× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6bf13e974fa2a926264671c23e4ccb5149b676a6594d0faa2baec9d2a853d133
File name: xulrunner
Detection ratio: 15 / 54
Analysis date: 2014-07-10 07:53:27 UTC ( 4 years, 4 months ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.MDA 20140709
AntiVir TR/Dropper.VB.12878 20140710
AVG Luhe.Gen.C 20140710
ByteHero Virus.Win32.Heur.p 20140710
CMC Heur.Win32.Veebee.1!O 20140710
ESET-NOD32 a variant of Generik.ITMKVRE 20140710
Ikarus Win32.SuspectCrc 20140710
Kaspersky Trojan-Spy.Win32.Zbot.tlul 20140710
McAfee PWSZbot-FAAR!BA220B6EF494 20140710
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.C 20140710
Qihoo-360 HEUR/Malware.QVM18.Gen 20140710
Sophos AV Mal/Generic-S 20140710
Symantec WS.Reputation.1 20140710
Tencent Win32.Trojan-spy.Zbot.Lkdm 20140710
TrendMicro-HouseCall TROJ_GEN.F0D1H00G914 20140710
Ad-Aware 20140710
AegisLab 20140710
Yandex 20140709
Antiy-AVL 20140710
Avast 20140710
Baidu-International 20140710
BitDefender 20140710
Bkav 20140709
CAT-QuickHeal 20140710
ClamAV 20140710
Commtouch 20140710
Comodo 20140710
DrWeb 20140710
Emsisoft 20140710
F-Prot 20140710
F-Secure 20140710
Fortinet 20140710
GData 20140710
Jiangmin 20140710
K7AntiVirus 20140709
K7GW 20140709
Kingsoft 20140710
Malwarebytes 20140710
Microsoft 20140710
eScan 20140710
NANO-Antivirus 20140710
Norman 20140710
nProtect 20140709
Panda 20140709
Rising 20140709
SUPERAntiSpyware 20140710
TheHacker 20140708
TotalDefense 20140709
TrendMicro 20140710
VBA32 20140709
VIPRE 20140710
ViRobot 20140710
Zillya 20140709
Zoner 20140708
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
License: MPL 2

Publisher Mozilla Foundation
Product XULRunner
Original name xulrunner-stub.exe
Internal name xulrunner
File version 26.0
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-09 14:04:58
Entry Point 0x000F5DE0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Ord(546)
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
258048

UninitializedDataSize
749568

LinkerVersion
6.0

ImageVersion
2.5

FileSubtype
0

FileVersionNumber
26.0.0.5087

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
8192

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
License: MPL 2

FileVersion
26.0

TimeStamp
2014:07:09 15:04:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
xulrunner

FileAccessDate
2014:07:10 08:51:09+01:00

ProductVersion
26.0

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:07:10 08:51:09+01:00

OriginalFilename
xulrunner-stub.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla Foundation

BuildID
20131205075310

LegalTrademarks
Mozilla

ProductName
XULRunner

ProductVersionNumber
26.0.0.5087

EntryPoint
0xf5de0

ObjectFileType
Dynamic link library

File identification
MD5 a07a2b8dfd7c95cb37e49eff482d54c6
SHA1 08cd089cad7bd27d0834f6dbcc567132f1ccb0d1
SHA256 6bf13e974fa2a926264671c23e4ccb5149b676a6594d0faa2baec9d2a853d133
ssdeep
6144:AANC8Znm/jeuGHqpDzHFdRKev2fW27Q6r6Vaaw4TGooSD:A2LfHqPdEevz2QVQnooSD

imphash 9f965e238de315597d990bf81c19377f
File size 258.0 KB ( 264192 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2014-07-09 18:48:36 UTC ( 4 years, 4 months ago )
Last submission 2014-07-09 18:48:36 UTC ( 4 years, 4 months ago )
File names SPECIFICATIONS.exe
xulrunner
xulrunner-stub.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications