× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 81531ce5a248aead7cda76dd300f303dafe6f1b7a4c953ca4d7a9a27b5cd6cdf
File name: Firefox
Detection ratio: 45 / 57
Analysis date: 2015-03-04 08:57:38 UTC ( 4 months ago )
Antivirus Result Update
ALYac Trojan.Generic.7850877 20150304
AVG Agent3.BWED 20150304
AVware Trojan.Win32.Generic!BT 20150304
Ad-Aware Trojan.Generic.7850877 20150304
Agnitum Trojan.Agentb!FQ4xgyZxcmo 20150228
AhnLab-V3 Trojan/Win32.FinSpy 20150303
Antiy-AVL Trojan/Win32.Agentb 20150304
Avast Win32:FinSpy-B [Trj] 20150304
Avira TR/Dropper.Gen 20150304
Baidu-International Trojan.Win32.Agentb.tz 20150304
BitDefender Trojan.Generic.7850877 20150304
Bkav W32.MantapoE.Trojan 20150303
CMC Trojan.Win32.Agentb!O 20150304
Comodo TrojWare.Win32.Agentb.TZ 20150304
Cyren W32/Trojan.AHVT-3477 20150304
DrWeb Trojan.KillFiles.9595 20150304
ESET-NOD32 Win32/Belesak.D 20150304
Emsisoft Trojan.Generic.7850877 (B) 20150304
F-Secure Trojan-Spy:W32/FinSpy.A 20150304
GData Trojan.Generic.7850877 20150304
Ikarus Trojan.Win32.Agentb 20150304
K7AntiVirus Trojan ( 003c25771 ) 20150304
K7GW Trojan ( 003c25771 ) 20150304
Kaspersky Trojan.Win32.Agentb.tz 20150304
Kingsoft Win32.Troj.Agentb.tz.(kcloud) 20150304
McAfee Artemis!C488A8AAEF0D 20150304
McAfee-GW-Edition BehavesLike.Win32.Trojan.tc 20150304
MicroWorld-eScan Trojan.Generic.7850877 20150304
Microsoft Trojan:Win32/Spinfy.B 20150304
NANO-Antivirus Trojan.Win32.Inject.cwewpx 20150304
Norman FinSpy.B 20150304
Panda Trj/CI.A 20150303
Qihoo-360 Win32/Trojan.a2c 20150304
Rising PE:Trojan.Win32.Generic.12E60756!317065046 20150303
Sophos Troj/FinFish-B 20150304
Symantec Backdoor.Finfish 20150304
Tencent Win32.Trojan.Agentb.Sxxw 20150304
TheHacker Trojan/Agentb.tz 20150303
TrendMicro TROJ_SPINFY.A 20150304
TrendMicro-HouseCall TROJ_SPINFY.A 20150304
VBA32 Trojan.Agentb 20150303
VIPRE Trojan.Win32.Generic!BT 20150304
ViRobot Trojan.Win32.A.Agent.1986048.A[h] 20150304
Zillya Trojan.Agentb.Win32.215 20150303
nProtect Trojan/W32.Agent.1986048.I 20150304
AegisLab 20150304
Alibaba 20150304
ByteHero 20150304
CAT-QuickHeal 20150304
ClamAV 20150304
F-Prot 20150304
Fortinet 20150304
Jiangmin 20150303
Malwarebytes 20150304
SUPERAntiSpyware 20150303
TotalDefense 20150303
Zoner 20150303
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
©Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.

Publisher Mozilla Corporation
Product Firefox
Original name firefox.exe
Internal name Firefox
File version 1.9.2.15
Description Firefox
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-07-16 15:00:11
Link date 4:00 PM 7/16/2011
Entry Point 0x00005D22
Number of sections 4
PE sections
PE imports
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetLastError
LoadLibraryW
GlobalFree
WaitForSingleObject
GetExitCodeProcess
QueryPerformanceCounter
ExitProcess
GetCurrentProcess
GetWindowsDirectoryW
GetCurrentProcessId
UnhandledExceptionFilter
GetProcAddress
InterlockedCompareExchange
CreateFileMappingW
GetModuleFileNameW
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
GetSystemDirectoryW
InterlockedExchange
SetUnhandledExceptionFilter
GetTempPathW
CloseHandle
GetSystemTimeAsFileTime
GetModuleHandleW
TerminateProcess
ResumeThread
CreateEventW
UnmapViewOfFile
GlobalAlloc
Sleep
GetTickCount
GetCurrentThreadId
GetVersion
VirtualAlloc
GetFileSize
GetModuleFileNameExW
GetDesktopWindow
MessageBoxW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
__wgetmainargs
__p__fmode
memset
_wcsnicmp
_controlfp
_vsnwprintf
_cexit
?terminate@@YAXXZ
__p__commode
_amsg_exit
exit
_XcptFilter
wcsncat
__setusermatherr
_adjust_fdiv
strncat
_wcsicmp
wcsncpy
memcpy
_strnicmp
_initterm
_exit
__set_app_type
RtlUnwind
Number of PE resources by type
RT_ICON 8
RT_DIALOG 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
ExifTool file metadata
LegalTrademarks
Firefox is a Trademark of The Mozilla Foundation.

UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
1.9.2.4079

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
1960960

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.

FileVersion
1.9.2.15

TimeStamp
2011:07:16 16:00:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Firefox

SubsystemVersion
5.0

ProductVersion
3.6.15

FileDescription
Firefox

OSVersion
6.0

OriginalFilename
firefox.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla Corporation

BuildID
20110303024726

CodeSize
24064

ProductName
Firefox

ProductVersionNumber
3.6.15.0

EntryPoint
0x5d22

ObjectFileType
Dynamic link library

File identification
MD5 c488a8aaef0df577efdf1b501611ec20
SHA1 5ea6ae50063da8354e8500d02d0621f643827346
SHA256 81531ce5a248aead7cda76dd300f303dafe6f1b7a4c953ca4d7a9a27b5cd6cdf
ssdeep
49152:j4XNybwJDejvL6joq2+Sqlk/1jzuUze0uY5nU:EUbwJDc0N21qC9jzuUG

authentihash ac4e8a007c8a2eac4bdf6ad861758c6c139e18cdd28d1ff787a5d9c08b8aa3fe
imphash aeff4e8a82608cbcc3c0eb59c3d646e2
File size 1.9 MB ( 1986048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2011-09-14 18:48:36 UTC ( 3 years, 9 months ago )
Last submission 2014-12-01 04:16:04 UTC ( 7 months ago )
File names C488A8AAEF0DF577EFDF1B501611EC20
Firefox
teste.exe
c488a8aaef0df577efdf1b501611ec20.virus
c488a8aaef0df577efdf1b501611ec20.exe
81531ce5a248aead7cda76dd300f303dafe6f1b7a4c953ca4d7a9a27b5cd6cdf
c488a8aaef0df577efdf1b501611ec20
vti-rescan
finspy.exe
firefox.exe
81531CE5A248AEAD7CDA76DD300F303DAFE6F1B7A4C953CA4D7A9A27B5CD6CDF
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!