× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e1636e9ad2b78d2f6500c5046db2872c912bd7f7f23ce86c02c72a291b860a08
File name: qwydbbcdu.png
Detection ratio: 24 / 70
Analysis date: 2019-01-17 08:19:40 UTC ( 2 months ago ) View latest
Antivirus Result Update
Avast Win32:TrojanX-gen [Trj] 20190117
AVG FileRepMalware 20190117
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20181023
Cylance Unsafe 20190117
Cyren W32/Trojan.NHPJ-1428 20190117
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CWPG 20190117
Fortinet W32/GenKryptik.CWPG!tr 20190117
Ikarus Win32.Outbreak 20190116
Sophos ML heuristic 20181128
K7GW Trojan ( 00545a521 ) 20190117
Kaspersky Backdoor.Win32.Qbot.agko 20190117
MAX malware (ai score=99) 20190117
McAfee GenericRXGU-HU!40BD588D8B08 20190117
McAfee-GW-Edition Artemis!Trojan 20190117
Microsoft Trojan:Win32/Fuery.B!cl 20190117
Palo Alto Networks (Known Signatures) generic.ml 20190117
Qihoo-360 Win32/Backdoor.BO.542 20190117
Rising Trojan.Kryptik!8.8 (TFE:dGZlOgGdGh/E95++gA) 20190117
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/Qbot-R 20190117
Symantec ML.Attribute.HighConfidence 20190117
Webroot W32.Trojan.Gen 20190117
ZoneAlarm by Check Point Backdoor.Win32.Qbot.agko 20190117
Acronis 20190117
Ad-Aware 20190117
AegisLab 20190117
AhnLab-V3 20190117
Alibaba 20180921
ALYac 20190117
Antiy-AVL 20190116
Arcabit 20190117
Avast-Mobile 20190117
Avira (no cloud) 20190117
Babable 20180918
Baidu 20190117
BitDefender 20190117
Bkav 20190116
CAT-QuickHeal 20190116
ClamAV 20190117
CMC 20190116
Comodo 20190117
Cybereason 20190109
DrWeb 20190117
eGambit 20190117
Emsisoft 20190117
F-Prot 20190117
F-Secure 20190117
GData 20190117
Jiangmin 20190117
K7AntiVirus 20190117
Kingsoft 20190117
Malwarebytes 20190117
eScan 20190117
NANO-Antivirus 20190117
Panda 20190116
SUPERAntiSpyware 20190116
TACHYON 20190117
Tencent 20190117
TheHacker 20190115
Trapmine 20190103
TrendMicro 20190117
TrendMicro-HouseCall 20190117
Trustlook 20190117
VBA32 20190116
VIPRE 20190117
ViRobot 20190117
Yandex 20190117
Zillya 20190116
Zoner 20190117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 1994-2001 Netscape Communications Corporation

Product Network Security Services
Original name nss3.dll
Internal name nss3
File version 3.9
Description NSS Base Library
Signature verification Signed file, verified signature
Signing date 11:27 AM 1/16/2019
Signers
[+] IO Pro Limited
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 12:00 AM 12/11/2018
Valid to 11:59 PM 12/11/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 1973F73F04BEA4D97A0A5FBA38727888A729BEAB
Serial number 00 DF 22 DE 24 A2 29 73 E2 F3 B7 01 47 95 0E 96 4C
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 11:00 PM 05/08/2013
Valid to 10:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 11:00 PM 05/23/2016
Valid to 11:00 PM 06/23/2027
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 63B82FAB61F583909695050B00249C502933EC79
Serial number 11 21 D6 99 A7 64 97 3E F1 F8 42 7E E9 19 CC 53 41 14
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 09:00 AM 04/13/2011
Valid to 12:00 PM 01/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 09/01/1998
Valid to 12:00 PM 01/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-17 04:31:13
Entry Point 0x0002AF82
Number of sections 7
PE sections
Overlays
MD5 476ea72adde70e461ee57f98e1ad45e9
File type data
Offset 630784
Size 6464
Entropy 7.46
PE imports
PrivilegeCheck
AddUsersToEncryptedFile
GetUserNameW
CryptQueryObject
SetColorSpace
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
GetOEMCP
GetEnvironmentStringsW
HeapReAlloc
HeapDestroy
ExitProcess
OutputDebugStringA
TlsAlloc
GetCommMask
VirtualProtect
GetVersionExA
GetModuleFileNameA
RtlUnwind
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LoadLibraryExA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
UnhandledExceptionFilter
SetTapePosition
LCMapStringA
GetCPInfo
GetSystemDefaultLCID
InterlockedDecrement
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetSystemPowerStatus
GetStringTypeA
QueryThreadCycleTime
WideCharToMultiByte
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetSystemTimeAsFileTime
GetACP
WritePrivateProfileStructW
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
QueryPerformanceCounter
InitializeCriticalSection
HeapCreate
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
EncodePointer
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
VarDateFromUdate
FindExecutableW
GetOpenClipboardWindow
GetKeyboardLayoutNameA
SetParent
RegisterDeviceNotificationW
CharLowerW
GetPropA
midiStreamPosition
ClosePrinter
OleDuplicateData
URLOpenStreamA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.9.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
NSS Base Library

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
434176

EntryPoint
0x2af82

OriginalFileName
nss3.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright 1994-2001 Netscape Communications Corporation

FileVersion
3.9

TimeStamp
2019:01:17 05:31:13+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
nss3

ProductVersion
3.9

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Netscape Communications Corporation

CodeSize
204800

ProductName
Network Security Services

ProductVersionNumber
3.9.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 40bd588d8b0808ae1d62e56ae36075da
SHA1 5090f5ae8dde44d90ec0f0062fdd9b6d1131ce99
SHA256 e1636e9ad2b78d2f6500c5046db2872c912bd7f7f23ce86c02c72a291b860a08
ssdeep
12288:LqivwWuN14Ng53uRtWR4S0LJxZzDzdura0Ecx:34rvIRGH0Ltxu+0V

authentihash 7050c812f06da4567e320f4df7d8f6ca8454b15f2e8d84cb100dba3e12ccf5c0
imphash 633543410f820b0611a66f397e70742a
File size 622.3 KB ( 637248 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2019-01-16 19:22:03 UTC ( 2 months ago )
Last submission 2019-01-16 19:22:03 UTC ( 2 months ago )
File names nss3.dll
qwydbbcdu.png
nss3
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!