× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 23dcf67e83871f52901cdf67f5d1aac52ddf745670d420654b6412827edd680b
File name: mozgest_20140215.xpi
Detection ratio: 5 / 50
Analysis date: 2016-07-09 20:16:59 UTC ( 1 year, 3 months ago )
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.151026.9950.9993 20160706
Bkav HW32.Packed.9EF1 20160708
Ikarus Trojan.Crypt 20160709
TrendMicro PAK_Generic.001 20160709
TrendMicro-HouseCall PAK_Generic.001 20160709
Ad-Aware 20160709
AegisLab 20160709
AhnLab-V3 20160709
Alibaba 20160708
ALYac 20160709
Antiy-AVL 20160709
Arcabit 20160709
Avast 20160709
AVG 20160709
AVware 20160709
BitDefender 20160709
CAT-QuickHeal 20160709
ClamAV 20160709
CMC 20160704
Comodo 20160709
Cyren 20160709
DrWeb 20160709
Emsisoft 20160709
ESET-NOD32 20160709
F-Prot 20160709
F-Secure 20160709
Fortinet 20160709
GData 20160709
Jiangmin 20160709
K7AntiVirus 20160709
K7GW 20160709
Kaspersky 20160709
Kingsoft 20160709
Malwarebytes 20160709
McAfee 20160709
McAfee-GW-Edition 20160709
Microsoft 20160709
eScan 20160709
NANO-Antivirus 20160709
nProtect 20160708
Panda 20160709
Qihoo-360 20160709
Sophos AV 20160709
SUPERAntiSpyware 20160709
Symantec 20160709
Tencent 20160709
TheHacker 20160709
VBA32 20160708
VIPRE 20160709
ViRobot 20160709
Zillya 20160709
Zoner 20160709
The file being studied is a compressed stream! More specifically, it is a Mozilla Firefox Extension file.
Interesting properties
The studied file contains at least one Portable Executable.
The file under inspection contains at least one ELF file.
The studied file contains at least one Mac OS X executable.
Contained files
Compression metadata
Contained files
63
Uncompressed size
367659
Highest datetime
2014-02-15 09:14:56
Lowest datetime
2014-02-15 03:20:00
Contained files by extension
js
15
xul
12
png
10
dll
2
so
2
dtd
2
xml
1
exe
1
rdf
1
css
1
Contained files by type
unknown
20
XML
13
directory
11
PNG
10
Portable Executable
3
JavaScript
2
ELF
2
Mac OS X Executable
2
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
20

ZipCRC
0x8ca68c03

FileType
ZIP

ZipCompression
Deflated

ZipUncompressedSize
1687

ZipCompressedSize
659

FileTypeExtension
zip

ZipFileName
install.rdf

ZipBitFlag
0x0002

ZipModifyDate
2014:02:15 03:20:00

File identification
MD5 27a11f722ba9ec7b393e68d0a9847796
SHA1 ffb6a5b843ac7df538a0bd635e1554cb5065e404
SHA256 23dcf67e83871f52901cdf67f5d1aac52ddf745670d420654b6412827edd680b
ssdeep
3072:bdyGv3jFYGHwNT3oPVOsJSP7MK9WrvAiF2OTebOIr:bdxLFZQNT31sJMMau/FxebOIr

File size 135.3 KB ( 138592 bytes )
File type Mozilla Firefox Extension
Magic literal
Zip archive data, at least v2.0 to extract

TrID Mozilla Firefox browser extension (66.6%)
ZIP compressed archive (33.3%)
Tags
xpi contains-macho contains-pe contains-elf

VirusTotal metadata
First submission 2014-04-09 09:17:34 UTC ( 3 years, 6 months ago )
Last submission 2016-07-09 20:16:59 UTC ( 1 year, 3 months ago )
File names mozgest_20140215.xpi
27a11f722ba9ec7b393e68d0a9847796_INF75EB.tmp
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!