× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b1620d4828c0234f960445f1c09c34db66810583d75937210758d277edc868b0
File name: 7zS.sfx
Detection ratio: 1 / 68
Analysis date: 2018-06-06 00:02:46 UTC ( 9 months, 2 weeks ago )
Antivirus Result Update
TrendMicro HEUR_HTJS.HDJSFN 20180605
Ad-Aware 20180605
AegisLab 20180605
AhnLab-V3 20180605
Alibaba 20180604
ALYac 20180605
Antiy-AVL 20180606
Arcabit 20180605
Avast 20180605
Avast-Mobile 20180606
AVG 20180605
Avira (no cloud) 20180606
AVware 20180605
Babable 20180406
Baidu 20180605
BitDefender 20180605
Bkav 20180605
CAT-QuickHeal 20180605
ClamAV 20180605
CMC 20180605
Comodo 20180606
CrowdStrike Falcon (ML) 20180202
Cybereason
Cylance 20180606
Cyren 20180605
DrWeb 20180605
eGambit 20180606
Emsisoft 20180605
Endgame 20180507
ESET-NOD32 20180605
F-Prot 20180605
F-Secure 20180605
Fortinet 20180605
GData 20180605
Ikarus 20180605
Sophos ML 20180601
Jiangmin 20180605
K7AntiVirus 20180605
K7GW 20180605
Kaspersky 20180605
Kingsoft 20180606
Malwarebytes 20180605
MAX 20180606
McAfee 20180605
McAfee-GW-Edition 20180605
Microsoft 20180605
eScan 20180605
NANO-Antivirus 20180605
Palo Alto Networks (Known Signatures) 20180606
Panda 20180605
Qihoo-360 20180606
Rising 20180605
SentinelOne (Static ML) 20180225
Sophos AV 20180606
SUPERAntiSpyware 20180606
Symantec 20180606
Symantec Mobile Insight 20180605
TACHYON 20180605
Tencent 20180606
TheHacker 20180606
TotalDefense 20180605
TrendMicro-HouseCall 20180605
Trustlook 20180606
VBA32 20180605
VIPRE 20180605
ViRobot 20180605
Webroot 20180606
Yandex 20180529
Zillya 20180605
ZoneAlarm by Check Point 20180605
Zoner 20180606
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Mozilla

Product Thunderbird
Original name 7zS.sfx.exe
Internal name 7zS.sfx
File version 4.42
Description Thunderbird
Signature verification Signed file, verified signature
Signing date 5:25 PM 8/13/2015
Signers
[+] Mozilla Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer DigiCert Assured ID Code Signing CA-1
Valid from 1:00 AM 9/17/2013
Valid to 1:00 PM 9/21/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9153980CC186DF478F35229E11C9A7310449A1AA
Serial number 05 11 EA F8 57 9E 26 62 BE 62 2D E5 AE 0C D4 08
[+] DigiCert Assured ID Code Signing CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 PM 2/11/2011
Valid to 1:00 PM 2/10/2026
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 409AA4A74A0CDA7C0FEE6BD0BB8823D16B5F1875
Serial number 0F A8 49 06 15 D7 00 A0 BE 21 76 FD C5 EC 6D BD
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT NSIS, Unicode, appended, 7Z, UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-14 16:50:17
Entry Point 0x00021DE0
Number of sections 3
PE sections
Overlays
MD5 79ea453df103dd70bddec15b9b509b9f
File type data
Offset 70144
Size 33947928
Entropy 8.00
PE imports
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
SysAllocString
ShellExecuteExA
SetTimer
Number of PE resources by type
RT_ICON 9
RT_STRING 2
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.42.0.0

UninitializedDataSize
94208

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
28672

EntryPoint
0x21de0

OriginalFileName
7zS.sfx.exe

MIMEType
application/octet-stream

LegalCopyright
Mozilla

FileVersion
4.42

TimeStamp
2013:06:14 17:50:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
7zS.sfx

ProductVersion
4.42

FileDescription
Thunderbird

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla

CodeSize
40960

ProductName
Thunderbird

ProductVersionNumber
4.42.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
File identification
MD5 af0db1f2525d9145243357b37b9ba3c5
SHA1 8c1d06ccd580fcb818ca03603a4eee7fcb65cd52
SHA256 b1620d4828c0234f960445f1c09c34db66810583d75937210758d277edc868b0
ssdeep
786432:y0yEpYBzHZgNo89TtINKdrtvplqD2SvaDXRjwMPNe1d9:yWW9gNo89t6KdrdplVmaDX5HPNez9

authentihash c7dd7b1f4e14bcabbf25e532e274fedeeab881310c5f546cd5f48d3790154374
imphash 67b717da9ed8a8bd9f572a5820791f0c
File size 32.4 MB ( 34018072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
nsis peexe signed upx overlay

VirusTotal metadata
First submission 2015-08-14 21:30:33 UTC ( 3 years, 7 months ago )
Last submission 2017-08-11 15:21:03 UTC ( 1 year, 7 months ago )
File names Thunderbird Setup 38.2.0.exe
Thunderbird Setup 38.2.0 (2).exe
Thunderbird_Setup_38.2.0.exe
Thunderbird Setup 38.2.0.exe
thunderbird.exe
thunderbird_setup_38.2.0.exe
Thunderbird Setup 38.2.0_EN.exe
7zS.sfx.exe
Thunderbird Setup 38.2.0.exe
7zS.sfx
Thunderbird Setup 38.2.0 (1).exe
Thunderbird Setup 38.2.0.exe
thunderbird_setup_38.2.0_enu.exe
Thunderbird Setup 38.2.0.exe
Thunderbird Setup 38.2.0.exe
target.exe
thunderbird.exe
Mozilla_Thunderbird_v38.2.0.exe
Thunderbird Setup 38.2.0.exe
thunderbird_setup_38.2.0_en-us.exe
Thunderbird 38.2.0.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!