× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 81531ce5a248aead7cda76dd300f303dafe6f1b7a4c953ca4d7a9a27b5cd6cdf
File name: Firefox
Detection ratio: 45 / 55
Analysis date: 2014-12-04 06:41:43 UTC ( 2 months, 3 weeks ago )
Antivirus Result Update
ALYac Trojan.Generic.7850877 20141204
AVG Agent3.BWED 20141203
AVware Trojan.Win32.Generic!BT 20141204
Ad-Aware Trojan.Generic.7850877 20141204
Agnitum Trojan.Agentb!FQ4xgyZxcmo 20141203
AhnLab-V3 Trojan/Win32.FinSpy 20141203
Antiy-AVL Trojan/Win32.Agentb 20141204
Avast Win32:FinSpy-B [Trj] 20141204
Avira TR/Dropper.Gen 20141204
Baidu-International Trojan.Win32.Agent.ao 20141203
BitDefender Trojan.Generic.7850877 20141204
Bkav W32.MantapoE.Trojan 20141204
CAT-QuickHeal Trojan.Agent.g4 20141204
CMC Trojan.Win32.Agentb!O 20141204
Comodo TrojWare.Win32.Agentb.TZ 20141204
Cyren W32/Trojan.AHVT-3477 20141204
DrWeb Trojan.KillFiles.9595 20141204
ESET-NOD32 Win32/Belesak.D 20141204
F-Secure Trojan-Spy:W32/FinSpy.A 20141204
GData Trojan.Generic.7850877 20141204
Ikarus Trojan.Win32.Agentb 20141204
K7AntiVirus Trojan ( 003c25771 ) 20141203
K7GW Trojan ( 003c25771 ) 20141204
Kaspersky Trojan.Win32.Agentb.tz 20141204
Kingsoft Win32.Troj.Agentb.tz.(kcloud) 20141204
McAfee Artemis!C488A8AAEF0D 20141204
McAfee-GW-Edition BehavesLike.Win32.Trojan.tc 20141203
MicroWorld-eScan Trojan.Generic.7850877 20141204
Microsoft Trojan:Win32/Spinfy.B 20141204
NANO-Antivirus Trojan.Win32.Inject.cwewpx 20141204
Norman FinSpy.B 20141203
Panda Trj/CI.A 20141203
Qihoo-360 Win32/Trojan.a2c 20141204
Rising PE:Trojan.Win32.Generic.12E60756!317065046 20141203
Sophos Troj/FinFish-B 20141204
Symantec Backdoor.Finfish 20141204
Tencent Win32.Trojan.Agentb.Sxxw 20141204
TheHacker Trojan/Agentb.tz 20141201
TrendMicro TROJ_SPINFY.A 20141204
TrendMicro-HouseCall TROJ_SPINFY.A 20141204
VBA32 Trojan.Agentb 20141203
VIPRE Trojan.Win32.Generic!BT 20141204
ViRobot Trojan.Win32.A.Agent.1986048.A 20141204
Zillya Trojan.Agentb.Win32.215 20141203
nProtect Trojan/W32.Agent.1986048.I 20141203
AegisLab 20141204
ByteHero 20141204
ClamAV 20141204
F-Prot 20141204
Fortinet 20141204
Jiangmin 20141203
Malwarebytes 20141204
SUPERAntiSpyware 20141204
TotalDefense 20141203
Zoner 20141127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
©Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.

Publisher Mozilla Corporation
Product Firefox
Original name firefox.exe
Internal name Firefox
File version 1.9.2.15
Description Firefox
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-07-16 15:00:11
Link date 4:00 PM 7/16/2011
Entry Point 0x00005D22
Number of sections 4
PE sections
PE imports
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetLastError
LoadLibraryW
GlobalFree
WaitForSingleObject
GetExitCodeProcess
QueryPerformanceCounter
ExitProcess
GetCurrentProcess
GetWindowsDirectoryW
GetCurrentProcessId
UnhandledExceptionFilter
GetProcAddress
InterlockedCompareExchange
CreateFileMappingW
GetModuleFileNameW
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
GetSystemDirectoryW
InterlockedExchange
SetUnhandledExceptionFilter
GetTempPathW
CloseHandle
GetSystemTimeAsFileTime
GetModuleHandleW
TerminateProcess
ResumeThread
CreateEventW
UnmapViewOfFile
GlobalAlloc
Sleep
GetTickCount
GetCurrentThreadId
GetVersion
VirtualAlloc
GetFileSize
GetModuleFileNameExW
GetDesktopWindow
MessageBoxW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
__wgetmainargs
__p__fmode
memset
_wcsnicmp
_controlfp
_vsnwprintf
_cexit
?terminate@@YAXXZ
__p__commode
_amsg_exit
exit
_XcptFilter
wcsncat
__setusermatherr
_adjust_fdiv
strncat
_wcsicmp
wcsncpy
memcpy
_strnicmp
_initterm
_exit
__set_app_type
RtlUnwind
Number of PE resources by type
RT_ICON 8
RT_DIALOG 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
ExifTool file metadata
CodeSize
24064

SubsystemVersion
5.0

LinkerVersion
8.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
1.9.2.4079

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Firefox

CharacterSet
Unicode

InitializedDataSize
1960960

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.

FileVersion
1.9.2.15

TimeStamp
2011:07:16 16:00:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Firefox

FileAccessDate
2014:12:04 07:44:58+01:00

ProductVersion
3.6.15

UninitializedDataSize
0

OSVersion
6.0

FileCreateDate
2014:12:04 07:44:58+01:00

OriginalFilename
firefox.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla Corporation

BuildID
20110303024726

LegalTrademarks
Firefox is a Trademark of The Mozilla Foundation.

ProductName
Firefox

ProductVersionNumber
3.6.15.0

EntryPoint
0x5d22

ObjectFileType
Dynamic link library

File identification
MD5 c488a8aaef0df577efdf1b501611ec20
SHA1 5ea6ae50063da8354e8500d02d0621f643827346
SHA256 81531ce5a248aead7cda76dd300f303dafe6f1b7a4c953ca4d7a9a27b5cd6cdf
ssdeep
49152:j4XNybwJDejvL6joq2+Sqlk/1jzuUze0uY5nU:EUbwJDc0N21qC9jzuUG

authentihash ac4e8a007c8a2eac4bdf6ad861758c6c139e18cdd28d1ff787a5d9c08b8aa3fe
imphash aeff4e8a82608cbcc3c0eb59c3d646e2
File size 1.9 MB ( 1986048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2011-09-14 18:48:36 UTC ( 3 years, 5 months ago )
Last submission 2014-12-01 04:16:04 UTC ( 2 months, 4 weeks ago )
File names C488A8AAEF0DF577EFDF1B501611EC20
Firefox
teste.exe
c488a8aaef0df577efdf1b501611ec20.virus
c488a8aaef0df577efdf1b501611ec20.exe
81531ce5a248aead7cda76dd300f303dafe6f1b7a4c953ca4d7a9a27b5cd6cdf
c488a8aaef0df577efdf1b501611ec20
vti-rescan
finspy.exe
firefox.exe
81531CE5A248AEAD7CDA76DD300F303DAFE6F1B7A4C953CA4D7A9A27B5CD6CDF
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!