softokn3.dll

First submission 2023-06-25 09:20:02 Last sumbission 2023-12-06 10:13:04

File details

File type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 248.43 KB (254392 bytes)
Compile time: 2022-03-22 16:58:31
MD5: 63a1fe06be877497c4c2017ca0303537
SHA1: f4f9cbd7066afb86877bb79c3d23eddaca15f5a0
SHA256: 44be3153c15c2d18f49674a092c135d3482fb89b77a1b2063d01d02985555fe0
Import Hash : 32ef7516974ac0c43943c0635266c6fd
Sections 6 .text .rdata .data .00cfg .rsrc .reloc
Directories 6 import export resource debug relocation security
Virus Total: 0/70 VT report date: 2023-06-24 22:01:27

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://193.233.132.30/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll VirusTotal Report 193.233.132.30 VirusTotal Report 2023-12-06 10:13:05
hXXp://193.233.132.15/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll VirusTotal Report 193.233.132.15 VirusTotal Report 2023-12-04 10:31:05

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x2ca56 183296 d5460ade41f122adc366393a25d9d770321aae0b e2aaeccd0a84d7c8aca188ac438deb78
.rdata 0x2e000 0xac04 44544 c7575daabae6a9fe36f64e7ce6c506dadb3891b1 cc69154bc28fc175cfcb85aa7de76980
.data 0x39000 0xb98 2048 0c2135b1f0e1fe0546afbb385e5e43e6cb0fe129 469713a63fe9356b9c796b0c727e7c71
.00cfg 0x3a000 0x4 512 efcf5e362fa2cb1f4f1a8f25e5c67fbe87b4c9c9 6eea8162ea8b888e43f8691d49ecf55f
.rsrc 0x3b000 0x380 1024 4332ed3b363078c075c8202cc945ab2421531779 a16f8affefc8cf97b46d45c1930174ba
.reloc 0x3c000 0x3598 13824 76b4b5b3d519f6cb951d78fc8dc72c749fb74bf4 7d622bba7c060f468eed41e8dd5c6abc

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x3b060 796

Meta infos 12

LegalCopyright: License: MPL 2
InternalName:
FileVersion: 98.0.2
CompanyName: Mozilla Foundation
BuildID: 20220322144853
LegalTrademarks: Mozilla
Comments:
ProductName: Firefox
ProductVersion: 98.0.2
FileDescription:
Translation: 0x0000 0x04b0
OriginalFilename: softokn3.dll

Packers detected 1

Borland Delphi 3.0 (???)

Anti debug functions 4

IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter

File signature

MD5 SHA1 Block size Virtual Address
c8f8260c616cac80d9a9fbe2e75abc8d f571be190b37d47d2da21205b0ccff283ada97e3 8120 246272

Strings analysis - File found

Database
%s%c%s%s%d.db
_dOeSnotExist_.db
Library
softokn3.dll
api-ms-win-crt-utility-l1-1-0.dll
freebl3.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
nss3.dll
api-ms-win-crt-string-l1-1-0.dll
vcruntime140.dll
api-ms-win-crt-filesystem-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-convert-l1-1-0.dll
api-ms-win-crt-environment-l1-1-0.dll
KERNEL32.dll

Strings analysis - Possible URLs found 16

http://crl4.digicert.com/sha2-assured-ts.crl0
http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
http://ocsp.digicert.com0C
http://ocsp.digicert.com0O
https://mozilla.org0
http://www.digicert.com/CPS0
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
http://crl3.digicert.com/sha2-assured-cs-g1.crl05
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
http://ocsp.digicert.com0N
http://crl3.digicert.com/sha2-assured-ts.crl02
http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
https://www.digicert.com/CPS0

Import functions

PE Exports 10 suspicious

Function Address
C_GetFunctionList 0x1000cd90
C_GetInterface 0x1000cf30
C_GetInterfaceList 0x1000cda0
FC_GetFunctionList 0x10003ee0
FC_GetInterface 0x10003f40
FC_GetInterfaceList 0x10003ef0
NSC_GetFunctionList 0x1000cd90
NSC_GetInterface 0x1000cdf0
NSC_GetInterfaceList 0x1000cda0
NSC_ModuleDBFunc 0x1000a490
Name Latest seen MD5
softokn3.dll 2023-12-02 18:17:02 4e52d739c324db8225bd9ab2695f262f