× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eb06f4146a8e798d979aa8f6a11bd850705d31c52d7cb04a0229579c586034b9
File name: Firefox_Setup_21.0.exe
Detection ratio: 24 / 55
Analysis date: 2015-10-24 15:23:59 UTC ( 7 months ago )
Antivirus Result Update
AVG Generic5.BDFX 20151025
AVware InstallCore (fs) 20151025
Yandex PUA.InstallCore! 20151025
Avast Win32:Adware-gen [Adw] 20151025
Avira (no cloud) ADWARE/InstallCo.HK 20151025
Comodo ApplicUnwnt 20151025
Cyren W32/A-dbe1ec51!Eldorado 20151025
DrWeb Trojan.Crossrider1.49350 20151025
ESET-NOD32 Win32/InstallCore.BL potentially unwanted 20151025
F-Prot W32/A-dbe1ec51!Eldorado 20151025
GData Win32.Application.InstallCore.CJ 20151025
Ikarus PUA.SoftwareBundler 20151025
K7AntiVirus Unwanted-Program ( 004a9cdd1 ) 20151025
K7GW Unwanted-Program ( 004a9cdd1 ) 20151025
McAfee Artemis!20DFCEF31256 20151025
McAfee-GW-Edition Artemis 20151025
NANO-Antivirus Riskware.Win32.InstallCore.dddwtb 20151025
Qihoo-360 Win32/Virus.Adware.065 20151025
Rising PE:Malware.InstallCore!6.4[F1] 20151024
SUPERAntiSpyware PUP.InstallCore/Variant 20151024
Sophos Install Core (PUA) 20151025
Symantec SAPE.Heur.53a0 20151025
VBA32 Downware.InstallCore 20151023
VIPRE InstallCore (fs) 20151025
Ad-Aware 20151025
AegisLab 20151025
AhnLab-V3 20151025
Alibaba 20151023
Antiy-AVL 20151025
Arcabit 20151025
Baidu-International 20151025
BitDefender 20151025
Bkav 20151025
ByteHero 20151025
CAT-QuickHeal 20151024
CMC 20151021
ClamAV 20151025
Emsisoft 20151025
F-Secure 20151023
Fortinet 20151025
Jiangmin 20151024
Kaspersky 20151025
Malwarebytes 20151025
eScan 20151025
Microsoft 20151025
Panda 20151025
Tencent 20151025
TheHacker 20151025
TotalDefense 20151025
TrendMicro 20151025
TrendMicro-HouseCall 20151025
ViRobot 20151025
Zillya 20151025
Zoner 20151025
nProtect 20151023
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000098CC
Number of sections 8
PE sections
Overlays
MD5 2b955617ae832e6c984e9f9e169859b7
File type data
Offset 71168
Size 546440
Entropy 7.90
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 11
ENGLISH US 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
33280

SubsystemVersion
4.0

EntryPoint
0x98cc

OSVersion
1.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 20dfcef31256c86b888b9eee0bf8be1d
SHA1 6d7bccddde8c7d67104af0bb507bf84bd17b1ad0
SHA256 eb06f4146a8e798d979aa8f6a11bd850705d31c52d7cb04a0229579c586034b9
ssdeep
12288:WCyMJfsFJHCmVDYUGr3gHRV0k+Ts+MleJ3RddPbrwDUUfezUImxQK7:WCyMJfsHi0YLr3gA8le/PnwDr2zc

authentihash 4d57158d15dd9378f3273161ee0d97bceb95aa5b7fdbab3843557edd4ffad55a
imphash 884310b1928934402ea6fec1dbd3cf5e
File size 603.1 KB ( 617608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Delphi generic (45.2%)
Win32 Dynamic Link Library (generic) (20.9%)
Win32 Executable (generic) (14.3%)
Win16/32 Executable Delphi generic (6.6%)
Generic Win/DOS Executable (6.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-06-21 09:56:56 UTC ( 2 years, 11 months ago )
Last submission 2013-06-21 09:56:56 UTC ( 2 years, 11 months ago )
File names Firefox_Setup_21.0.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Code injections in the following processes
Terminated processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections