× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e2b8167bd50a3c8f679d18624bdfab8e71ae9690f41b333e3e876b159fa0e9ac
File name: Thunderbird Setup 38.5.0.exe
Detection ratio: 0 / 54
Analysis date: 2015-12-23 03:29:48 UTC ( 3 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware 20151223
AegisLab 20151222
Yandex 20151220
AhnLab-V3 20151222
Alibaba 20151208
ALYac 20151223
Antiy-AVL 20151223
Arcabit 20151223
Avast 20151223
AVG 20151223
AVware 20151222
Baidu-International 20151222
BitDefender 20151223
Bkav 20151222
ByteHero 20151223
CAT-QuickHeal 20151223
ClamAV 20151222
CMC 20151217
Comodo 20151223
Cyren 20151223
DrWeb 20151223
Emsisoft 20151223
ESET-NOD32 20151223
F-Prot 20151223
F-Secure 20151223
Fortinet 20151223
GData 20151223
Ikarus 20151225
Jiangmin 20151223
K7AntiVirus 20151222
K7GW 20151222
Kaspersky 20151223
Malwarebytes 20151223
McAfee 20151223
McAfee-GW-Edition 20151223
Microsoft 20151223
eScan 20151223
NANO-Antivirus 20151223
nProtect 20151222
Panda 20151222
Qihoo-360 20151223
Rising 20151225
Sophos AV 20151223
SUPERAntiSpyware 20151223
Symantec 20151222
Tencent 20151223
TheHacker 20151223
TrendMicro 20151223
TrendMicro-HouseCall 20151223
VBA32 20151222
VIPRE 20151219
ViRobot 20151223
Zillya 20151221
Zoner 20151223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Mozilla

Product Thunderbird
Original name 7zS.sfx.exe
Internal name 7zS.sfx
File version 4.42
Description Thunderbird
Signature verification Signed file, verified signature
Signing date 1:13 AM 12/22/2015
Signers
[+] Mozilla Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer DigiCert Assured ID Code Signing CA-1
Valid from 12:00 AM 09/17/2013
Valid to 12:00 PM 09/21/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9153980CC186DF478F35229E11C9A7310449A1AA
Serial number 05 11 EA F8 57 9E 26 62 BE 62 2D E5 AE 0C D4 08
[+] DigiCert Assured ID Code Signing CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 01:00 PM 02/11/2011
Valid to 01:00 PM 02/10/2026
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 409AA4A74A0CDA7C0FEE6BD0BB8823D16B5F1875
Serial number 0F A8 49 06 15 D7 00 A0 BE 21 76 FD C5 EC 6D BD
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 01:00 AM 11/10/2006
Valid to 01:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 12:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 01:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 01:00 AM 01/01/1997
Valid to 12:59 AM 01/01/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT NSIS, 7Z, UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-14 16:50:17
Entry Point 0x00021DE0
Number of sections 3
PE sections
Overlays
MD5 9e7909fb2c3e1052a18c84436b2bc9d8
File type data
Offset 70144
Size 34028368
Entropy 8.00
PE imports
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
SysAllocString
ShellExecuteExA
SetTimer
Number of PE resources by type
RT_ICON 9
RT_STRING 2
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
28672

ImageVersion
0.0

ProductName
Thunderbird

FileVersionNumber
4.42.0.0

UninitializedDataSize
94208

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
7zS.sfx.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.42

TimeStamp
2013:06:14 18:50:17+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
7zS.sfx

ProductVersion
4.42

FileDescription
Thunderbird

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Mozilla

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla

CodeSize
40960

FileSubtype
0

ProductVersionNumber
4.42.0.0

EntryPoint
0x21de0

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Compressed bundles
File identification
MD5 3078c43eec55c187298f5284e7b7bad9
SHA1 a1591db5d217d418c2a790d0c336a2566fa51444
SHA256 e2b8167bd50a3c8f679d18624bdfab8e71ae9690f41b333e3e876b159fa0e9ac
ssdeep
786432:UDdo+5iuBQXkP5MfdoVIume8sy3/XAMATOiUx:uTTBQXkRM2mlbvXNJdx

authentihash 0f8b1dad13e0f37d42220da04cb8c18a5433213805c005e1678581df13307a39
imphash 67b717da9ed8a8bd9f572a5820791f0c
File size 32.5 MB ( 34098512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (31.0%)
Win32 EXE Yoda's Crypter (30.4%)
Microsoft Visual C++ compiled executable (generic) (18.9%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
nsis peexe signed upx overlay

VirusTotal metadata
First submission 2015-12-23 03:29:48 UTC ( 3 years, 5 months ago )
Last submission 2019-02-12 11:02:39 UTC ( 3 months, 1 week ago )
File names thunderbird_setup_38.5.0_en-us.exe
7zS.sfx.exe
Thunderbird Setup 38.5.0.exe
Thunderbird Setup 38.5.0(1).exe
Thunderbird Setup 38.5.0.exe
e2b8167bd50a3c8f679d18624bdfab8e71ae9690f41b333e3e876b159fa0e9ac.file
Thunderbird Setup 38.5.0.exe
MozillaThunderbird 38.5.0.exe
thunderbird.exe
Thunderbird Setup 38.5.0.exe
Thunderbird Setup 45.6.0.exe
Mozilla_Thunderbird_v38.5.0-spcs.me.exe
Thunderbird Setup 38.5.0.exe
thunderbird setup 38.5.0.exe
Mozilla_Thunderbird_v38.5.0.exe
Thunderbird Setup 38.5.0.exe
Thunderbird_Setup_38.5.0.exe
786069
7zS.sfx
Mozilla_Thunderbird_v38.5.0 (1 av 53).exe
Thunderbird Setup 38.5.0.exe
target.exe
Thunderbird 38.5.0.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!