× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 19163714fc37bf32fcd80ba16249f39223f1dcb4e4c05d3e76801965767de0dc
File name: Firefox
Detection ratio: 0 / 67
Analysis date: 2018-11-10 21:20:15 UTC ( 4 weeks ago )
Antivirus Result Update
Ad-Aware 20181110
AegisLab 20181110
AhnLab-V3 20181110
Alibaba 20180921
ALYac 20181110
Antiy-AVL 20181110
Arcabit 20181110
Avast 20181110
Avast-Mobile 20181110
AVG 20181110
Avira (no cloud) 20181110
Babable 20180918
Baidu 20181109
BitDefender 20181110
Bkav 20181110
CAT-QuickHeal 20181108
ClamAV 20181110
CMC 20181110
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181110
Cyren 20181110
DrWeb 20181110
Emsisoft 20181110
Endgame 20181108
ESET-NOD32 20181110
F-Prot 20181110
F-Secure 20181110
Fortinet 20181110
GData 20181110
Ikarus 20181110
Sophos ML 20181108
Jiangmin 20181110
K7AntiVirus 20181110
K7GW 20181109
Kaspersky 20181110
Kingsoft 20181110
Malwarebytes 20181110
MAX 20181110
McAfee 20181110
McAfee-GW-Edition 20181110
Microsoft 20181110
eScan 20181110
NANO-Antivirus 20181110
Palo Alto Networks (Known Signatures) 20181110
Panda 20181110
Qihoo-360 20181110
Rising 20181110
SentinelOne (Static ML) 20181011
Sophos AV 20181110
SUPERAntiSpyware 20181107
Symantec 20181110
Symantec Mobile Insight 20181108
TACHYON 20181110
Tencent 20181110
TheHacker 20181108
TotalDefense 20181110
TrendMicro 20181110
TrendMicro-HouseCall 20181110
Trustlook 20181110
VBA32 20181109
VIPRE 20181110
ViRobot 20181110
Webroot 20181110
Yandex 20181109
Zillya 20181109
ZoneAlarm by Check Point 20181110
Zoner 20181110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
©Firefox and Mozilla Developers; available under the MPL 2 license.

Product Firefox
Original name firefox.exe
Internal name Firefox
File version 37.0.1
Description Firefox
Signature verification Signed file, verified signature
Signing date 6:37 AM 4/3/2015
Signers
[+] Mozilla Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer DigiCert Assured ID Code Signing CA-1
Valid from 1:00 AM 9/17/2013
Valid to 1:00 PM 9/21/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9153980CC186DF478F35229E11C9A7310449A1AA
Serial number 05 11 EA F8 57 9E 26 62 BE 62 2D E5 AE 0C D4 08
[+] DigiCert Assured ID Code Signing CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 PM 2/11/2011
Valid to 1:00 PM 2/10/2026
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 409AA4A74A0CDA7C0FEE6BD0BB8823D16B5F1875
Serial number 0F A8 49 06 15 D7 00 A0 BE 21 76 FD C5 EC 6D BD
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-03 04:21:08
Entry Point 0x000024F1
Number of sections 5
PE sections
Overlays
MD5 2ee9cabfdedec770b89b624afae73a50
File type data
Offset 368640
Size 8304
Entropy 7.31
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
VerifyVersionInfoA
VirtualAllocEx
GetModuleFileNameW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetFileAttributesW
RtlUnwind
VerSetConditionMask
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
GetProcessIoCounters
LoadLibraryExA
GetConsoleMode
HeapSize
RaiseException
UnhandledExceptionFilter
GetCommandLineW
GetCPInfo
ExitProcess
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetProcAddress
SetEnvironmentVariableA
FlushInstructionCache
GetProcessHeap
SetStdHandle
ExpandEnvironmentStringsW
QueryPerformanceFrequency
WideCharToMultiByte
SetEnvironmentVariableW
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
ReadFile
GetCurrentProcessId
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
SetEndOfFile
SetDllDirectoryW
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
CompareStringW
GetOEMCP
TerminateProcess
LoadLibraryW
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
VirtualProtectEx
GetStringTypeW
TlsGetValue
Sleep
GetFileType
ReadConsoleW
TlsSetValue
EncodePointer
GetCurrentThreadId
WriteConsoleW
GetEnvironmentVariableW
SetLastError
LeaveCriticalSection
Number of PE resources by type
RT_ICON 15
RT_GROUP_ICON 6
RT_STRING 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 24
PE resources
Debug information
ExifTool file metadata
CodeSize
80896

SubsystemVersion
5.1

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
37.0.1.5570

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Firefox

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
295936

EntryPoint
0x24f1

OriginalFileName
firefox.exe

MIMEType
application/octet-stream

LegalCopyright
Firefox and Mozilla Developers; available under the MPL 2 license.

FileVersion
37.0.1

TimeStamp
2015:04:03 05:21:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Firefox

ProductVersion
37.0.1

UninitializedDataSize
0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla Corporation

BuildID
20150402191859

LegalTrademarks
Firefox is a Trademark of The Mozilla Foundation.

ProductName
Firefox

ProductVersionNumber
37.0.1.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 bb69268b5f4277a1cfc36a237e27fd87
SHA1 d1010dba62776c3a127d96dc039365ffc230f8c2
SHA256 19163714fc37bf32fcd80ba16249f39223f1dcb4e4c05d3e76801965767de0dc
ssdeep
6144:i9wwBZtpQc0JoIVR/SHdCzx5xoX3/Di6R/SHdCzxkWu:JwBZtpQc0JPo+03/DipUu

authentihash 8cf81dcce181e29a98b64e52cc7c80cf15c17cdc6b8040436a5b29cc5d57b46f
imphash 6fad6017aa03f581d7f45aa76d8ddf02
File size 368.1 KB ( 376944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-04-03 18:11:00 UTC ( 3 years, 8 months ago )
Last submission 2018-04-25 04:30:22 UTC ( 7 months, 2 weeks ago )
File names firefox.exe
firеfох.bаt.exe
firefox_2.exe
piratefox.exe
firefox.exe
firefox.ex_
00266e6c_1054_crypt_io_copy.tmp
7bbee079_4154_crypt_io_copy.tmp
firefox.exe
bb69268b5f4277a1cfc36a237e27fd87.exe
firefox.exe.moz-backup
moz44cf.tmp
VirusShare_bb69268b5f4277a1cfc36a237e27fd87
dc78ff.tmpscan
firefox.exe.moz-callback
avz00001.dta
3224cad4_2590_crypt_io_copy.tmp
firefox.exe
06149e31.tmp
filename
5688ff.tmpscan
firefox_ex_
firefox.bat.exe
firefox.exe
firefox.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications