× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eb06f4146a8e798d979aa8f6a11bd850705d31c52d7cb04a0229579c586034b9
File name: Firefox_Setup_21.0.exe
Detection ratio: 4 / 47
Analysis date: 2013-06-21 09:56:56 UTC ( 10 months, 1 week ago )
Antivirus Result Update
DrWeb Adware.InstallCore.86 20130621
ESET-NOD32 Win32/InstallCore.BL 20130621
Sophos Install Core 20130621
VIPRE InstallCore (fs) 20130621
AVG 20130621
Agnitum 20130620
AhnLab-V3 20130620
AntiVir 20130621
Antiy-AVL 20130621
Avast 20130621
BitDefender 20130621
ByteHero 20130613
CAT-QuickHeal 20130621
ClamAV 20130621
Commtouch 20130620
Comodo 20130621
Emsisoft 20130621
F-Prot 20130620
F-Secure 20130621
Fortinet 20130621
GData 20130621
Ikarus 20130621
Jiangmin 20130621
K7AntiVirus 20130620
K7GW 20130620
Kaspersky 20130620
Kingsoft 20130506
Malwarebytes 20130620
McAfee 20130621
McAfee-GW-Edition 20130621
MicroWorld-eScan 20130621
Microsoft 20130621
NANO-Antivirus 20130621
Norman 20130621
PCTools 20130521
Panda 20130621
Rising 20130621
SUPERAntiSpyware 20130621
Symantec 20130621
TheHacker 20130620
TotalDefense 20130620
TrendMicro 20130621
TrendMicro-HouseCall 20130621
VBA32 20130620
ViRobot 20130621
eSafe 20130620
nProtect 20130621
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Publisher Secure Installer
Signature verification Signed file, verified signature
Signing date 7:21 PM 5/29/2013
Signers
[+] Secure Installer
Status Valid
Valid from 1:00 AM 9/25/2012
Valid to 12:59 AM 9/26/2013
Valid usage Code Signing
Algorithm SHA1
Thumbrint 19EADA7A14BD3FE158204955171F850C7D28D216
Serial number 00 C3 50 7C 1A DD E6 B4 C5 2E 54 26 99 0F 85 CA 2B
[+] COMODO Code Signing CA 2
Status Valid
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm SHA1
Thumbrint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm SHA1
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] USERTrust
Status Valid
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] COMODO Time Stamping Signer
Status Valid
Valid from 1:00 AM 5/10/2010
Valid to 12:59 AM 5/11/2015
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] UTN-USERFirst-Object
Status Valid
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm SHA1
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] USERTrust
Status Valid
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000098CC
Number of sections 8
PE sections
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 11
ENGLISH US 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
2.25

EntryPoint
0x98cc

InitializedDataSize
33280

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
0

File identification
MD5 20dfcef31256c86b888b9eee0bf8be1d
SHA1 6d7bccddde8c7d67104af0bb507bf84bd17b1ad0
SHA256 eb06f4146a8e798d979aa8f6a11bd850705d31c52d7cb04a0229579c586034b9
ssdeep
12288:WCyMJfsFJHCmVDYUGr3gHRV0k+Ts+MleJ3RddPbrwDUUfezUImxQK7:WCyMJfsHi0YLr3gA8le/PnwDr2zc

File size 603.1 KB ( 617608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe signed

VirusTotal metadata
First submission 2013-06-21 09:56:56 UTC ( 10 months, 1 week ago )
Last submission 2013-06-21 09:56:56 UTC ( 10 months, 1 week ago )
File names Firefox_Setup_21.0.exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!