× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 81531ce5a248aead7cda76dd300f303dafe6f1b7a4c953ca4d7a9a27b5cd6cdf
File name: firefox.exe
Detection ratio: 34 / 44
Analysis date: 2013-05-02 06:33:25 UTC ( 11 months, 3 weeks ago )
Antivirus Result Update
AVG Agent3.BWED 20130502
Agnitum Trojan.Agentb!FQ4xgyZxcmo 20130501
AntiVir TR/Crypt.ZPACK.Gen 20130502
Avast Win32:FinSpy-B [Trj] 20130502
BitDefender Trojan.Generic.7850877 20130502
Commtouch W32/Backdoor.AHVT-3477 20130502
Comodo TrojWare.Win32.Agentb.TZ 20130502
DrWeb Trojan.KillFiles.9595 20130502
ESET-NOD32 a variant of Win32/Belesak.D 20130501
Emsisoft Trojan.Generic.7850877 (B) 20130502
F-Secure Trojan-Spy:W32/FinSpy.A 20130502
GData Trojan.Generic.7850877 20130502
Ikarus Trojan.Win32.Agent 20130502
K7AntiVirus Trojan 20130430
K7GW Trojan 20130430
Kaspersky Trojan.Win32.Agentb.tz 20130502
Kingsoft Win32.Troj.Agentb.tz.(kcloud) 20130502
Malwarebytes Trojan.Agent 20130502
McAfee Artemis!C488A8AAEF0D 20130502
McAfee-GW-Edition Artemis!C488A8AAEF0D 20130502
MicroWorld-eScan Trojan.Generic.7850877 20130502
Microsoft Trojan:Win32/Spinfy.B 20130502
NANO-Antivirus Trojan.Win32.Agentb.ylche 20130502
PCTools Trojan.Generic!sd6 20130502
Panda Trj/CI.A 20130501
Sophos Troj/FinFish-B 20130502
Symantec Backdoor.Finfish 20130502
TheHacker Trojan/Agentb.tz 20130502
TrendMicro TROJ_SPINFY.A 20130502
TrendMicro-HouseCall TROJ_GEN.RCBH1IR 20130502
VBA32 Trojan.Agentb 20130430
VIPRE Trojan.Win32.Generic!BT 20130502
ViRobot Trojan.Win32.A.Agent.1986048.A 20130502
nProtect Trojan/W32.Agent.1986048.I 20130502
AhnLab-V3 20130501
Antiy-AVL 20130502
ByteHero 20130425
CAT-QuickHeal 20130502
ClamAV 20130502
F-Prot 20130502
Jiangmin 20130502
SUPERAntiSpyware 20130502
TotalDefense 20130501
eSafe 20130501
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
(c)Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.

Publisher Mozilla Corporation
Product Firefox
Original name firefox.exe
Internal name Firefox
File version 1.9.2.15
Description Firefox
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-07-16 15:00:11
Entry Point 0x00005D22
Number of sections 4
PE sections
PE imports
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetLastError
LoadLibraryW
GlobalFree
WaitForSingleObject
GetExitCodeProcess
QueryPerformanceCounter
ExitProcess
GetCurrentProcess
GetWindowsDirectoryW
GetCurrentProcessId
UnhandledExceptionFilter
GetProcAddress
InterlockedCompareExchange
CreateFileMappingW
GetModuleFileNameW
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
GetSystemDirectoryW
InterlockedExchange
SetUnhandledExceptionFilter
GetTempPathW
CloseHandle
GetSystemTimeAsFileTime
GetModuleHandleW
TerminateProcess
ResumeThread
CreateEventW
UnmapViewOfFile
GlobalAlloc
Sleep
GetTickCount
GetCurrentThreadId
GetVersion
VirtualAlloc
GetFileSize
GetModuleFileNameExW
GetDesktopWindow
MessageBoxW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
__wgetmainargs
__p__fmode
memset
_wcsnicmp
_controlfp
_vsnwprintf
_cexit
?terminate@@YAXXZ
__p__commode
_amsg_exit
exit
_XcptFilter
wcsncat
__setusermatherr
_adjust_fdiv
strncat
_wcsicmp
wcsncpy
memcpy
_strnicmp
_initterm
_exit
__set_app_type
RtlUnwind
Number of PE resources by type
RT_ICON 8
RT_DIALOG 2
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 13
ExifTool file metadata
LegalTrademarks
Firefox is a Trademark of The Mozilla Foundation.

SubsystemVersion
5.0

LinkerVersion
8.0

ImageVersion
6.0

ProductName
Firefox

FileVersionNumber
1.9.2.4079

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
1960960

OriginalFilename
firefox.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.9.2.15

TimeStamp
2011:07:16 16:00:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Firefox

FileAccessDate
2013:05:02 07:33:38+01:00

ProductVersion
3.6.15

FileDescription
Firefox

OSVersion
6.0

FileCreateDate
2013:05:02 07:33:38+01:00

FileOS
Win32

LegalCopyright
Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla Corporation

BuildID
20110303024726

CodeSize
24064

FileSubtype
0

ProductVersionNumber
3.6.15.0

EntryPoint
0x5d22

ObjectFileType
Dynamic link library

File identification
MD5 c488a8aaef0df577efdf1b501611ec20
SHA1 5ea6ae50063da8354e8500d02d0621f643827346
SHA256 81531ce5a248aead7cda76dd300f303dafe6f1b7a4c953ca4d7a9a27b5cd6cdf
ssdeep
49152:j4XNybwJDejvL6joq2+Sqlk/1jzuUze0uY5nU:EUbwJDc0N21qC9jzuUG

File size 1.9 MB ( 1986048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (74.7%)
Win32 Executable (generic) (15.6%)
Generic Win/DOS Executable (4.7%)
DOS Executable Generic (4.7%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe mz

VirusTotal metadata
First submission 2011-09-14 18:48:36 UTC ( 2 years, 7 months ago )
Last submission 2013-05-02 06:33:25 UTC ( 11 months, 3 weeks ago )
File names C488A8AAEF0DF577EFDF1B501611EC20
Firefox
teste.exe
c488a8aaef0df577efdf1b501611ec20.virus
81531ce5a248aead7cda76dd300f303dafe6f1b7a4c953ca4d7a9a27b5cd6cdf
c488a8aaef0df577efdf1b501611ec20
vti-rescan
finspy.exe
firefox.exe
81531CE5A248AEAD7CDA76DD300F303DAFE6F1B7A4C953CA4D7A9A27B5CD6CDF
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!