× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 81531ce5a248aead7cda76dd300f303dafe6f1b7a4c953ca4d7a9a27b5cd6cdf
File name: Firefox
Detection ratio: 54 / 66
Analysis date: 2018-04-02 22:25:27 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.7850877 20180402
AegisLab Troj.W32.Agentb.tz!c 20180402
ALYac Trojan.Generic.7850877 20180402
Antiy-AVL Trojan/Win32.Agentb 20180402
Arcabit Trojan.Generic.D77CB7D 20180402
Avast Win32:FinSpy-B [Trj] 20180402
AVG Win32:FinSpy-B [Trj] 20180402
Avira (no cloud) TR/Dropper.Gen 20180402
AVware Trojan.Win32.Generic!BT 20180402
BitDefender Trojan.Generic.7850877 20180402
Bkav W32.MantapoE.Trojan 20180402
CAT-QuickHeal Trojan.Spinfy 20180402
ClamAV Win.Trojan.Belesak-1 20180402
CMC Trojan.Win32.Agentb!O 20180402
Comodo TrojWare.Win32.Agentb.TZ 20180402
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20170201
Cybereason malicious.aef0df 20180225
Cylance Unsafe 20180402
Cyren W32/Trojan.AHVT-3477 20180402
DrWeb Trojan.KillFiles.9595 20180402
Emsisoft Trojan.Generic.7850877 (B) 20180402
Endgame malicious (moderate confidence) 20180316
ESET-NOD32 Win32/Belesak.D 20180402
F-Secure Trojan-Spy:W32/FinSpy.A 20180402
Fortinet W32/FinFish.B!tr 20180402
GData Trojan.Generic.7850877 20180402
Ikarus Trojan.Win32.Agentb 20180402
Sophos ML heuristic 20180121
K7AntiVirus Trojan ( 003c25771 ) 20180402
K7GW Trojan ( 003c25771 ) 20180402
Kaspersky Trojan.Win32.Agentb.tz 20180402
Kingsoft Win32.Troj.Agentb.tz.(kcloud) 20180402
MAX malware (ai score=100) 20180402
McAfee Artemis!C488A8AAEF0D 20180402
McAfee-GW-Edition BehavesLike.Win32.MysticCompressor.tc 20180402
Microsoft Trojan:Win32/Spinfy.B 20180402
eScan Trojan.Generic.7850877 20180402
NANO-Antivirus Trojan.Win32.Inject.cwewpx 20180402
nProtect Trojan/W32.Agent.1986048.I 20180402
Palo Alto Networks (Known Signatures) generic.ml 20180402
Panda Trj/CI.A 20180402
Qihoo-360 Win32/Trojan.a2c 20180402
Rising Dropper.Generic!8.35E (TFE:5:ysfQHteyX6L) 20180402
Sophos AV Troj/FinFish-B 20180402
Symantec Backdoor.Finfish 20180402
Tencent Win32.Trojan.Agentb.Sxxw 20180402
TheHacker Trojan/Agentb.tz 20180330
TrendMicro TROJ_SPINFY.A 20180402
TrendMicro-HouseCall TROJ_SPINFY.A 20180402
VBA32 TScope.Malware-Cryptor.SB 20180402
VIPRE Trojan.Win32.Generic!BT 20180402
Yandex Trojan.Agentb!FQ4xgyZxcmo 20180331
Zillya Trojan.Agentb.Win32.215 20180402
ZoneAlarm by Check Point Trojan.Win32.Agentb.tz 20180402
AhnLab-V3 20180402
Alibaba 20180402
Avast-Mobile 20180402
Baidu 20180402
eGambit 20180402
F-Prot 20180402
Jiangmin 20180402
Malwarebytes 20180402
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180402
Symantec Mobile Insight 20180401
Trustlook 20180402
ViRobot 20180402
WhiteArmor 20180324
Zoner 20180401
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
©Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.

Product Firefox
Original name firefox.exe
Internal name Firefox
File version 1.9.2.15
Description Firefox
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-07-16 15:00:11
Entry Point 0x00005D22
Number of sections 4
PE sections
PE imports
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetLastError
LoadLibraryW
GlobalFree
WaitForSingleObject
GetExitCodeProcess
QueryPerformanceCounter
ExitProcess
GetCurrentProcess
GetWindowsDirectoryW
GetCurrentProcessId
UnhandledExceptionFilter
GetProcAddress
InterlockedCompareExchange
CreateFileMappingW
GetModuleFileNameW
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
GetSystemDirectoryW
InterlockedExchange
SetUnhandledExceptionFilter
GetTempPathW
CloseHandle
GetSystemTimeAsFileTime
GetModuleHandleW
TerminateProcess
ResumeThread
CreateEventW
UnmapViewOfFile
GlobalAlloc
Sleep
GetTickCount
GetCurrentThreadId
GetVersion
VirtualAlloc
GetFileSize
GetModuleFileNameExW
GetDesktopWindow
MessageBoxW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
__wgetmainargs
__p__fmode
memset
_wcsnicmp
_controlfp
_vsnwprintf
_cexit
?terminate@@YAXXZ
__p__commode
_amsg_exit
exit
_XcptFilter
wcsncat
__setusermatherr
_adjust_fdiv
strncat
_wcsicmp
wcsncpy
memcpy
_strnicmp
_initterm
_exit
__set_app_type
RtlUnwind
Number of PE resources by type
RT_ICON 8
RT_DIALOG 2
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 13
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Firefox is a Trademark of The Mozilla Foundation.

SubsystemVersion
5.0

LinkerVersion
8.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
1.9.2.4079

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Firefox

CharacterSet
Unicode

InitializedDataSize
1960960

EntryPoint
0x5d22

OriginalFileName
firefox.exe

MIMEType
application/octet-stream

LegalCopyright
Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.

FileVersion
1.9.2.15

TimeStamp
2011:07:16 16:00:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Firefox

ProductVersion
3.6.15

UninitializedDataSize
0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla Corporation

BuildID
20110303024726

CodeSize
24064

ProductName
Firefox

ProductVersionNumber
3.6.15.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 c488a8aaef0df577efdf1b501611ec20
SHA1 5ea6ae50063da8354e8500d02d0621f643827346
SHA256 81531ce5a248aead7cda76dd300f303dafe6f1b7a4c953ca4d7a9a27b5cd6cdf
ssdeep
49152:j4XNybwJDejvL6joq2+Sqlk/1jzuUze0uY5nU:EUbwJDc0N21qC9jzuUG

authentihash ac4e8a007c8a2eac4bdf6ad861758c6c139e18cdd28d1ff787a5d9c08b8aa3fe
imphash aeff4e8a82608cbcc3c0eb59c3d646e2
File size 1.9 MB ( 1986048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2011-09-14 18:48:36 UTC ( 6 years, 8 months ago )
Last submission 2018-04-02 22:25:27 UTC ( 1 month, 3 weeks ago )
File names C488A8AAEF0DF577EFDF1B501611EC20
Firefox
aa
teste.exe
c488a8aaef0df577efdf1b501611ec20.virus
c488a8aaef0df577efdf1b501611ec20.exe
81531ce5a248aead7cda76dd300f303dafe6f1b7a4c953ca4d7a9a27b5cd6cdf
c488a8aaef0df577efdf1b501611ec20
vti-rescan
finspy.exe
firefox.exe
PiYRxm3cfc.bz2
81531CE5A248AEAD7CDA76DD300F303DAFE6F1B7A4C953CA4D7A9A27B5CD6CDF
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!