× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 19a3941e1c8b018ce7c4ba51896e8143ccb4291e86cd9a4fb3c7db887f8e0076
File name: 92376ea1526f38547a59d7cc812dc8bd61358c6d
Detection ratio: 18 / 57
Analysis date: 2015-09-23 13:51:18 UTC ( 3 years, 6 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Mikey.24978 20150923
AhnLab-V3 Trojan/Win32.MDA 20150923
Arcabit Trojan.Mikey.D6192 20150923
AVG Crypt4.CMEA 20150923
BitDefender Gen:Variant.Mikey.24978 20150923
Cyren W32/Agent.XL.gen!Eldorado 20150923
DrWeb Trojan.Inject1.56622 20150923
Emsisoft Gen:Variant.Mikey.24978 (B) 20150923
ESET-NOD32 a variant of Win32/Kryptik.DXYL 20150923
F-Prot W32/Agent.XL.gen!Eldorado 20150923
F-Secure Gen:Variant.Mikey.24978 20150923
Fortinet W32/Kryptik.DXUQ!tr 20150923
GData Gen:Variant.Mikey.24978 20150923
Kaspersky UDS:DangerousObject.Multi.Generic 20150923
Malwarebytes Trojan.CryptoLocker 20150923
eScan Gen:Variant.Mikey.24978 20150923
Rising PE:Malware.RDM.29!5.23[F1] 20150923
Sophos AV Mal/Wonton-BP 20150923
AegisLab 20150923
Yandex 20150922
Alibaba 20150923
ALYac 20150923
Antiy-AVL 20150923
Avast 20150923
Avira (no cloud) 20150923
AVware 20150923
Baidu-International 20150923
Bkav 20150923
ByteHero 20150923
CAT-QuickHeal 20150923
ClamAV 20150923
CMC 20150922
Comodo 20150923
Ikarus 20150923
Jiangmin 20150922
K7AntiVirus 20150923
K7GW 20150923
Kingsoft 20150923
McAfee 20150923
McAfee-GW-Edition 20150923
Microsoft 20150923
NANO-Antivirus 20150923
nProtect 20150923
Panda 20150922
Qihoo-360 20150923
SUPERAntiSpyware 20150923
Symantec 20150922
Tencent 20150923
TheHacker 20150922
TotalDefense 20150922
TrendMicro 20150923
TrendMicro-HouseCall 20150923
VBA32 20150923
VIPRE 20150923
ViRobot 20150923
Zillya 20150922
Zoner 20150923
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
©Firefox and Mozilla Developers; available under the MPL 2 license.

Publisher Mozilla Corporation
Product Tor Browser
Original name firefox.exe
Internal name Tor Browser
File version 38.2.1
Description Tor Browser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-22 11:20:29
Entry Point 0x000074C5
Number of sections 4
PE sections
Overlays
MD5 f1689175f756ebd1e3356d5e286eeec2
File type data
Offset 379392
Size 1326
Entropy 7.78
PE imports
GetTextMetricsW
TextOutW
CreateFontIndirectW
SetStretchBltMode
GetCharABCWidthsI
GetOutlineTextMetricsA
GetDeviceCaps
PaintRgn
GetColorAdjustment
DeleteDC
SetBkMode
EndDoc
GetRegionData
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
GetTextExtentPointW
GetCurrentObject
FillRgn
IntersectClipRect
EnumFontFamiliesExW
GetStockObject
UnrealizeObject
SelectClipRgn
CreateCompatibleDC
GetTextFaceA
CreateRectRgn
SelectObject
SetPolyFillMode
UpdateICMRegKeyA
CancelDC
GetTextColor
GetCharWidthFloatW
DeleteObject
SetRectRgn
DeleteMetaFile
GetStdHandle
WaitForSingleObject
SignalObjectAndWait
ReplaceFileW
GetFileAttributesW
GetLocalTime
GetProcessId
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnregisterWait
FreeEnvironmentStringsW
GetFileTime
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
GetStringTypeW
ResumeThread
FreeLibrary
FormatMessageW
IsWow64Process
GetThreadPriority
InitializeCriticalSection
OutputDebugStringW
GetStringTypeExW
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
QueueUserWorkItem
OutputDebugStringA
SetLastError
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
FlushViewOfFile
QueryPerformanceFrequency
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
DeleteTimerQueueTimer
RegisterWaitForSingleObject
EraseTape
CreateThread
SetNamedPipeHandleState
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
CreateSemaphoreW
SetCurrentDirectoryW
GlobalAlloc
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
CreateDirectoryW
DeleteFileW
GlobalLock
CreateFileMappingW
CompareStringW
GetFileSizeEx
GetFileInformationByHandle
GetTimeFormatA
ResetEvent
DuplicateHandle
GetProcAddress
SetEvent
GetProcessAffinityMask
GetTimeZoneInformation
ReadDirectoryChangesW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
UnmapViewOfFile
GetSystemInfo
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
VirtualQuery
TransactNamedPipe
CreateProcessW
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
WaitNamedPipeW
LockResource
lstrlenW
GetCPInfo
HeapSize
SetThreadAffinityMask
CancelIo
ReadConsoleW
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
VirtualAlloc
CompareStringA
DestroyMenu
PostQuitMessage
SetWindowPos
IsWindow
EndPaint
GetMessageTime
DispatchMessageW
GetCursorPos
ReleaseDC
GetMenu
GetClientRect
AllowSetForegroundWindow
GetActiveWindow
GetUpdateRgn
EnumClipboardFormats
GetTopWindow
GetMenuItemID
DestroyWindow
EnumWindows
GetMessageW
ShowWindow
EnumDisplayMonitors
PeekMessageW
EnableWindow
SetWindowPlacement
GetClipboardFormatNameW
IsCharAlphaA
TranslateMessage
GetAsyncKeyState
GetIconInfo
SetClipboardData
IsZoomed
GetWindowPlacement
LoadStringW
IsIconic
GetSubMenu
SetTimer
GetKeyboardLayout
CreateWindowExW
GetWindowLongW
SetFocus
GetMonitorInfoW
BeginPaint
DefWindowProcW
KillTimer
TrackMouseEvent
GetClipboardData
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
DrawTextExW
PostMessageW
CreatePopupMenu
CheckMenuItem
DrawIconEx
SetWindowTextW
CreateMenu
ClientToScreen
GetProcessWindowStation
TrackPopupMenu
PostThreadMessageW
GetMenuItemCount
ValidateRect
LoadCursorW
GetDC
InsertMenuW
SetForegroundWindow
OpenClipboard
EmptyClipboard
GetCaretBlinkTime
GetScrollRange
ScreenToClient
RemoveMenu
GetWindowThreadProcessId
MessageBoxW
SendMessageW
RegisterClassExW
SetMenu
AppendMenuW
AdjustWindowRectEx
SendMessageTimeoutW
MsgWaitForMultipleObjectsEx
RegisterClipboardFormatW
SetScrollInfo
GetKeyState
UpdateLayeredWindow
GetDoubleClickTime
EnableMenuItem
SystemParametersInfoW
MonitorFromWindow
SetRect
InvalidateRect
GetClassNameW
AdjustWindowRect
ModifyMenuW
GetFocus
wsprintfW
CloseClipboard
SetCursor
Number of PE resources by type
RT_MENU 8
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 9
NEUTRAL 3
PE resources
ExifTool file metadata
CodeSize
59904

FileDescription
Tor Browser

InitializedDataSize
318464

ImageVersion
0.0

ProductName
Tor Browser

FileVersionNumber
38.2.1.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
firefox.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
38.2.1

TimeStamp
2015:09:22 12:20:29+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Tor Browser

SubsystemVersion
5.0

ProductVersion
38.2.1

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

LegalCopyright
Firefox and Mozilla Developers; available under the MPL 2 license.

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla Corporation

BuildID
20000101000000

LegalTrademarks
Firefox is a Trademark of The Mozilla Foundation.

FileSubtype
0

ProductVersionNumber
38.2.1.0

EntryPoint
0x74c5

ObjectFileType
Dynamic link library

File identification
MD5 a22c16368bb6e7b87400eec8c96b2eb5
SHA1 b3ec44f648b06c95f94c1a8948053a6729fabad5
SHA256 19a3941e1c8b018ce7c4ba51896e8143ccb4291e86cd9a4fb3c7db887f8e0076
ssdeep
3072:4cxuhJnJNe+eqFWi+AB/MJ6oZ5qlRn0wM9g6uvj7al5ieGsxpYqPGeemnSBP7Bbd:cSMBUJVZcRncgDeluHjuE

authentihash 9b3d305f844d839aa3655fc4f08701c1f3f9d6b8b7e90f49ab4fedab374856a1
imphash fbca42879c508ffc16aec2722812ffe0
File size 371.8 KB ( 380718 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-09-23 13:51:18 UTC ( 3 years, 6 months ago )
Last submission 2015-09-23 13:51:18 UTC ( 3 years, 6 months ago )
File names Tor Browser
92376ea1526f38547a59d7cc812dc8bd61358c6d
firefox.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs