× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f98f758ebc81768726a67c37c5a9eb5924cf5be418e3e93999f0bdadda9c4bc2
File name: jfdbxm.exe
Detection ratio: 24 / 69
Analysis date: 2019-01-17 13:50:04 UTC ( 2 months ago ) View latest
Antivirus Result Update
Avast Win32:TrojanX-gen [Trj] 20190117
AVG Win32:DangerousSig [Trj] 20190117
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cylance Unsafe 20190117
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOSF 20190117
Fortinet W32/GenKryptik.CWPG!tr 20190117
Ikarus Trojan.Win32.Krypt 20190117
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 00545a521 ) 20190117
K7GW Trojan ( 00545a521 ) 20190117
Kaspersky Trojan.Win32.Shelma.agrv 20190117
McAfee GenericRXGU-HU!7B5C0E9D44C8 20190117
McAfee-GW-Edition Artemis!Trojan 20190117
Microsoft Trojan:Win32/Tiggre!plock 20190117
Palo Alto Networks (Known Signatures) generic.ml 20190117
Qihoo-360 Win32/Trojan.c06 20190117
Rising Trojan.Kryptik!8.8 (TFE:dGZlOgGdGh/E95++gA) 20190117
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/Qbot-R 20190117
Symantec ML.Attribute.HighConfidence 20190117
TrendMicro-HouseCall TrojanSpy.Win32.QAKBOT.THOAAGAI 20190117
Webroot Trojan.Dropper.Gen 20190117
ZoneAlarm by Check Point Trojan.Win32.Shelma.agrv 20190117
Acronis 20190117
Ad-Aware 20190117
AegisLab 20190117
AhnLab-V3 20190117
Alibaba 20180921
ALYac 20190117
Antiy-AVL 20190117
Arcabit 20190117
Avast-Mobile 20190117
Avira (no cloud) 20190117
Babable 20180918
Baidu 20190117
BitDefender 20190117
Bkav 20190117
CAT-QuickHeal 20190116
ClamAV 20190117
CMC 20190117
Comodo 20190117
Cybereason 20190109
Cyren 20190117
DrWeb 20190117
eGambit 20190117
Emsisoft 20190117
F-Prot 20190117
F-Secure 20190117
GData 20190117
Jiangmin 20190117
Kingsoft 20190117
Malwarebytes 20190117
MAX 20190117
eScan 20190117
NANO-Antivirus 20190117
Panda 20190117
SUPERAntiSpyware 20190116
TACHYON 20190117
Tencent 20190117
TheHacker 20190115
Trapmine 20190103
TrendMicro 20190117
Trustlook 20190117
VBA32 20190117
ViRobot 20190117
Yandex 20190117
Zillya 20190116
Zoner 20190117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 1994-2001 Netscape Communications Corporation

Product Network Security Services
Original name nss3.dll
Internal name nss3
File version 3.9
Description NSS Base Library
Signature verification Signed file, verified signature
Signing date 12:18 PM 1/16/2019
Signers
[+] IO Pro Limited
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 12:00 AM 12/11/2018
Valid to 11:59 PM 12/11/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 1973F73F04BEA4D97A0A5FBA38727888A729BEAB
Serial number 00 DF 22 DE 24 A2 29 73 E2 F3 B7 01 47 95 0E 96 4C
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 11:00 PM 05/08/2013
Valid to 10:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 12:00 AM 12/31/2015
Valid to 05:40 PM 07/09/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 05:31 PM 07/09/1999
Valid to 05:40 PM 07/09/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-16 19:18:17
Entry Point 0x0002AE3C
Number of sections 7
PE sections
Overlays
MD5 e6b56fff41a718f2d49b176b66fc2ccc
File type data
Offset 630784
Size 5312
Entropy 7.43
PE imports
PrivilegeCheck
AddUsersToEncryptedFile
GetUserNameW
CryptQueryObject
SetColorSpace
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
GetOEMCP
GetEnvironmentStringsW
HeapReAlloc
HeapDestroy
EncodePointer
OutputDebugStringA
TlsAlloc
GetCommMask
VirtualProtect
GetVersionExA
GetModuleFileNameA
RtlUnwind
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LoadLibraryExA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
UnhandledExceptionFilter
SetTapePosition
LCMapStringA
GetCPInfo
GetSystemDefaultLCID
InterlockedDecrement
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetSystemPowerStatus
TlsFree
QueryThreadCycleTime
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetSystemTimeAsFileTime
GetACP
WritePrivateProfileStructW
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
QueryPerformanceCounter
InitializeCriticalSection
HeapCreate
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
VarDateFromUdate
FindExecutableW
GetOpenClipboardWindow
GetKeyboardLayoutNameA
SetParent
RegisterDeviceNotificationW
CharLowerW
GetPropA
midiStreamPosition
ClosePrinter
OleDuplicateData
URLOpenStreamA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.9.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
NSS Base Library

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
434176

EntryPoint
0x2ae3c

OriginalFileName
nss3.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright 1994-2001 Netscape Communications Corporation

FileVersion
3.9

TimeStamp
2019:01:16 20:18:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
nss3

ProductVersion
3.9

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Netscape Communications Corporation

CodeSize
204800

ProductName
Network Security Services

ProductVersionNumber
3.9.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 7b5c0e9d44c8246abe6fb196a2eb1df2
SHA1 ff4e0b028435818b6019cea829775b6d8f46c3b9
SHA256 f98f758ebc81768726a67c37c5a9eb5924cf5be418e3e93999f0bdadda9c4bc2
ssdeep
12288:MgfS4ypKpTjAkgJgpBtWNXxswn61GD927Eqi:ogpTjAk7p6Ni62Gh2e

authentihash f86eba21d0643af637823360ac76b78b9cfdb3eac15171c9b934ef9ef881db68
imphash cbf1e07af30ee01a5d1762a0d81bad78
File size 621.2 KB ( 636096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2019-01-16 15:01:07 UTC ( 2 months ago )
Last submission 2019-01-16 15:01:07 UTC ( 2 months ago )
File names nss3.dll
jfdbxm.exe
nss3
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!