× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f435dd73e7a67edd527c01c2999ac86e652129557d5795b62aaccbdc427ee6d7
File name: vt-upload-HVjNK
Detection ratio: 20 / 54
Analysis date: 2014-08-08 08:30:04 UTC ( 4 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.150341 20140808
Antiy-AVL Trojan/Win32.Yakes 20140808
Avast Win32:Malware-gen 20140807
AVG Zbot.MHB 20140808
AVware Trojan.Win32.Generic!BT 20140808
BitDefender Gen:Variant.Graftor.150341 20140808
Emsisoft Gen:Variant.Graftor.150341 (B) 20140808
ESET-NOD32 Win32/Spy.Zbot.ABX 20140808
F-Secure Gen:Variant.Graftor.150341 20140808
Fortinet W32/Zbot.ABX!tr 20140808
GData Gen:Variant.Graftor.150341 20140808
Kaspersky Trojan-Spy.Win32.Zbot.tsfn 20140808
Malwarebytes Backdoor.Bot 20140808
McAfee Artemis!0A4739649CBF 20140808
Microsoft PWS:Win32/Zbot 20140808
eScan Gen:Variant.Graftor.150341 20140808
Panda Trj/Chgt.C 20140807
Sophos AV Mal/Generic-S 20140808
Symantec WS.Reputation.1 20140808
VIPRE Trojan.Win32.Generic!BT 20140808
AegisLab 20140808
Yandex 20140807
AhnLab-V3 20140807
AntiVir 20140808
Baidu-International 20140808
Bkav 20140808
ByteHero 20140808
CAT-QuickHeal 20140808
ClamAV 20140807
CMC 20140807
Commtouch 20140808
Comodo 20140808
DrWeb 20140808
F-Prot 20140808
Ikarus 20140808
Jiangmin 20140808
K7AntiVirus 20140807
K7GW 20140807
Kingsoft 20140808
McAfee-GW-Edition 20140808
NANO-Antivirus 20140808
Norman 20140808
nProtect 20140807
Qihoo-360 20140808
Rising 20140807
SUPERAntiSpyware 20140804
Tencent 20140808
TheHacker 20140805
TotalDefense 20140808
TrendMicro 20140808
TrendMicro-HouseCall 20140808
VBA32 20140807
ViRobot 20140808
Zoner 20140729
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Copyright
Copyright (C) 2013 Mozilla Corporation

Publisher Mozilla Corporation
Product TorBroswer
Original name firefox.exe
Internal name TorBroswer
File version 1.0.7.9
Description TorBroswer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-04 08:55:35
Entry Point 0x0000AA01
Number of sections 4
PE sections
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
File identification
MD5 0a4739649cbf41ffd757deabf5cdf5f7
SHA1 8d6186ddec7350c35da1e75747a3b8d6a67b7319
SHA256 f435dd73e7a67edd527c01c2999ac86e652129557d5795b62aaccbdc427ee6d7
ssdeep
3072:ScQ1Dndp6zSFS8Dbr1c8iSLLrcShf7Fg901UiGX1ra0kT3YjfQew3mam:Sr1nn6zSFBD9ZLvTf7F7ui0I2H

imphash 61f69b8abe76b0a47bbfb92081e9709b
File size 237.5 KB ( 243200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-08 08:30:04 UTC ( 4 years, 7 months ago )
Last submission 2014-08-25 15:07:36 UTC ( 4 years, 6 months ago )
File names TorBroswer
firefox.exe
0a4739649cbf41ffd757deabf5cdf5f7
vt-upload-HVjNK
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications