× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f0e233557fee245d3fceaa71a2ada08fd4a6aa77cdd706a67dd93cca07d1d6e1
File name: vt-upload-kVfb8
Detection ratio: 36 / 51
Analysis date: 2014-04-23 23:35:40 UTC ( 3 years ago )
Antivirus Result Update
Ad-Aware Gen:Variant.FakeAlert.39 20140424
Yandex Trojan.Kryptik!tp7YCy0P0VM 20140423
AhnLab-V3 Trojan/Win32.Antisb 20140423
AntiVir TR/Crypt.XPACK.Gen 20140424
Avast Win32:MalOb-ID [Cryp] 20140424
AVG PSW.Generic8.BRYI 20140423
BitDefender Gen:Variant.FakeAlert.39 20140424
CMC Trojan.Win32.Krap.1!O 20140422
Commtouch W32/Zbot.CK.gen!Eldorado 20140424
Comodo Packed.Win32.MUPX.Gen 20140423
DrWeb BackDoor.Zbot.56 20140424
Emsisoft Gen:Variant.FakeAlert.39 (B) 20140424
ESET-NOD32 a variant of Win32/Kryptik.NTW 20140423
F-Prot W32/Zbot.CK.gen!Eldorado 20140424
F-Secure Gen:Variant.FakeAlert.39 20140423
Fortinet W32/Kryptik.HZ!tr 20140422
GData Gen:Variant.FakeAlert.39 20140423
K7GW Riskware ( 0015e4f11 ) 20140423
Kaspersky HEUR:Trojan.Win32.Generic 20140423
Malwarebytes Trojan.Agent 20140423
McAfee PWS-Zbot.gen.gc 20140423
McAfee-GW-Edition PWS-Zbot.gen.gc 20140423
Microsoft PWS:Win32/Zbot 20140423
eScan Gen:Variant.FakeAlert.39 20140423
Norman Kryptik.ZJ 20140423
nProtect Trojan-Dropper/W32.Dapato.127488 20140423
Panda Trj/Banker.JJG 20140423
Qihoo-360 Malware.QVM01.Gen 20140424
Sophos Troj/Agent-RNY 20140423
Symantec Infostealer.Banker.C 20140423
TheHacker Trojan/Dropper.Dapato.dag 20140423
TotalDefense Win32/Zbot.AH!generic 20140423
TrendMicro TSPY_ZBOT.SMYX 20140423
TrendMicro-HouseCall TSPY_ZBOT.SMYX 20140423
VBA32 BScope.Zbot.01449 20140423
VIPRE Trojan.Win32.Generic!BT 20140424
AegisLab 20140424
Antiy-AVL 20140423
Baidu-International 20140423
Bkav 20140423
ByteHero 20140424
CAT-QuickHeal 20140423
ClamAV 20140423
Ikarus 20140423
Jiangmin 20140423
K7AntiVirus 20140423
Kingsoft 20140424
NANO-Antivirus 20140423
Rising 20140423
SUPERAntiSpyware 20140423
ViRobot 20140423
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
PortableApps.com Installer Copyright 2007-2010 PortableApps.com.

Publisher PortableApps.com
Product Mozilla Firefox, Portable Edition
Original name FirefoxPortable_3.6.10_English.paf.exe
Internal name Mozilla Firefox, Portable Edition
File version 3.6.10.0
Description Mozilla Firefox, Portable Edition
Comments For additional details, visit PortableApps.com
Packers identified
Command UPX
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1994-06-08 14:56:49
Entry Point 0x001859E0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
DeleteDC
Number of PE resources by type
RT_VERSION 3
RT_RCDATA 1
RT_STRING 1
Number of PE resources by language
NEUTRAL 5
PE resources
ExifTool file metadata
LegalTrademarks
PortableApps.com is a registered trademark of Rare Ideas, LLC.

SubsystemVersion
4.0

Comments
For additional details, visit PortableApps.com

InitializedDataSize
8192

ImageVersion
0.0

ProductName
Mozilla Firefox, Portable Edition

FileVersionNumber
3.6.10.0

UninitializedDataSize
797936

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
1.72

PortableAppscomFormatVersion
2.0

OriginalFilename
FirefoxPortable_3.6.10_English.paf.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

PEType
PE32

FileVersion
3.6.10.0

TimeStamp
1994:06:08 15:56:49+01:00

FileType
Win32 EXE

PortableAppscomInstallerVersion
2.0.3.0

InternalName
Mozilla Firefox, Portable Edition

FileAccessDate
2014:04:24 00:32:38+01:00

ProductVersion
3.6.10.0

PortableAppscomAppID
FirefoxPortable

FileDescription
Mozilla Firefox, Portable Edition

OSVersion
4.0

FileCreateDate
2014:04:24 00:32:38+01:00

FileOS
Win32

LegalCopyright
PortableApps.com Installer Copyright 2007-2010 PortableApps.com.

MachineType
Intel 386 or later, and compatibles

CompanyName
PortableApps.com

CodeSize
118784

FileSubtype
0

ProductVersionNumber
3.6.10.0

EntryPoint
0x1859e0

ObjectFileType
Executable application

File identification
MD5 0fc941d2c69f14cc25a5efe9e3320c14
SHA1 42c6de165f7b5b307ba55b6e6be86660f0941104
SHA256 f0e233557fee245d3fceaa71a2ada08fd4a6aa77cdd706a67dd93cca07d1d6e1
ssdeep
3072:GlZu8bpYSvRbAS448bUZlebITSW4M503nQQ32AQC2:8oOpYSv5AEZTuW4+0gQmr

imphash 84278dad39c8c3793fa05bb7a0db9efa
File size 124.5 KB ( 127488 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (41.1%)
Win32 EXE Yoda's Crypter (35.7%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2014-04-23 23:35:40 UTC ( 3 years ago )
Last submission 2014-04-23 23:35:40 UTC ( 3 years ago )
File names Mozilla Firefox, Portable Edition
FirefoxPortable_3.6.10_English.paf.exe
vt-upload-kVfb8
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications