× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 638c97872b11cb2c619c466e015030b537e2127466464be3540cb06d231d4848
File name: WorkingFireplace-3654-1-1-0-1554532855.zip
Detection ratio: 0 / 58
Analysis date: 2019-04-06 06:43:02 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Acronis 20190330
Ad-Aware 20190406
AegisLab 20190406
AhnLab-V3 20190405
Alibaba 20190402
ALYac 20190406
Antiy-AVL 20190406
Arcabit 20190406
Avast 20190406
Avast-Mobile 20190405
AVG 20190406
Avira (no cloud) 20190406
Babable 20180918
Baidu 20190318
BitDefender 20190406
Bkav 20190405
CAT-QuickHeal 20190405
ClamAV 20190405
CMC 20190321
Comodo 20190406
CrowdStrike Falcon (ML) 20190212
Cybereason 20190403
Cyren 20190406
DrWeb 20190406
eGambit 20190406
Emsisoft 20190406
Endgame 20190403
ESET-NOD32 20190406
F-Secure 20190406
FireEye 20190406
Fortinet 20190406
GData 20190406
Ikarus 20190405
Sophos ML 20190313
Jiangmin 20190406
K7AntiVirus 20190406
K7GW 20190406
Kaspersky 20190406
Kingsoft 20190406
Malwarebytes 20190406
MAX 20190406
McAfee 20190406
McAfee-GW-Edition 20190406
Microsoft 20190406
eScan 20190406
NANO-Antivirus 20190406
Palo Alto Networks (Known Signatures) 20190406
Panda 20190404
Qihoo-360 20190406
Rising 20190406
SentinelOne (Static ML) 20190317
Sophos AV 20190406
SUPERAntiSpyware 20190404
Symantec Mobile Insight 20190325
TACHYON 20190406
Tencent 20190406
TheHacker 20190405
TotalDefense 20190406
Trapmine 20190325
TrendMicro-HouseCall 20190406
Trustlook 20190406
VBA32 20190405
ViRobot 20190405
Yandex 20190404
Zillya 20190405
ZoneAlarm by Check Point 20190406
Zoner 20190406
The file being studied is a compressed stream! More specifically, it is a Google Chrome Extension file.
Interesting properties
The studied file contains at least one Portable Executable.
The ZIP magic number has been left instead of substituting it with Cr24, this is perfectly legit.
Contained files
Compression metadata
Contained files
6
Uncompressed size
14178
Highest datetime
2019-04-06 08:29:00
Lowest datetime
2019-03-17 21:20:52
Contained files by extension
dll
1
Contained files by type
unknown
3
directory
2
Portable Executable
1
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
10

ZipCRC
0x00000000

FileType
ZIP

ZipCompression
None

ZipUncompressedSize
0

ZipCompressedSize
0

FileTypeExtension
zip

ZipFileName
WorkingFireplace/

ZipBitFlag
0

ZipModifyDate
2019:04:06 08:29:00

File identification
MD5 f985df4c96db58faa8b01647a1bef1fb
SHA1 7053e680f96b802f637091b419cc2eb62b1289ff
SHA256 638c97872b11cb2c619c466e015030b537e2127466464be3540cb06d231d4848
ssdeep
192:esDTVKpXBwOqTW/JMOMQTnJQ5YJAQBArvrS8gf:e2opRwyMQdQ50ervm8E

File size 7.5 KB ( 7636 bytes )
File type Google Chrome Extension
Magic literal
Zip archive data, at least v1.0 to extract

TrID ZIP compressed archive (80.0%)
PrintFox/Pagefox bitmap (var. P) (20.0%)
Tags
zipped contains-pe crx

VirusTotal metadata
First submission 2019-04-06 06:43:02 UTC ( 1 month, 2 weeks ago )
Last submission 2019-04-06 06:43:02 UTC ( 1 month, 2 weeks ago )
File names WorkingFireplace-3654-1-1-0-1554532855.zip
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!