× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fb4f9c6588a891fbe9aaf4108d09ef9ec422e301b52f497170c4e035f5a0f059
File name: 2015-12-03-Nuclear-EK-Payload-1.exe
Detection ratio: 29 / 55
Analysis date: 2015-12-05 23:44:48 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.172079 20151205
AhnLab-V3 Trojan/Win32.Teslacrypt 20151205
Antiy-AVL Trojan[Dropper]/Win32.Injector 20151205
Arcabit Trojan.Zusy.D2A02F 20151205
AVG Atros2.BNJJ 20151205
Avira (no cloud) TR/Crypt.Xpack.337007 20151205
AVware Trojan.Win32.Generic!BT 20151205
Baidu-International Trojan.Win32.Zlader.L 20151205
BitDefender Gen:Variant.Zusy.172079 20151206
Bkav W32.SqvibadR.Trojan 20151205
Cyren W32/Trojan.KADQ-6974 20151206
DrWeb Trojan.PWS.Stealer.16571 20151206
Emsisoft Gen:Variant.Zusy.172079 (B) 20151206
ESET-NOD32 Win32/Zlader.L 20151206
F-Secure Gen:Variant.Zusy.172079 20151205
Fortinet W32/Zlader.L!tr 20151204
GData Gen:Variant.Zusy.172079 20151206
Kaspersky Trojan-Dropper.Win32.Injector.ntaj 20151205
Malwarebytes Trojan.Agent.QAZ 20151206
McAfee Artemis!3A58215AB737 20151206
McAfee-GW-Edition BehavesLike.Win32.Downloader.ch 20151205
Microsoft Trojan:Win32/Bagsu!rfn 20151205
eScan Gen:Variant.Zusy.172079 20151206
NANO-Antivirus Trojan.Win32.Stealer.dyzgmd 20151205
Panda Generic Suspicious 20151205
Rising PE:Malware.Obscure/Heur!1.9E03 [F] 20151205
Sophos Mal/Generic-S 20151206
Symantec Trojan.Gen.2 20151205
VIPRE Trojan.Win32.Generic!BT 20151205
AegisLab 20151205
Yandex 20151205
Alibaba 20151204
ALYac 20151204
Avast 20151205
ByteHero 20151206
CAT-QuickHeal 20151205
ClamAV 20151204
CMC 20151201
Comodo 20151202
F-Prot 20151206
Ikarus 20151205
Jiangmin 20151205
K7AntiVirus 20151202
K7GW 20151202
nProtect 20151204
Qihoo-360 20151206
SUPERAntiSpyware 20151205
Tencent 20151206
TheHacker 20151205
TrendMicro 20151205
TrendMicro-HouseCall 20151205
VBA32 20151204
ViRobot 20151205
Zillya 20151205
Zoner 20151205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
©Firefox and Mozilla Developers; available under the MPL 2 license.

Product Firefox
Original name firefox.exe
Internal name Firefox
File version 40.0.3
Description Firefox
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-26 17:04:59
Entry Point 0x0000A7EA
Number of sections 6
PE sections
Overlays
MD5 5e0fbd3b710b9af496126e34fb90c5dd
File type data
Offset 90112
Size 62978
Entropy 7.98
PE imports
SelectPalette
SetDIBitsToDevice
CreatePalette
CreateDIBitmap
Ellipse
CreateHalftonePalette
ExtTextOutA
GetDIBits
SetStretchBltMode
CreateDIBSection
GetCharWidth32A
DeleteObject
RealizePalette
StretchDIBits
GlobalSize
GetACP
IsDBCSLeadByteEx
GetStartupInfoA
SetCommState
UnmapViewOfFile
GetModuleHandleA
GetModuleFileNameW
GlobalFree
CreateFileW
GlobalAlloc
CompareStringW
CloseHandle
SetCurrentDirectoryW
GlobalUnlock
GlobalLock
VirtualAlloc
HeapCreate
SetCommTimeouts
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(2414)
Ord(2635)
Ord(1641)
Ord(3136)
Ord(2542)
Ord(4524)
Ord(554)
Ord(1842)
Ord(5237)
Ord(5577)
Ord(3350)
Ord(6375)
Ord(540)
Ord(3626)
Ord(4589)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(1665)
Ord(4303)
Ord(5214)
Ord(1264)
Ord(5301)
Ord(807)
Ord(4163)
Ord(4964)
Ord(6215)
Ord(6625)
Ord(3597)
Ord(4529)
Ord(4531)
Ord(815)
Ord(2723)
Ord(366)
Ord(922)
Ord(641)
Ord(5788)
Ord(2494)
Ord(5277)
Ord(2514)
Ord(4953)
Ord(4425)
Ord(3454)
Ord(5199)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(4108)
Ord(5300)
Ord(2379)
Ord(6175)
Ord(338)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(6571)
Ord(2982)
Ord(617)
Ord(3172)
Ord(2859)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5307)
Ord(796)
Ord(4823)
Ord(2390)
Ord(6052)
Ord(4424)
Ord(4273)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(4376)
Ord(1945)
Ord(6376)
Ord(5282)
Ord(4614)
Ord(472)
Ord(2117)
Ord(1727)
Ord(823)
Ord(5503)
Ord(2725)
Ord(4998)
Ord(5472)
Ord(268)
Ord(4436)
Ord(4457)
Ord(800)
Ord(3749)
Ord(2512)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(4696)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(350)
Ord(3147)
Ord(2124)
Ord(4615)
Ord(1726)
Ord(4242)
Ord(4077)
Ord(6336)
Ord(4890)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(4353)
Ord(813)
Ord(1567)
Ord(3748)
Ord(5065)
Ord(5290)
Ord(4407)
Ord(4426)
Ord(6117)
Ord(3663)
Ord(3346)
Ord(2446)
Ord(3693)
Ord(2396)
Ord(4159)
Ord(3831)
Ord(520)
Ord(6374)
Ord(5280)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(6157)
Ord(2535)
Ord(2558)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(4297)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(4151)
Ord(2649)
Ord(6877)
Ord(2393)
Ord(5252)
Ord(2626)
Ord(1776)
Ord(858)
Ord(6000)
Ord(4623)
Ord(324)
Ord(5265)
Ord(4238)
Ord(5460)
Ord(2510)
Ord(3830)
Ord(5103)
Ord(1871)
Ord(2385)
Ord(4613)
Ord(4278)
Ord(4349)
Ord(2878)
Ord(3079)
Ord(4899)
Ord(652)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(2627)
Ord(4837)
Ord(5241)
Ord(5100)
Ord(2399)
Ord(5012)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(4545)
Ord(3403)
Ord(4622)
Ord(561)
Ord(1746)
Ord(4543)
Ord(4133)
Ord(4610)
Ord(4961)
Ord(2879)
Ord(4486)
Ord(560)
Ord(4341)
Ord(529)
Ord(4698)
Ord(5163)
Ord(6055)
Ord(296)
Ord(2801)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(1825)
Ord(5731)
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
??_Dfstream@@QAEXXZ
??0fstream@@QAE@XZ
?endl@@YAAAVostream@@AAV1@@Z
?openprot@filebuf@@2HB
??6ostream@@QAEAAV0@N@Z
?open@fstream@@QAEXPBDHH@Z
??6ostream@@QAEAAV0@PBD@Z
__p__fmode
_acmdln
_ftol
memset
__dllonexit
_controlfp
??1type_info@@UAE@XZ
_except_handler3
strtol
sqrt
_onexit
abs
exit
_XcptFilter
pow
__setusermatherr
__p__commode
__CxxFrameHandler
_CxxThrowException
_adjust_fdiv
__getmainargs
memcpy
_setmbcp
_initterm
_exit
__set_app_type
RedrawWindow
SetTimer
SystemParametersInfoA
EnableWindow
UpdateWindow
SetClassLongW
GetDesktopWindow
CloseClipboard
MessageBoxA
SetScrollInfo
SendDlgItemMessageA
RegisterClipboardFormatA
GetDC
CreateWindowExW
Number of PE resources by type
RT_DIALOG 1
Struct(241) 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
FRENCH BELGIAN 2
CHINESE SIMPLIFIED 1
SPANISH MODERN 1
ENGLISH US 1
GERMAN SWISS 1
PE resources
ExifTool file metadata
LegalTrademarks
Firefox is a Trademark of The Mozilla Foundation.

SubsystemVersion
4.0

LinkerVersion
6.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
40.0.3.5716

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Firefox

CharacterSet
Unicode

InitializedDataSize
36864

EntryPoint
0xa7ea

OriginalFileName
firefox.exe

MIMEType
application/octet-stream

LegalCopyright
Firefox and Mozilla Developers; available under the MPL 2 license.

FileVersion
40.0.3

TimeStamp
2015:11:26 18:04:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Firefox

ProductVersion
40.0.3

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mozilla Corp ration

BuildID
20150826023504

CodeSize
49152

ProductName
Firefox

ProductVersionNumber
40.0.3.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 3a58215ab737c3b0b312fad797ad2f58
SHA1 1cbb41e998a3c4e7fd274995961ec9fa0e29692b
SHA256 fb4f9c6588a891fbe9aaf4108d09ef9ec422e301b52f497170c4e035f5a0f059
ssdeep
3072:T4vAa/587URh2NbzAwKKXRDYx242O7n0YDIhTke4unhV:TJaaoRh2NbzAoDg2ho0YCYe4unhV

authentihash 8bfc4465a413d07b1993a944b0327cf52e39e9980e8dcc7c68f64a10a3824e7b
imphash f526eb2a0ba02c5c905f3258052f3c0a
File size 149.5 KB ( 153090 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-12-04 03:37:45 UTC ( 1 year, 5 months ago )
Last submission 2016-02-29 19:04:56 UTC ( 1 year, 2 months ago )
File names Firefox
2015-12-03-Nuclear-EK-Payload-2.exe
2015-12-03-Nuclear-EK-Payload-1.exe
firefox.exe
21A.tmp
SearchProtocolHost.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs