× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a3757646d4b6d7a0b3f1c26758680be3a27f6fa2a9c0289ef0d638b3cc6ea1dc
File name: nssdbm3
Detection ratio: 35 / 57
Analysis date: 2015-03-13 16:34:05 UTC ( 2 years, 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.14238 20150313
AhnLab-V3 Win-Trojan/FakeAV53.Gen 20150313
ALYac Gen:Variant.Kazy.14238 20150313
Avast Win32:MalOb-ID [Cryp] 20150313
AVG Win32/DH.FFBE0072{Mw} 20150313
Avira (no cloud) TR/Crypt.XPACK.Gen 20150313
Baidu-International Trojan.Win32.Zbot.bxry 20150313
BitDefender Gen:Variant.Kazy.14238 20150313
ByteHero Trojan.Win32.Heur.Gen 20150313
Comodo TrojWare.Win32.Trojan.Agent.Gen 20150313
Cyren W32/Bredolab.AQ.gen!Eldorado 20150313
DrWeb Trojan.PWS.Panda.639 20150313
Emsisoft Gen:Variant.Kazy.14238 (B) 20150313
ESET-NOD32 a variant of Win32/Kryptik.BCVA 20150313
F-Prot W32/Bredolab.AQ.gen!Eldorado 20150313
F-Secure Gen:Variant.Kazy.14238 20150313
Fortinet W32/Kryptik.HZ!tr 20150313
GData Gen:Variant.Kazy.14238 20150313
Ikarus Trojan-Spy.Win32.Zbot 20150313
K7AntiVirus Backdoor ( 04c4d91b1 ) 20150313
K7GW Backdoor ( 04c4d91b1 ) 20150313
Kaspersky Trojan-Spy.Win32.Zbot.bxry 20150313
Malwarebytes Trojan.FakeMoz 20150313
McAfee PWS-Zbot.gen.gc 20150313
McAfee-GW-Edition PWS-Zbot.gen.gc 20150313
Microsoft PWS:Win32/Zbot.gen!AF 20150313
eScan Gen:Variant.Kazy.14238 20150313
Norman Suspicious_Gen2.POYWQ 20150313
Panda Trj/Banker.JJG 20150311
Qihoo-360 HEUR/Malware.QVM01.Gen 20150313
Sophos Troj/Agent-RNY 20150313
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20150313
Symantec WS.Reputation.1 20150313
Tencent Win32.Trojan-spy.Zbot.Oyyh 20150313
VBA32 BScope.Trojan.Zbot.01367 20150312
AegisLab 20150313
Yandex 20150312
Alibaba 20150313
Antiy-AVL 20150313
AVware 20150313
Bkav 20150313
CAT-QuickHeal 20150313
ClamAV 20150313
CMC 20150313
Jiangmin 20150313
Kingsoft 20150313
NANO-Antivirus 20150313
nProtect 20150313
Rising 20150313
TheHacker 20150313
TotalDefense 20150313
TrendMicro 20150313
TrendMicro-HouseCall 20150313
VIPRE 20150313
ViRobot 20150313
Zillya 20150312
Zoner 20150313
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Mozilla Foundation
Product Network Security Services
Original name nssdbm3.dll
Internal name nssdbm3
File version 3.12.9.0 Basic ECC
Description Legacy Database Driver
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1998-08-25 16:37:55
Entry Point 0x0108FBC0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
FindAtomW
GetDC
WinVerifyTrust
Number of PE resources by type
RT_VERSION 3
RT_RCDATA 1
Number of PE resources by language
NEUTRAL 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
4096

ImageVersion
0.0

ProductName
Network Security Services

FileVersionNumber
3.12.9.0

UninitializedDataSize
17203200

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
4.34

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
3.12.9.0 Basic ECC

TimeStamp
1998:08:25 17:37:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
nssdbm3

ProductVersion
3.12.9.0 Basic ECC

FileDescription
Legacy Database Driver

OSVersion
4.0

OriginalFilename
nssdbm3.dll

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla Foundation

CodeSize
159744

FileSubtype
0

ProductVersionNumber
3.12.9.0

EntryPoint
0x108fbc0

ObjectFileType
Dynamic link library

File identification
MD5 41270f05b93a2bdc97adac613209df85
SHA1 29cd2cd2dc58783608179ac1a5d8d30e83995f93
SHA256 a3757646d4b6d7a0b3f1c26758680be3a27f6fa2a9c0289ef0d638b3cc6ea1dc
ssdeep
3072:kCiA2IIgLdwtOJlSxse5zcUTiyzPwxGHnacJAw/MavUPBruf90x32:kCzogxMGQ7zcPyzYxGHacTlU5uF0

authentihash 88fd8d64132adbd5065ed3d9fbfdb6144fa731744b9cc4ed5aa0304532711394
imphash 6fa2c1a4f54d5481f2d6113720179a0d
File size 160.0 KB ( 163840 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2015-03-13 16:34:05 UTC ( 2 years, 1 month ago )
Last submission 2015-03-13 16:34:05 UTC ( 2 years, 1 month ago )
File names nssdbm3
nssdbm3.dll
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections