× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e7c1b7e7c75cf8ec2dda2ae5b4eb321197b4b5399e0f1a6d6430fd04a9b01651
File name: MozillaFirefox.exe
Detection ratio: 46 / 53
Analysis date: 2016-10-30 20:03:08 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.118409 20161030
AegisLab Troj.W32.Scar.icku!c 20161030
AhnLab-V3 Trojan/Win32.Scar.N1458397954 20161030
Antiy-AVL Trojan/Win32.Scar 20161030
Arcabit Trojan.Zusy.D1CE89 20161030
Avast Win32:Dropper-GUP [Drp] 20161030
AVG Generic23.AFHG 20161030
Avira (no cloud) TR/Patched.Ren.Gen4 20161030
AVware Trojan.Win32.Generic!BT 20161030
Baidu Win32.Worm.Agent.fl 20161029
BitDefender Gen:Variant.Zusy.118409 20161030
CAT-QuickHeal Worm.Macoute.A8 20161029
ClamAV Win.Trojan.Agent-1201096 20161030
Comodo UnclassifiedMalware 20161030
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/A-98aec620!Eldorado 20161030
DrWeb Trojan.DownLoader22.23546 20161030
Emsisoft Gen:Variant.Zusy.118409 (B) 20161030
ESET-NOD32 Win32/Agent.NML 20161030
F-Prot W32/A-98aec620!Eldorado 20161030
F-Secure Gen:Variant.Zusy.118409 20161030
Fortinet W32/Agent.NML!tr 20161030
GData Gen:Variant.Zusy.118409 20161030
Ikarus Trojan.Win32.Scar 20161030
Sophos ML worm.win32.macoute.a 20161018
Jiangmin Trojan/Scar.agsm 20161030
K7AntiVirus Trojan ( 0004ebef1 ) 20161030
K7GW Trojan ( 0004ebef1 ) 20161030
Kaspersky Trojan.Win32.Agentb.bqyr 20161030
Kingsoft Win32.Virut.cr.61440 20161030
Malwarebytes Worm.PasswordStealer 20161030
McAfee GenericRXAH-QS!674FDDABE908 20161030
McAfee-GW-Edition BehavesLike.Win32.Worm.gm 20161030
Microsoft Worm:Win32/Macoute.A 20161030
eScan Gen:Variant.Zusy.118409 20161030
NANO-Antivirus Trojan.Win32.Autoruner1.dsodbf 20161030
nProtect Trojan/W32.Scar.445115 20161028
Panda Trj/Genetic.gen 20161030
Qihoo-360 Win32/Trojan.a66 20161030
Sophos AV Troj/Scar-CM 20161030
Symantec Trojan.Gen 20161030
Tencent Win32.Trojan.Agentb.Wnwp 20161030
TrendMicro-HouseCall WORM_MACOUTE.SMJ1 20161030
VBA32 Trojan.Scar 20161029
VIPRE Trojan.Win32.Generic!BT 20161030
Zillya Trojan.Scar.Win32.54986 20161028
Alibaba 20161028
Bkav 20161030
CMC 20161030
Rising 20161030
SUPERAntiSpyware 20161030
TheHacker 20161029
TotalDefense 20161028
TrendMicro 20161030
ViRobot 20161030
Yandex 20161030
Zoner 20161030
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-04-27 14:16:29
Entry Point 0x000012C0
Number of sections 7
PE sections
PE imports
SetSecurityDescriptorDacl
CryptReleaseContext
RegCloseKey
OpenProcessToken
CryptAcquireContextA
RegSetValueExA
SetSecurityDescriptorGroup
CryptGetHashParam
RegQueryValueExA
InitializeSecurityDescriptor
GetUserNameA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
CryptHashData
RegEnumKeyExA
RegQueryInfoKeyA
SetSecurityDescriptorSacl
CryptDestroyHash
CryptCreateHash
CryptUnprotectData
GetDeviceCaps
GetObjectA
DeleteDC
SelectObject
GetDIBits
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetFilePointer
GetSystemTime
GetLastError
InitializeCriticalSection
GetStdHandle
EnterCriticalSection
ReadFile
UnmapViewOfFile
FileTimeToSystemTime
CreateFileMappingA
GetFileAttributesA
GetFileTime
SetEvent
FreeLibrary
GetThreadTimes
CopyFileA
ExitProcess
SetFileTime
VirtualProtect
GetVersionExA
GetModuleFileNameA
LoadLibraryA
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetVolumeInformationA
GetConsoleMode
lstrlenA
GetCurrentProcessId
CreateDirectoryA
lstrlenW
GetWindowsDirectoryA
MultiByteToWideChar
MapViewOfFile
GetCommandLineA
GetProcAddress
GetSystemInfo
GetCurrentThread
CreateMutexA
IsDBCSLeadByteEx
GetTempPathA
CreateThread
GetOverlappedResult
GetModuleHandleA
LocalFree
FindFirstFileA
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetComputerNameA
FindNextFileA
WaitForMultipleObjects
SetFileAttributesA
GetDriveTypeA
GetSystemTimeAdjustment
GlobalMemoryStatus
QueryPerformanceCounter
WideCharToMultiByte
GetEnvironmentVariableA
SetConsoleMode
lstrcpyA
WaitForSingleObject
VirtualQuery
CreateEventA
FindClose
TlsGetValue
Sleep
GetTickCount
CreateFileA
GetProcessTimes
GetCurrentThreadId
GetFileSize
SetLastError
LeaveCriticalSection
ShellExecuteExA
ShellExecuteA
GetAsyncKeyState
GetCursorPos
GetWindowTextLengthA
GetForegroundWindow
GetMessageA
ReleaseDC
GetQueueStatus
GetCapture
wsprintfA
GetClipboardOwner
GetWindowTextA
FindWindowA
SendMessageA
GetDC
FindCloseUrlCache
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
socket
closesocket
inet_addr
send
WSAStartup
connect
htons
recv
__p__fmode
__p__environ
fclose
strtoul
_fstat
fflush
strtol
fputc
fwrite
fputs
_utime
_close
_isatty
strrchr
perror
_write
memcpy
strstr
memmove
signal
remove
_mkdir
strcmp
strncmp
fgetc
memset
strcat
_stricmp
atexit
_setmode
_chmod
strchr
ftell
exit
sprintf
_unlink
mbstowcs
strcspn
free
__getmainargs
_stat
_vsnprintf
_read
strcpy
__mb_cur_max
strftime
_iob
setlocale
realloc
printf
fopen
strncpy
_cexit
_open
_onexit
wcslen
memcmp
_filbuf
_isctype
_pctype
getenv
atoi
vfprintf
__lc_codepage
_winmajor
localeconv
_setjmp
strspn
localtime
malloc
sscanf
fread
fgets
abort
fprintf
strlen
_strrev
_errno
fseek
sqrt
_strdup
longjmp
calloc
wcstombs
time
_flsbuf
__set_app_type
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2002:04:27 15:16:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
237568

LinkerVersion
2.2

EntryPoint
0x12c0

InitializedDataSize
93696

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
353792

File identification
MD5 674fddabe908daaf6296eb7fbc4f14e1
SHA1 5be710273bd1d02bb0c96efa5fa499b82dc674e5
SHA256 e7c1b7e7c75cf8ec2dda2ae5b4eb321197b4b5399e0f1a6d6430fd04a9b01651
ssdeep
6144:hafsiuvAQ+tTm6cyERSiytj71cWE4jKS6vw:2CvAQ+q6ctRt636WfjOY

authentihash 2beb9e76762b844c36162e85a348131596b6533376285ea949bbbb04891cc4fa
imphash 23b7a2ad6dd5722f5566eaa0d8a348bf
File size 434.7 KB ( 445115 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
Tags
peexe usb-autorun

VirusTotal metadata
First submission 2015-03-07 09:43:36 UTC ( 3 years, 11 months ago )
Last submission 2017-05-23 13:09:26 UTC ( 1 year, 9 months ago )
File names 2me_semaine.exe
startere.exe
MozillaFirefox.exe
com.exe
3acha tamna3 3achara.exe
nahil.exe
dictionaries.exe
Cisco IT Essentials Virtual Desktop.exe
local-skip-cache.exe
acquia_marina.exe
a MIDI (2).exe
Extensions.exe
(2).exe
#10 (All RAW Files).exe
microsoft-international-core.exe
com.google.android.youtube.exe
ringcall (2).exe
0.0.0.1.exe
msn.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.