× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 81531ce5a248aead7cda76dd300f303dafe6f1b7a4c953ca4d7a9a27b5cd6cdf
File name: Firefox
Detection ratio: 44 / 56
Analysis date: 2015-08-17 22:25:11 UTC ( 2 weeks, 4 days ago )
Antivirus Result Update
ALYac Trojan.Generic.7850877 20150817
AVG Agent3.BWED 20150817
AVware Trojan.Win32.Generic!BT 20150817
Ad-Aware Trojan.Generic.7850877 20150817
Agnitum Trojan.Agentb!FQ4xgyZxcmo 20150817
AhnLab-V3 Trojan/Win32.FinSpy 20150817
Antiy-AVL Trojan/Win32.Agentb 20150817
Arcabit Trojan.Generic.D77CB7D 20150817
Avast Win32:FinSpy-B [Trj] 20150817
Avira TR/Dropper.Gen 20150817
Baidu-International Trojan.Win32.Agentb.tz 20150817
BitDefender Trojan.Generic.7850877 20150817
Bkav W32.MantapoE.Trojan 20150817
CMC Trojan.Win32.Agentb!O 20150814
ClamAV Trojan.Belesak 20150817
Comodo TrojWare.Win32.Agentb.TZ 20150817
Cyren W32/Trojan.AHVT-3477 20150817
DrWeb Trojan.KillFiles.9595 20150817
ESET-NOD32 Win32/Belesak.D 20150817
F-Secure Trojan-Spy:W32/FinSpy.A 20150817
GData Trojan.Generic.7850877 20150817
Ikarus Trojan.Win32.Agentb 20150817
K7AntiVirus Trojan ( 003c25771 ) 20150817
K7GW Trojan ( 003c25771 ) 20150817
Kaspersky Trojan.Win32.Agentb.tz 20150817
Kingsoft Win32.Troj.Agentb.tz.(kcloud) 20150817
McAfee Artemis!C488A8AAEF0D 20150817
McAfee-GW-Edition BehavesLike.Win32.Injector.tc 20150817
MicroWorld-eScan Trojan.Generic.7850877 20150817
Microsoft Trojan:Win32/Spinfy.B 20150817
NANO-Antivirus Trojan.Win32.Inject.cwewpx 20150817
Panda Trj/CI.A 20150817
Qihoo-360 Win32/Trojan.a2c 20150817
Rising PE:Trojan.Win32.Generic.12E60756!317065046 20150817
Sophos Troj/FinFish-B 20150817
Symantec Backdoor.Finfish 20150817
TheHacker Trojan/Agentb.tz 20150817
TrendMicro TROJ_SPINFY.A 20150817
TrendMicro-HouseCall TROJ_SPINFY.A 20150817
VBA32 Trojan.Agentb 20150817
VIPRE Trojan.Win32.Generic!BT 20150817
ViRobot Trojan.Win32.A.Agent.1986048.A[h] 20150817
Zillya Trojan.Agentb.Win32.215 20150817
nProtect Trojan/W32.Agent.1986048.I 20150817
AegisLab 20150817
Alibaba 20150817
ByteHero 20150817
CAT-QuickHeal 20150817
F-Prot 20150817
Fortinet 20150813
Jiangmin 20150815
Malwarebytes 20150817
SUPERAntiSpyware 20150817
Tencent 20150817
TotalDefense 20150817
Zoner 20150817
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
©Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.

Publisher Mozilla Corporation
Product Firefox
Original name firefox.exe
Internal name Firefox
File version 1.9.2.15
Description Firefox
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-07-16 15:00:11
Link date 4:00 PM 7/16/2011
Entry Point 0x00005D22
Number of sections 4
PE sections
PE imports
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetLastError
LoadLibraryW
GlobalFree
WaitForSingleObject
GetExitCodeProcess
QueryPerformanceCounter
ExitProcess
GetCurrentProcess
GetWindowsDirectoryW
GetCurrentProcessId
UnhandledExceptionFilter
GetProcAddress
InterlockedCompareExchange
CreateFileMappingW
GetModuleFileNameW
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
GetSystemDirectoryW
InterlockedExchange
SetUnhandledExceptionFilter
GetTempPathW
CloseHandle
GetSystemTimeAsFileTime
GetModuleHandleW
TerminateProcess
ResumeThread
CreateEventW
UnmapViewOfFile
GlobalAlloc
Sleep
GetTickCount
GetCurrentThreadId
GetVersion
VirtualAlloc
GetFileSize
GetModuleFileNameExW
GetDesktopWindow
MessageBoxW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
__wgetmainargs
__p__fmode
memset
_wcsnicmp
_controlfp
_vsnwprintf
_cexit
?terminate@@YAXXZ
__p__commode
_amsg_exit
exit
_XcptFilter
wcsncat
__setusermatherr
_adjust_fdiv
strncat
_wcsicmp
wcsncpy
memcpy
_strnicmp
_initterm
_exit
__set_app_type
RtlUnwind
Number of PE resources by type
RT_ICON 8
RT_DIALOG 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
Debug information
ExifTool file metadata
LegalTrademarks
Firefox is a Trademark of The Mozilla Foundation.

SubsystemVersion
5.0

LinkerVersion
8.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
1.9.2.4079

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Firefox

CharacterSet
Unicode

InitializedDataSize
1960960

EntryPoint
0x5d22

OriginalFileName
firefox.exe

MIMEType
application/octet-stream

LegalCopyright
Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.

FileVersion
1.9.2.15

TimeStamp
2011:07:16 16:00:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Firefox

ProductVersion
3.6.15

UninitializedDataSize
0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla Corporation

BuildID
20110303024726

CodeSize
24064

ProductName
Firefox

ProductVersionNumber
3.6.15.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 c488a8aaef0df577efdf1b501611ec20
SHA1 5ea6ae50063da8354e8500d02d0621f643827346
SHA256 81531ce5a248aead7cda76dd300f303dafe6f1b7a4c953ca4d7a9a27b5cd6cdf
ssdeep
49152:j4XNybwJDejvL6joq2+Sqlk/1jzuUze0uY5nU:EUbwJDc0N21qC9jzuUG

authentihash ac4e8a007c8a2eac4bdf6ad861758c6c139e18cdd28d1ff787a5d9c08b8aa3fe
imphash aeff4e8a82608cbcc3c0eb59c3d646e2
File size 1.9 MB ( 1986048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2011-09-14 18:48:36 UTC ( 3 years, 11 months ago )
Last submission 2014-12-01 04:16:04 UTC ( 9 months, 1 week ago )
File names C488A8AAEF0DF577EFDF1B501611EC20
Firefox
teste.exe
c488a8aaef0df577efdf1b501611ec20.virus
c488a8aaef0df577efdf1b501611ec20.exe
81531ce5a248aead7cda76dd300f303dafe6f1b7a4c953ca4d7a9a27b5cd6cdf
c488a8aaef0df577efdf1b501611ec20
vti-rescan
finspy.exe
firefox.exe
81531CE5A248AEAD7CDA76DD300F303DAFE6F1B7A4C953CA4D7A9A27B5CD6CDF
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!