× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 56eebb8067af1febd1ecb35b4ece27fab83200ba6d4e1815749decdcdad9eb1b
File name: Firefox_Setup.exe
Detection ratio: 3 / 47
Analysis date: 2013-07-19 20:41:06 UTC ( 5 years, 5 months ago ) View latest
Antivirus Result Update
Avast Win32:Installer-K [PUP] 20130710
ESET-NOD32 a variant of Win32/Adware.iBryte.G 20130710
Kingsoft Win32.Troj.Generic.a.(kcloud) 20130708
Yandex 20130710
AhnLab-V3 20130710
AntiVir 20130710
Antiy-AVL 20130710
AVG 20130710
BitDefender 20130710
ByteHero 20130613
CAT-QuickHeal 20130708
ClamAV 20130710
Commtouch 20130710
Comodo 20130709
DrWeb 20130710
Emsisoft 20130710
eSafe 20130709
F-Prot 20130710
F-Secure 20130710
Fortinet 20130710
GData 20130710
Ikarus 20130710
Jiangmin 20130710
K7AntiVirus 20130709
K7GW 20130709
Kaspersky 20130710
Malwarebytes 20130710
McAfee 20130710
McAfee-GW-Edition 20130710
Microsoft 20130710
eScan 20130710
NANO-Antivirus 20130710
Norman 20130708
nProtect 20130710
Panda 20130710
PCTools 20130710
Rising 20130709
Sophos AV 20130710
SUPERAntiSpyware 20130710
Symantec 20130710
TheHacker 20130710
TotalDefense 20130710
TrendMicro 20130710
TrendMicro-HouseCall 20130710
VBA32 20130710
VIPRE 20130710
ViRobot 20130710
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Publisher Premium Installer
Signature verification Signed file, verified signature
Signing date 11:00 AM 7/29/2013
Signers
[+] Premium Installer
Status Valid
Issuer None
Valid from 1:00 AM 7/13/2013
Valid to 12:59 AM 8/3/2014
Valid usage Code Signing
Algorithm SHA1
Thumbprint 721DA8DDE60F3326B8CB6275A88D610B3E0B4D53
Serial number 35 BB 74 B9 05 C0 1C E6 1D A1 31 BA 49 33 7F 33
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer None
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer None
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-18 21:04:49
Entry Point 0x000031DC
Number of sections 4
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
WaitForSingleObject
HeapDestroy
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
IsValidLocale
GetEnvironmentStringsW
GetLocaleInfoW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeLibrary
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetDateFormatA
GetEnvironmentStrings
GetLocaleInfoA
HeapSize
GetCurrentProcessId
GetUserDefaultLCID
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetThreadContext
GetCurrentThread
GetTimeZoneInformation
CompareStringW
GetTempPathA
RaiseException
CompareStringA
WideCharToMultiByte
GetTimeFormatA
TlsFree
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetStringTypeA
CloseHandle
GetSystemTimeAsFileTime
EnumSystemLocalesA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
GetOEMCP
TerminateProcess
CreateProcessA
LCMapStringA
IsValidCodePage
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetConsoleCtrlHandler
SetLastError
InterlockedIncrement
Number of PE resources by type
RT_ICON 9
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:07:18 22:04:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
103424

LinkerVersion
9.0

EntryPoint
0x31dc

InitializedDataSize
948736

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 b0eab58c52f8461c1299855a015ec4b3
SHA1 6a87600793c8cc4f40899693bfc253ad08528863
SHA256 56eebb8067af1febd1ecb35b4ece27fab83200ba6d4e1815749decdcdad9eb1b
ssdeep
12288:i9cnu4Rfl55oUIJM8jo8F7ZPjQZpodiRQYTaMWMJMsgivxl5DbpND:ucnuktIJM8jjtjMoo+MXJMsgir5DHD

File size 1.0 MB ( 1059480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed

VirusTotal metadata
First submission 2013-07-19 20:41:06 UTC ( 5 years, 5 months ago )
Last submission 2013-07-29 10:00:25 UTC ( 5 years, 4 months ago )
File names vti-rescan
Firefox_Setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!