× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f6cd7352d96fa8c8668e4f77751cf748212c237436b9b02f808190cf26a59fe7
File name: 119-netscape-navigator-9.0.0.6.exe
Detection ratio: 0 / 57
Analysis date: 2016-04-03 04:08:02 UTC ( 1 year, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160403
AegisLab 20160403
AhnLab-V3 20160402
Alibaba 20160401
ALYac 20160403
Antiy-AVL 20160403
Arcabit 20160403
Avast 20160403
AVG 20160403
Avira (no cloud) 20160402
AVware 20160403
Baidu 20160402
Baidu-International 20160402
BitDefender 20160403
Bkav 20160402
CAT-QuickHeal 20160402
ClamAV 20160402
CMC 20160401
Comodo 20160402
Cyren 20160403
DrWeb 20160403
Emsisoft 20160403
ESET-NOD32 20160402
F-Prot 20160403
F-Secure 20160403
Fortinet 20160402
GData 20160403
Ikarus 20160402
Jiangmin 20160403
K7AntiVirus 20160403
K7GW 20160403
Kaspersky 20160402
Kingsoft 20160403
Malwarebytes 20160403
McAfee 20160403
McAfee-GW-Edition 20160403
Microsoft 20160402
eScan 20160403
NANO-Antivirus 20160403
nProtect 20160401
Panda 20160402
Qihoo-360 20160403
Rising 20160403
Sophos AV 20160403
SUPERAntiSpyware 20160403
Symantec 20160331
Tencent 20160403
TheHacker 20160330
TotalDefense 20160402
TrendMicro 20160403
TrendMicro-HouseCall 20160403
VBA32 20160401
VIPRE 20160403
ViRobot 20160402
Yandex 20160316
Zillya 20160402
Zoner 20160403
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Mozilla

Product Firefox
Original name 7zS.sfx.exe
Internal name 7zS.sfx
File version 4.42
Description Firefox
Packers identified
F-PROT NSIS, appended, 7Z, UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-08-15 22:27:50
Entry Point 0x00021CF0
Number of sections 3
PE sections
Overlays
MD5 f1f5201cc3f57eb108e3811fc982cb0c
File type data
Offset 69120
Size 5991017
Entropy 8.00
PE imports
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
SysAllocString
ShellExecuteExA
SetTimer
Number of PE resources by type
RT_ICON 9
RT_STRING 2
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.42.0.0

UninitializedDataSize
94208

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
28672

EntryPoint
0x21cf0

OriginalFileName
7zS.sfx.exe

MIMEType
application/octet-stream

LegalCopyright
Mozilla

FileVersion
4.42

TimeStamp
2006:08:15 23:27:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
7zS.sfx

ProductVersion
4.42

FileDescription
Firefox

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla

CodeSize
40960

ProductName
Firefox

ProductVersionNumber
4.42.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
PCAP parents
File identification
MD5 6be00105f6d010d99efcc09b1ab180cb
SHA1 b894014187511c79edeb9af19a7c3842e15e7a95
SHA256 f6cd7352d96fa8c8668e4f77751cf748212c237436b9b02f808190cf26a59fe7
ssdeep
98304:nk7sW4osyvzR6QCkHuGDBXpT8Y3RaZ8OnvDm016wOXxVlyXvB6ptIT0DcaF6Fz:kN4ojvzkQC6lphEZnnbz1XOXkXZ6dF6J

authentihash c33b16cebb2a1c80c0f4941511caf362be16b5f778899f6e37b6c8a3c8798122
imphash 67b717da9ed8a8bd9f572a5820791f0c
File size 5.8 MB ( 6060137 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (28.6%)
UPX compressed Win32 Executable (28.0%)
Win32 EXE Yoda's Crypter (27.5%)
Win32 Dynamic Link Library (generic) (6.8%)
Win32 Executable (generic) (4.6%)
Tags
nsis peexe overlay upx software-collection

VirusTotal metadata
First submission 2008-04-10 13:32:30 UTC ( 9 years, 9 months ago )
Last submission 2018-01-17 15:26:03 UTC ( 18 hours, 39 minutes ago )
File names 35160-81286-netscape-browser.exe
file-3566242_exe
netscape-navigator.exe
netscape-navigator-9.0.0.6.exe
test.exe
netscape-navigator-9.0.0.6.exe
vt-upload-AAdZu
4E7AE11A42A62960F7A80874C8E55A24 - netscape-navigator-9.0.0.6.exe
netscape-navigator-9.0.0.6.exe
7zS.sfx.exe
netscape-navigator-9.0.0.6.exe
814_netscape-naviga.exe
2524596
netscape-navigator-9.0.0.6%28dobreprogramy.pl%29.exe
SoftZoner.com_Netscape_Navigator_v9.0.0.6.exe
f6cd7352d96fa8c8668e4f77751cf748212c237436b9b02f808190cf26a59fe7
DC347.EXE
netscape_navigator.exe
netscape_9_0_0_6.exe
setup9.0.0.6.exe
netscape-navigator-9.0.0.6.exe
8756ba1d69ce0cc278a45c7550dbb3001ef17004.EXE
file
205042_netscape-navigator-9.0.0.6.exe
b894014187511c79edeb9af19a7c3842e15e7a95
Software collections
website http://oldapps.com/netscape.php?old_netscape=6
oldapps http://oldapps.com/netscape.php?old_netscape=6?download
product Netscape Browser 9.0.0.6
developer Netscape, Inc.
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!