× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 40460e9ceeb06fd0710e3f80a67a5c6cbc610e4b481396c2bc6dbac74540a586
File name: Firefox Setup Stub 36.0.4.exe
Detection ratio: 1 / 55
Analysis date: 2015-12-18 17:55:27 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
Jiangmin Variant.Kazy.kx 20151218
Ad-Aware 20151218
AegisLab 20151218
Yandex 20151218
AhnLab-V3 20151218
Alibaba 20151208
ALYac 20151218
Antiy-AVL 20151218
Arcabit 20151218
Avast 20151218
AVG 20151218
Avira (no cloud) 20151218
AVware 20151218
Baidu-International 20151218
BitDefender 20151218
Bkav 20151218
ByteHero 20151218
CAT-QuickHeal 20151217
ClamAV 20151217
CMC 20151217
Comodo 20151218
Cyren 20151218
DrWeb 20151218
Emsisoft 20151218
ESET-NOD32 20151218
F-Prot 20151218
F-Secure 20151218
Fortinet 20151218
GData 20151218
Ikarus 20151218
K7AntiVirus 20151218
K7GW 20151218
Kaspersky 20151218
Malwarebytes 20151218
McAfee 20151218
McAfee-GW-Edition 20151218
Microsoft 20151218
eScan 20151218
NANO-Antivirus 20151218
nProtect 20151218
Panda 20151218
Qihoo-360 20151218
Rising 20151218
Sophos AV 20151218
SUPERAntiSpyware 20151218
Symantec 20151217
Tencent 20151218
TheHacker 20151218
TrendMicro 20151218
TrendMicro-HouseCall 20151218
VBA32 20151217
VIPRE 20151218
ViRobot 20151218
Zillya 20151218
Zoner 20151218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 7:14 AM 3/21/2015
Signers
[+] Mozilla Corporation
Status Valid
Issuer DigiCert Assured ID Code Signing CA-1
Valid from 1:00 AM 9/17/2013
Valid to 1:00 PM 9/21/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9153980CC186DF478F35229E11C9A7310449A1AA
Serial number 05 11 EA F8 57 9E 26 62 BE 62 2D E5 AE 0C D4 08
[+] DigiCert Assured ID Code Signing CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 PM 2/11/2011
Valid to 1:00 PM 2/10/2026
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 409AA4A74A0CDA7C0FEE6BD0BB8823D16B5F1875
Serial number 0F A8 49 06 15 D7 00 A0 BE 21 76 FD C5 EC 6D BD
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT NSIS, 7Z, UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-17 05:29:40
Entry Point 0x00021E30
Number of sections 3
PE sections
Overlays
MD5 ca689b6d7e8884d5917c1de475645cd8
File type data
Offset 70656
Size 172792
Entropy 8.00
PE imports
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
SysAllocString
ShellExecuteExA
SetTimer
Number of PE resources by type
RT_ICON 9
RT_STRING 2
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
PE resources
ExifTool file metadata
UninitializedDataSize
94208

InitializedDataSize
28672

ImageVersion
0.0

ProductName
7-Zip

FileVersionNumber
4.42.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
7z Setup SFX

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
7zS.sfx.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.42

TimeStamp
2014:04:17 06:29:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
7zS.sfx

ProductVersion
4.42

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (c) 1999-2006 Igor Pavlov

MachineType
Intel 386 or later, and compatibles

CompanyName
Igor Pavlov

CodeSize
40960

FileSubtype
0

ProductVersionNumber
4.42.0.0

EntryPoint
0x21e30

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
Compressed bundles
File identification
MD5 3b95804e91dcc12741c49c91d8d7afa4
SHA1 322c8198c56a1624dedc8daac2775056f1762972
SHA256 40460e9ceeb06fd0710e3f80a67a5c6cbc610e4b481396c2bc6dbac74540a586
ssdeep
6144:dvc6rBaDbBU05nHkKvtNIKqSDtIHR+HIgEhwE2hHq:d6DbBU05nHHPIRAIHR+HIgEhgs

authentihash 82ad2ecc6d739e7dacebab66f131c9bf762d92986632501af3f9f8a7d8ffa322
imphash 67b717da9ed8a8bd9f572a5820791f0c
File size 237.7 KB ( 243448 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay signed nsis upx via-tor

VirusTotal metadata
First submission 2015-03-21 20:49:42 UTC ( 4 years ago )
Last submission 2016-05-26 21:40:34 UTC ( 2 years, 9 months ago )
File names Firefox Setup Stub 36.0.4.exe.ubqu
Firefox Setup Stub 36.0.4(1).exe
firefox setup stub 36.0.4.exe.4sarybh.partial
unconfirmed 892653.crdownload
Firefox Setup Stub 36.0.4.exe
4wbiffvb.exe.part
Firefox Setup Stub 36.0.4.exe
firefox setup stub 36.0.4.exe.3j2jah1.partial
Firefox Setup Stub 36.0.4.exe
Firefox Setup Stub 36.0.4.exe
firefox setup stub 36.0.4.exe
Firefox Setup Stub 36.0.4(1).exe
firefox setup stub 36.0.4.exe.ihqq7pk.partial
pmprozxo.exe.part
firefox setup stub 36.0.4(2538).exe
firefox setup stub 36.0.4.exe.h79jrno.partial
filename
firefox setup stub 36.0.4.exe.lrqy32f.partial
26c5.tmp
firefox setup stub 36.0.4.exe.kdbonf0.partial
Firefox Setup Stub 36.0.4.exe
firefox%20setup%20stub%2036.0.4[1].exe
{e6003360-bfa3-4e72-b2ad-f1e8cfdf26a8}.tmp
Firefox Setup Stub 36.0.4.exe
Firefox Setup Stub 36.0.4.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Created mutexes
Runtime DLLs