× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 23fff8d4d88efd1a8ae8b6441eefc2ae2ad715b0a7cf5ca02c9d803c211c5548
File name: Thunderbird_Setup_24.3.0.exe
Detection ratio: 0 / 57
Analysis date: 2017-02-04 17:04:42 UTC ( 2 years, 1 month ago )
Antivirus Result Update
Ad-Aware 20170204
AegisLab 20170204
AhnLab-V3 20170204
Alibaba 20170122
ALYac 20170204
Antiy-AVL 20170204
Arcabit 20170204
Avast 20170204
AVG 20170204
Avira (no cloud) 20170204
AVware 20170204
Baidu 20170125
BitDefender 20170204
Bkav 20170204
CAT-QuickHeal 20170204
ClamAV 20170204
CMC 20170204
Comodo 20170204
CrowdStrike Falcon (ML) 20170130
Cyren 20170204
DrWeb 20170204
Emsisoft 20170204
ESET-NOD32 20170204
F-Prot 20170204
F-Secure 20170204
Fortinet 20170204
GData 20170204
Ikarus 20170204
Sophos ML 20170203
Jiangmin 20170203
K7AntiVirus 20170204
K7GW 20170204
Kaspersky 20170204
Kingsoft 20170204
Malwarebytes 20170204
McAfee 20170204
McAfee-GW-Edition 20170204
Microsoft 20170204
eScan 20170204
NANO-Antivirus 20170204
nProtect 20170204
Panda 20170204
Qihoo-360 20170204
Rising 20170204
Sophos AV 20170204
SUPERAntiSpyware 20170204
Symantec 20170203
Tencent 20170204
TheHacker 20170202
TotalDefense 20170204
TrendMicro 20170204
TrendMicro-HouseCall 20170204
Trustlook 20170204
VBA32 20170203
VIPRE 20170204
ViRobot 20170204
WhiteArmor 20170202
Yandex 20170204
Zillya 20170204
Zoner 20170204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Mozilla

Product Thunderbird
Original name 7zS.sfx.exe
Internal name 7zS.sfx
File version 4.42
Description Thunderbird
Signature verification Signed file, verified signature
Signing date 11:41 PM 1/31/2014
Signers
[+] Mozilla Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer DigiCert Assured ID Code Signing CA-1
Valid from 1:00 AM 9/17/2013
Valid to 1:00 PM 9/21/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9153980CC186DF478F35229E11C9A7310449A1AA
Serial number 05 11 EA F8 57 9E 26 62 BE 62 2D E5 AE 0C D4 08
[+] DigiCert Assured ID Code Signing CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 PM 2/11/2011
Valid to 1:00 PM 2/10/2026
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 409AA4A74A0CDA7C0FEE6BD0BB8823D16B5F1875
Serial number 0F A8 49 06 15 D7 00 A0 BE 21 76 FD C5 EC 6D BD
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT NSIS, Unicode, appended, 7Z, UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-14 16:50:17
Entry Point 0x00021DE0
Number of sections 3
PE sections
Overlays
MD5 7a453d7533af48a076c78b8ca8d19318
File type data
Offset 70144
Size 22082728
Entropy 8.00
PE imports
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
SysAllocString
ShellExecuteExA
SetTimer
Number of PE resources by type
RT_ICON 9
RT_STRING 2
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
PE resources
ExifTool file metadata
UninitializedDataSize
94208

InitializedDataSize
28672

ImageVersion
0.0

ProductName
Thunderbird

FileVersionNumber
4.42.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Thunderbird

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
7zS.sfx.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.42

TimeStamp
2013:06:14 17:50:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
7zS.sfx

ProductVersion
4.42

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Mozilla

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla

CodeSize
40960

FileSubtype
0

ProductVersionNumber
4.42.0.0

EntryPoint
0x21de0

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Compressed bundles
File identification
MD5 32d7ff3178ea0cfca0ea9c87722c5cda
SHA1 ef350e7b6fcb7fccb34ae905b67ecdd07c3b5d4c
SHA256 23fff8d4d88efd1a8ae8b6441eefc2ae2ad715b0a7cf5ca02c9d803c211c5548
ssdeep
393216:CiM17uOHABDV2xGZqMfUuriAvX2Rjxlv6Xy8t+nN6aS5q6wAkKaXjF:CiY7u0eJ2UZ/MurJoP6veN6aSXFkrjF

authentihash 40e95422d3204c9f503c1be059601a8354b9862bf8347223c52d9463d324a745
imphash 67b717da9ed8a8bd9f572a5820791f0c
File size 21.1 MB ( 22152872 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (39.3%)
Win32 EXE Yoda's Crypter (38.6%)
Win32 Dynamic Link Library (generic) (9.5%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.9%)
Tags
nsis peexe signed upx overlay

VirusTotal metadata
First submission 2014-02-04 06:46:16 UTC ( 5 years, 1 month ago )
Last submission 2017-02-04 17:04:42 UTC ( 2 years, 1 month ago )
File names Thunderbird_Setup_24.3.0.exe
7zS.sfx.exe
Thunderbird Setup 24.3.0.exe
thunderbird_setup_24.3.0_en-us.exe
mozillathunderbird.exe
thunderbird-24_3_0.exe
target.exe
Thunderbird Setup 24.3.0 (official) =clean=.exe
Thunderbird%20Setup%2024.3.0.exe
Thunderbird Setup 24.3.0.exe
filename
Thunderbird Setup 24.3.0.exe
Thunderbird 24.3.0.exe
423569
Thunderbird Setup 24.3.0(1).exe
Thunderbird Setup 24.3.0-1.exe
thunderbird setup 24.3.0.exe
Mozilla Thunderbird_24.3.exe
target.exe
32d7ff3178ea0cfca0ea9c87722c5cda-ThunderbirdSetup24.3.0.exe
Thunderbird Setup 24.3.0.exe
thunderbird_setup_24.3.0_enu.exe
Thunderbird Setup 24.3.0.exe
Mozilla-Thunderbird_24.3.0.exe
7zS.sfx
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!