× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fb013cbcbfe22507dc4bbbc60267f5c28c749dfc04b6808c9870588ec816521d
File name: Firefox
Detection ratio: 0 / 69
Analysis date: 2018-08-16 09:12:40 UTC ( 8 months ago )
Antivirus Result Update
Ad-Aware 20180816
AegisLab 20180816
AhnLab-V3 20180816
Alibaba 20180713
ALYac 20180816
Antiy-AVL 20180816
Arcabit 20180816
Avast 20180816
Avast-Mobile 20180816
AVG 20180816
Avira (no cloud) 20180816
AVware 20180816
Babable 20180725
Baidu 20180816
BitDefender 20180816
Bkav 20180816
CAT-QuickHeal 20180814
ClamAV 20180816
CMC 20180812
Comodo 20180816
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180816
Cyren 20180816
DrWeb 20180816
eGambit 20180816
Emsisoft 20180816
Endgame 20180730
ESET-NOD32 20180816
F-Prot 20180816
F-Secure 20180816
Fortinet 20180816
GData 20180816
Ikarus 20180816
Sophos ML 20180717
Jiangmin 20180816
K7AntiVirus 20180816
K7GW 20180816
Kaspersky 20180816
Kingsoft 20180816
Malwarebytes 20180816
MAX 20180816
McAfee 20180816
McAfee-GW-Edition 20180816
Microsoft 20180816
eScan 20180816
NANO-Antivirus 20180816
Palo Alto Networks (Known Signatures) 20180816
Panda 20180815
Qihoo-360 20180816
Rising 20180816
SentinelOne (Static ML) 20180701
Sophos AV 20180816
SUPERAntiSpyware 20180816
Symantec 20180816
Symantec Mobile Insight 20180814
TACHYON 20180816
Tencent 20180816
TheHacker 20180815
TotalDefense 20180816
TrendMicro 20180816
TrendMicro-HouseCall 20180816
Trustlook 20180816
VBA32 20180815
VIPRE 20180816
ViRobot 20180816
Webroot 20180816
Yandex 20180815
Zillya 20180815
ZoneAlarm by Check Point 20180816
Zoner 20180815
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
©Firefox and Mozilla Developers; available under the MPL 2 license.

Product Firefox
Original name firefox.exe
Internal name Firefox
File version 22.0
Description Firefox
Signature verification Signed file, verified signature
Signing date 3:21 PM 6/18/2013
Signers
[+] Mozilla Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Code Signing CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 10/19/2013
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha1RSA
Thumbprint CAC47DBF634D24E9DC93072FE3C8EA6DC3946E89
Serial number 3D A9 38 6C 20 76 F7 38 EE 24 6B B8 E3 13 A4 D4
[+] Thawte Code Signing CA - G2
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7
Serial number 47 97 4D 78 73 A5 BC AB 0D 2F B3 70 19 2F CE 5E
[+] thawte
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 11/17/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-18 14:13:47
Entry Point 0x000021E5
Number of sections 5
PE sections
Overlays
MD5 794c4b64d7de2d590e6aa974d4f9c18c
File type data
Offset 912896
Size 7576
Entropy 7.34
PE imports
GetLastError
GetModuleFileNameW
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
GetFileAttributesW
HeapSetInformation
GetCurrentProcess
GetProcessIoCounters
GetCurrentProcessId
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
GetProcAddress
InterlockedCompareExchange
WideCharToMultiByte
SetEnvironmentVariableW
ExpandEnvironmentStringsW
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
SetDllDirectoryW
DecodePointer
TerminateProcess
CreateFileW
Sleep
EncodePointer
GetCurrentThreadId
GetEnvironmentVariableW
__wgetmainargs
_putenv
memset
fclose
__dllonexit
_stricmp
fgets
_controlfp_s
_vsnprintf_s
_invoke_watson
_fmode
__winitenv
_cexit
?terminate@@YAXXZ
??2@YAPAXI@Z
strlen
_lock
_onexit
wcslen
exit
_XcptFilter
_commode
strrchr
__setusermatherr
_initterm_e
??_V@YAXPAX@Z
_amsg_exit
_unlock
_crt_debugger_hook
??3@YAXPAX@Z
memcpy
getenv
_except_handler4_common
_wfopen
_initterm
strcpy
_snprintf
_configthreadlocale
_exit
__set_app_type
MessageBoxW
Number of PE resources by type
RT_ICON 33
RT_GROUP_ICON 6
RT_STRING 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 42
PE resources
Debug information
ExifTool file metadata
CodeSize
8704

SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
22.0.0.4917

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Firefox

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
904192

EntryPoint
0x21e5

OriginalFileName
firefox.exe

MIMEType
application/octet-stream

LegalCopyright
Firefox and Mozilla Developers; available under the MPL 2 license.

FileVersion
22.0

TimeStamp
2013:06:18 15:13:47+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Firefox

ProductVersion
22.0

UninitializedDataSize
0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla Corporation

BuildID
20130618035212

LegalTrademarks
Firefox is a Trademark of The Mozilla Foundation.

ProductName
Firefox

ProductVersionNumber
22.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 c8d28f8b498cadbb9445ac4545bd41b7
SHA1 b0efe230c29e5545b73dcc6dea472b7725353812
SHA256 fb013cbcbfe22507dc4bbbc60267f5c28c749dfc04b6808c9870588ec816521d
ssdeep
12288:KN7rGNrkty0fkhAlmvqRVB7rGNrkty0fkhAlmv1:KNErmyFAeqRErmyFAe1

authentihash efd51e272d6cebb0a55dc9eb463ddf2b76f890fa0e6e1a7947fa0314299c879c
imphash 07481f325cab042c6ce2f79173ae1864
File size 898.9 KB ( 920472 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-06-20 08:35:19 UTC ( 5 years, 10 months ago )
Last submission 2017-04-16 07:07:57 UTC ( 2 years ago )
File names LoL Riot Points new ver.exe
file-5663467_exe
A0026174.exe
6d2af295_2168_crypt_io_copy.tmp
firefox.exe.moz-callback
[0]firefox.exe
fb013cbcbfe22507dc4bbbc60267f5c28c749dfc04b6808c9870588ec816521d
firefox.exe
ThreadManager.exe
Q4VMWVZAC2WNM7XM
firefox.exe
[1]firefox.exe
[6]firefox.exe
firefox.exe.moz-delete
[3]firefox.exe
firefox.exe
adaa0a71db0411cbfe6e8d497f2d6.exe
C8D28F8B498CADBB9445AC4545BD41B7
firefox.bat.exe
firefox.exe
firefox.exe
Firefox
firefox.exe.moz-upgrade
Аватария золото (1).exe
ADDModo.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!