freebl3.dll
First submission 2023-02-06 10:39:01
File details
File type: | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
File type: | 669.33 KB (685392 bytes) |
Compile time: | 2022-09-02 18:53:07 |
MD5: | 550686c0ee48c386dfcb40199bd076ac |
SHA1: | ee5134da4d3efcb466081fb6197be5e12a5b22ab |
SHA256: | edd043f2005dbd5902fc421eabb9472a7266950c5cbaca34e2d590b17d12f5fa |
Import Hash : | f781fa19ee3108d3fcdb3967b70bbdf5 |
Sections 6 | .text .rdata .data .00cfg .rsrc .reloc |
Directories 6 | security relocation debug resource export import |
Virus Total: | 0/68 VT report date: 2023-02-06 01:42:21 |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
URLs, FQDN and IP indicators 49
PE Sections 2 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x1000 | 0x80c95 | 527872 | 8436ccc2a34632f47c9e1adcef2f1a1b5f14efde | 6e3626d2271b78d42d646159d0b9c9a2 | |
.rdata | 0x82000 | 0x206c4 | 133120 | 18215be397cc191726d33368ecc83e04eaa70032 | 1f2db9bf557bbf2fbc56e1821605126d | |
.data | 0xa3000 | 0x463c | 512 | ed675095bb52a589bffc1c259bb4ad128e3c6229 | 9332b6379db7791ae2cd552085c6ffa6 | |
.00cfg | 0xa8000 | 0x4 | 512 | 26ea52ea5f1edc106377e79520659fda08d061af | 3e88e89b3dcafaf3699d2c8c2c3c897e | |
.rsrc | 0xa9000 | 0x378 | 1024 | 3076071c06ec24e1982887f5ce55b004984f15c7 | d5f4c3c911ff336192b64ebaa9fab7a6 | |
.reloc | 0xaa000 | 0x23f0 | 9216 | e8a592a1c3b9c7b7c578631f20eaad1a293332f9 | a93e29d0b0b0b39e1da4084a41dcb105 |
PE Resources 1
Name | Language | Sublanguage | Offset | Size | Data |
---|---|---|---|---|---|
RT_VERSION | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0xa9060 | 792 |
Meta infos 12
BuildID: | 20220902153754 |
OriginalFilename: | freebl3.dll |
Translation: | 0x0000 0x04b0 |
InternalName: | |
FileVersion: | 104.0.2 |
LegalTrademarks: | Mozilla |
ProductVersion: | 104.0.2 |
FileDescription: | |
LegalCopyright: | License: MPL 2 |
Comments: | |
ProductName: | Firefox |
CompanyName: | Mozilla Foundation |
Packers detected 1
Borland Delphi 3.0 (???) |
Anti debug functions 4
IsDebuggerPresent |
IsProcessorFeaturePresent |
TerminateProcess |
UnhandledExceptionFilter |
Anti debug functions 1
Bochs & QEmu CPUID Trick |
File signature
MD5 | SHA1 | Block size | Virtual Address |
---|---|---|---|
952a7d7423c8a2b375edb162e36f4e27 | aa3c0324db5f08bf932b4c064105a532ca3591d0 | 12112 | 673280 |
Strings analysis - File found
Library |
KERNEL32.dll |
api-ms-win-crt-runtime-l1-1-0.dll |
nss3.dll |
vcruntime140.dll |
api-ms-win-crt-string-l1-1-0.dll |
api-ms-win-crt-heap-l1-1-0.dll |
api-ms-win-crt-time-l1-1-0.dll |
ADVAPI32.dll |
api-ms-win-crt-utility-l1-1-0.dll |
freebl3.dll |
Strings analysis - Possible URLs found 22
https://www.digicert.com/CPS0 |
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
http://crl4.digicert.com/DigiCertGlobalRootCA.crl07 |
http://ocsp.digicert.com0X |
http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0 |
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O |
https://mozilla.org0/ |
http://ocsp.digicert.com0N |
http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
http://ocsp.digicert.com0A |
http://ocsp.digicert.com0C |
http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
http://crl3.digicert.com/sha2-assured-cs-g1.crl05 |
http://www.digicert.com/CPS0 |
http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
http://ocsp.digicert.com0 |
http://crl4.digicert.com/sha2-assured-cs-g1.crl0K |
Import functions
PE Exports 1 suspicious
Function | Address |
---|---|
FREEBL_GetVector | 0x10058980 |