× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b57272dad5526ecbd93679cfdbe13fda6fb1860688b696f1b98b9eb2d1cb65cc
File name: freebl3
Detection ratio: 0 / 54
Analysis date: 2014-11-04 13:41:11 UTC ( 4 years, 5 months ago )
Antivirus Result Update
Ad-Aware 20141104
AegisLab 20141104
Yandex 20141103
AhnLab-V3 20141104
Antiy-AVL 20141104
Avast 20141104
AVG 20141104
Avira (no cloud) 20141104
AVware 20141104
Baidu-International 20141103
BitDefender 20141104
Bkav 20141104
ByteHero 20141104
CAT-QuickHeal 20141104
ClamAV 20141104
CMC 20141104
Comodo 20141104
Cyren 20141104
DrWeb 20141104
Emsisoft 20141104
ESET-NOD32 20141104
F-Prot 20141104
F-Secure 20141104
Fortinet 20141104
GData 20141104
Ikarus 20141104
Jiangmin 20141103
K7AntiVirus 20141103
K7GW 20141104
Kaspersky 20141104
Kingsoft 20141104
Malwarebytes 20141104
McAfee 20141104
McAfee-GW-Edition 20141104
Microsoft 20141104
eScan 20141104
NANO-Antivirus 20141104
Norman 20141104
nProtect 20141104
Qihoo-360 20141104
Rising 20141103
Sophos AV 20141104
SUPERAntiSpyware 20141104
Symantec 20141104
Tencent 20141104
TheHacker 20141104
TotalDefense 20141104
TrendMicro 20141104
TrendMicro-HouseCall 20141104
VBA32 20141104
VIPRE 20141104
ViRobot 20141104
Zillya 20141103
Zoner 20141104
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Publisher Mozilla Corporation
Product Network Security Services
Original name freebl3.dll
Internal name freebl3
File version 3.14.0.1 Basic ECC
Description NSS freebl Library
Signature verification Signed file, verified signature
Signing date 12:50 AM 11/29/2012
Signers
[+] Mozilla Corporation
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 10/19/2013
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm SHA1
Thumbprint CAC47DBF634D24E9DC93072FE3C8EA6DC3946E89
Serial number 3D A9 38 6C 20 76 F7 38 EE 24 6B B8 E3 13 A4 D4
[+] Thawte Code Signing CA - G2
Status Valid
Issuer None
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7
Serial number 47 97 4D 78 73 A5 BC AB 0D 2F B3 70 19 2F CE 5E
[+] thawte
Status Valid
Issuer None
Valid from 1:00 AM 11/17/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
Counter signers
[+] Symantec Time Stamping Services Signer - G3
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 5/1/2012
Valid to 12:59 AM 1/1/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 8FD99D63FB3AFBD534A4F6E31DACD27F59504021
Serial number 79 A2 A5 85 F9 D1 15 42 13 D9 B8 3E F6 B6 8D ED
[+] VeriSign Time Stamping Services CA
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-11-28 22:28:08
Entry Point 0x00030F99
Number of sections 5
PE sections
PE imports
IsProcessorFeaturePresent
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
DisableThreadLibraryCalls
LoadLibraryA
GetCurrentProcess
GetVolumeInformationA
GetCurrentProcessId
UnhandledExceptionFilter
GetLogicalDrives
GetProcAddress
InterlockedCompareExchange
WideCharToMultiByte
FindNextFileW
InterlockedExchange
SetUnhandledExceptionFilter
GetTempPathW
GetSystemTimeAsFileTime
GetComputerNameA
FindFirstFileW
GlobalMemoryStatus
GetDiskFreeSpaceA
DecodePointer
TerminateProcess
FindClose
Sleep
GetTickCount
GetCurrentThreadId
strncmp
rand
fread
fclose
_time64
__dllonexit
_snwprintf
abort
_stat64i32
toupper
isdigit
fopen
__clean_type_info_names_internal
_amsg_exit
_lock
_onexit
_initterm_e
memset
_unlock
_crt_debugger_hook
_except_handler4_common
memcpy
_malloc_crt
_encoded_null
__CppXcptFilter
islower
_initterm
isupper
SHGetSpecialFolderPathW
calloc
malloc
frex
strdup
free
PR_CallOnce
PR_Read
PR_GetLibraryFilePathname
PR_WaitCondVar
PR_Seek
PR_Lock
PR_Free
PR_NotifyCondVar
PR_NotifyAllCondVar
PR_Close
PR_Unlock
PR_DestroyCondVar
PR_NewLock
PR_NewCondVar
PR_Open
PR_DestroyLock
NSS_SecureMemcmp
PORT_SetError_Util
PORT_NewArena_Util
PORT_Alloc_Util
SECITEM_ZfreeItem_Util
PORT_ZFree_Util
SECITEM_FreeItem_Util
PORT_FreeArena_Util
PORT_ArenaZAlloc_Util
PORT_GetError_Util
SECITEM_CompareItem_Util
SECITEM_CopyItem_Util
PORT_ZAlloc_Util
SECITEM_AllocItem_Util
PORT_Free_Util
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.14.0.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
88064

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
3.14.0.1 Basic ECC

TimeStamp
2012:11:28 23:28:08+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
freebl3

FileAccessDate
2014:11:04 14:50:23+01:00

ProductVersion
3.14.0.1 Basic ECC

FileDescription
NSS freebl Library

OSVersion
5.1

FileCreateDate
2014:11:04 14:50:23+01:00

OriginalFilename
freebl3.dll

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla Foundation

CodeSize
198144

ProductName
Network Security Services

ProductVersionNumber
3.14.0.1

EntryPoint
0x30f99

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 21e4f521930906bbf6095396b06420fc
SHA1 1b53d0d05278f0e16b746b11085886d49cf4ca98
SHA256 b57272dad5526ecbd93679cfdbe13fda6fb1860688b696f1b98b9eb2d1cb65cc
ssdeep
6144:mKQEsMCMP6ikTxydJb7zA93MSX2YY1+nqqDL6kPXGHrIrSwih:rQEsMCMP7893MSXhYvqn6oIp

authentihash 098486b9ab0e80b1b9abe62683f2c898de5364c7c96baa4dff880f9301f64f06
imphash 17b6781e9f6d807d6365980ab0a3003e
File size 270.5 KB ( 276960 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll signed

VirusTotal metadata
First submission 2013-12-05 20:51:46 UTC ( 5 years, 4 months ago )
Last submission 2013-12-05 20:51:46 UTC ( 5 years, 4 months ago )
File names freebl3.dll
freebl3
freebl3.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!