× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 68683743ee80e2f62fd9b5a1b5bd7134b9bc37c8dcfb4f3d78357a1f06f83e99
File name: AXwsHOP.exe
Detection ratio: 36 / 54
Analysis date: 2014-08-16 10:35:04 UTC ( 3 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1801898 20140816
Yandex Trojan.Injector!8jo3MIbqVz4 20140815
AhnLab-V3 Dropper/Win32.Necurs 20140815
AntiVir TR/Rogue.194560.3 20140816
Antiy-AVL Worm/Win32.Ngrbot 20140816
Avast Win32:Dropper-gen [Drp] 20140816
AVG Crypt3.AJMV 20140816
AVware Trojan.Win32.Generic!BT 20140816
Baidu-International Worm.Win32.Ngrbot.aNo 20140816
BitDefender Trojan.GenericKD.1801898 20140816
Bkav W32.NoroanG.Trojan 20140816
DrWeb Win32.HLLW.Autoruner2.1926 20140816
Emsisoft Trojan.GenericKD.1801898 (B) 20140816
ESET-NOD32 a variant of Win32/Injector.BJSB 20140816
F-Secure Trojan.GenericKD.1801898 20140816
Fortinet W32/Yakes.FHJN!tr 20140816
GData Trojan.GenericKD.1801898 20140816
Ikarus Trojan.Win32.Injector 20140816
K7AntiVirus Trojan ( 0049ff561 ) 20140814
K7GW Trojan ( 0049ff561 ) 20140814
Kaspersky Worm.Win32.Ngrbot.agls 20140816
Kingsoft Worm.Ngrbot.ag.(kcloud) 20140816
Malwarebytes Trojan.Ransom.ED 20140816
McAfee RDN/Sdbot.worm!cb 20140816
McAfee-GW-Edition RDN/Sdbot.worm!cb 20140815
Microsoft Worm:Win32/Dorkbot.I 20140816
eScan Trojan.GenericKD.1801898 20140816
NANO-Antivirus Trojan.Win32.Inject.ddthpz 20140816
nProtect Trojan.GenericKD.1801898 20140814
Panda Trj/Chgt.B 20140815
Qihoo-360 HEUR/Malware.QVM10.Gen 20140816
Sophos AV Troj/Wonton-FP 20140816
Symantec WS.Reputation.1 20140816
Tencent Win32.Worm.Ngrbot.Akzk 20140816
TrendMicro-HouseCall Suspicious_GEN.F47V0811 20140816
VIPRE Trojan.Win32.Generic!BT 20140816
AegisLab 20140816
ByteHero 20140816
CAT-QuickHeal 20140816
ClamAV 20140816
CMC 20140814
Commtouch 20140816
Comodo 20140816
F-Prot 20140816
Jiangmin 20140815
Norman 20140816
Rising 20140816
SUPERAntiSpyware 20140816
TheHacker 20140814
TotalDefense 20140816
TrendMicro 20140816
VBA32 20140816
ViRobot 20140816
Zoner 20140811
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
©Thunderbird and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.

Product Thunderbird
Original name thunderbird.exe
Internal name Thunderbird
File version 8.0
Description Thunderbird
Comments Mozilla Thunderbird Mail and News Client
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-11 07:25:03
Entry Point 0x0000AB34
Number of sections 4
PE sections
PE imports
Polygon
GetTextCharset
TranslateCharsetInfo
GdiGetBatchLimit
GetCharWidthI
EndDoc
GetDCBrushColor
SetAbortProc
FrameRgn
SetDIBitsToDevice
PlayEnhMetaFile
GetAspectRatioFilterEx
CreateRoundRectRgn
RoundRect
GetRasterizerCaps
PolyBezier
GetCharWidth32W
CloseMetaFile
CombineTransform
SetTextCharacterExtra
UpdateICMRegKeyW
ColorCorrectPalette
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
GetOEMCP
GetEnvironmentStringsW
HeapDestroy
EncodePointer
OutputDebugStringA
TlsAlloc
GetVersionExA
VirtualProtect
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
FreeEnvironmentStringsA
DeleteCriticalSection
SetProcessWorkingSetSize
LoadLibraryExA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
UnhandledExceptionFilter
SetTapePosition
LCMapStringA
GetCPInfo
ExitProcess
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetThreadContext
ReadFileScatter
CreateFileMappingW
AssignProcessToJobObject
GetStringTypeA
WideCharToMultiByte
GetThreadIOPendingFlag
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CreateMemoryResourceNotification
CloseHandle
GetSystemTimeAsFileTime
GetProcessWorkingSetSize
TerminateProcess
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TransmitCommChar
QueryPerformanceCounter
GetCurrentProcess
EncodeSystemPointer
HeapCreate
VirtualQuery
VirtualFree
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
CopyAcceleratorTableA
UpdateLayeredWindow
DrawAnimatedRects
GetIconInfo
GetSubMenu
GetMenuDefaultItem
ActivateKeyboardLayout
GetInputState
GetRawInputData
GetMenuBarInfo
SetWinEventHook
GetClipboardFormatNameW
RegisterShellHookWindow
IsWinEventHookInstalled
GetGUIThreadInfo
EnableMenuItem
FrameRect
IsChild
GetClassLongA
Number of PE resources by type
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
LegalTrademarks
Thunderbird is a Trademark of The Mozilla Foundation.

SubsystemVersion
5.0

Comments
Mozilla Thunderbird Mail and News Client

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.0.0.4326

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Thunderbird

CharacterSet
Unicode

InitializedDataSize
130048

EntryPoint
0xab34

OriginalFileName
thunderbird.exe

MIMEType
application/octet-stream

LegalCopyright
Thunderbird and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.

FileVersion
8.0

TimeStamp
2014:08:11 08:25:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Thunderbird

ProductVersion
8.0

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla Messaging

BuildID
20111105021620

CodeSize
63488

ProductName
Thunderbird

ProductVersionNumber
8.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 79dc95ed991ae6188a48def6988be027
SHA1 1de8427ae5fb6d733750b2b7704286425502ba18
SHA256 68683743ee80e2f62fd9b5a1b5bd7134b9bc37c8dcfb4f3d78357a1f06f83e99
ssdeep
3072:AtI17oxDoYJ4zbY3eC1mjywzHXWEcrRxO/PzIEtDvfe6X2JYHpi4z5tKizedPSuy:97o/4zkOcmrzHB2/O/8Et790YHp/5giD

authentihash d8402668d1a95646f559f62d3470bb2c8c2aef1121adf85035a14e32f2834e7c
imphash 6f6d7eea90543b525fbcb851c5476d7b
File size 190.0 KB ( 194560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-11 18:39:34 UTC ( 3 years, 11 months ago )
Last submission 2014-09-08 21:19:33 UTC ( 3 years, 10 months ago )
File names CSgdGJA.exe
AXwsHOP.exe
Thunderbird
abVdvRv.exe
thunderbird.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs