dOeSnotExist_.db
%s%c%s%s%d.db

Strings analysis - Possible URLs found 22

https://www.digicert.com/CPS0
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
http://ocsp.digicert.com0X
http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
https://mozilla.org0/
http://ocsp.digicert.com0N
http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
http://ocsp.digicert.com0A
http://ocsp.digicert.com0C
http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
http://crl3.digicert.com/sha2-assured-cs-g1.crl05
http://www.digicert.com/CPS0
http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
http://ocsp.digicert.com0
http://crl4.digicert.com/sha2-assured-cs-g1.crl0K

PE Exports 10 suspicious

Function Address
NSC_ModuleDBFunc 0x1000a3f0
NSC_GetInterfaceList 0x1000cd20
NSC_GetInterface 0x1000cd70
NSC_GetFunctionList 0x1000cd10
FC_GetInterfaceList 0x10003f10
FC_GetInterface 0x10003f60
FC_GetFunctionList 0x10003f00
C_GetInterfaceList 0x1000cd20
C_GetInterface 0x1000ceb0
C_GetFunctionList 0x1000cd10