× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6bfa6fc0ae4a59cdcfa14e668c5bb9ae83ab709832b7e0b2fdb8d03866719ab3
File name: 6bfa6fc0ae4a59cdcfa14e668c5bb9ae83ab709832b7e0b2fdb8d03866719ab3.vir
Detection ratio: 40 / 54
Analysis date: 2015-12-19 22:03:57 UTC ( 2 years, 11 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.45523 20151219
Yandex TrojanSpy.Zbot!39PG1l9UxM0 20151219
AhnLab-V3 Trojan/Win32.MDA 20151219
Antiy-AVL Trojan[Spy]/Win32.Zbot 20151219
Arcabit Trojan.Symmi.DB1D3 20151219
Avast Win32:Trojan-gen 20151219
AVG Inject2.AOGE 20151219
Avira (no cloud) TR/Dropper.VB.17865 20151219
AVware Trojan.Win32.Generic.pak!cobra 20151219
Baidu-International Trojan.Win32.Zbot.tntf 20151219
BitDefender Gen:Variant.Symmi.45523 20151219
ByteHero Virus.Win32.Heur.p 20151219
CAT-QuickHeal TrojanPWS.Zbot.r3 20151219
Comodo UnclassifiedMalware 20151219
Cyren W32/Zbot.KAEI-8290 20151219
DrWeb Trojan.PWS.Panda.7278 20151219
Emsisoft Gen:Variant.Symmi.45523 (B) 20151219
ESET-NOD32 Win32/Spy.Zbot.AAO 20151219
F-Prot W32/Zbot.CAY 20151219
F-Secure Gen:Variant.Symmi.45523 20151218
Fortinet W32/Zbot.AAO!tr.spy 20151219
GData Gen:Variant.Symmi.45523 20151219
Ikarus Trojan-Spy.Win32.Zbot 20151219
K7AntiVirus Spyware ( 0029a43a1 ) 20151219
K7GW Spyware ( 0029a43a1 ) 20151219
Kaspersky Trojan-Spy.Win32.Zbot.tntf 20151219
McAfee Generic.dx!D2D7F660A044 20151219
McAfee-GW-Edition BehavesLike.Win32.Autorun.dc 20151219
Microsoft PWS:Win32/Zbot 20151219
eScan Gen:Variant.Symmi.45523 20151219
NANO-Antivirus Trojan.Win32.Zbot.dcyofd 20151219
Panda Trj/CI.A 20151219
Sophos AV Troj/Zbot-IQT 20151219
Symantec Trojan.Zbot 20151217
Tencent Win32.Trojan-spy.Zbot.Wrzz 20151219
TrendMicro TSPY_ZBOT.YVAGF 20151219
TrendMicro-HouseCall TSPY_ZBOT.YVAGF 20151219
VBA32 TrojanSpy.Zbot 20151218
VIPRE Trojan.Win32.Generic.pak!cobra 20151219
Zillya Trojan.Zbot.Win32.160966 20151218
AegisLab 20151219
Alibaba 20151208
Bkav 20151219
ClamAV 20151219
CMC 20151217
Jiangmin 20151219
Malwarebytes 20151219
nProtect 20151218
Rising 20151218
SUPERAntiSpyware 20151219
TheHacker 20151219
TotalDefense 20151219
ViRobot 20151219
Zoner 20151219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
License: MPL 2

Product XULRunner
Original name xulrunner-stub.exe
Internal name xulrunner
File version 26.0
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-15 13:02:03
Entry Point 0x000EEA30
Number of sections 3
PE sections
Overlays
MD5 6f435424e0ab4f20790f097a64697fa4
File type data
Offset 259584
Size 1024
Entropy 7.81
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Ord(546)
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
Mozilla

UninitializedDataSize
720896

LinkerVersion
6.0

ImageVersion
8.8

FileSubtype
0

FileVersionNumber
26.0.0.5087

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4096

EntryPoint
0xeea30

OriginalFileName
xulrunner-stub.exe

MIMEType
application/octet-stream

LegalCopyright
License: MPL 2

FileVersion
26.0

TimeStamp
2014:07:15 14:02:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
xulrunner

ProductVersion
26.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla Foundation

BuildID
20131205075310

CodeSize
258048

ProductName
XULRunner

ProductVersionNumber
26.0.0.5087

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 d2d7f660a044e184833942488804849d
SHA1 4ebeacc587232961f7fee45bfa49ee5e91934d63
SHA256 6bfa6fc0ae4a59cdcfa14e668c5bb9ae83ab709832b7e0b2fdb8d03866719ab3
ssdeep
6144:t4FGDI9uuiYcDc0/QX88FVXbswaScCCzM32WMT5zM9J7ztYUlpoSE4:tAGDUDTOQ/VLjTaNzM9J5foSp

authentihash 948bc28a5b4c63a81e6901a4387ea5d4b0d468b5bc1abf02aca7d1f09d292561
imphash 9f965e238de315597d990bf81c19377f
File size 254.5 KB ( 260608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2014-07-16 22:06:36 UTC ( 4 years, 5 months ago )
Last submission 2015-12-19 22:03:57 UTC ( 2 years, 11 months ago )
File names 6bfa6fc0ae4a59cdcfa14e668c5bb9ae83ab709832b7e0b2fdb8d03866719ab3.vir
xulrunner-stub.exe
sample
DETAILS.exe
d2d7f660a044e184833942488804849d
xulrunner
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!