× Obsługa plików cookie w przeglądarce jest wyłączona! Ta strona wymaga włączonej obsługi plików cookie, aby działać poprawnie
SHA256: e01b0e7feadd08a7ea87c1cde44e7b97daf9632eaee8311ef6967f33258d03c1
Nazwa pliku: PasswordFox.exe
Współczynnik wykrycia: 20 / 67
Data analizy: 2017-12-15 22:18:53 UTC ( 1 rok, 5 miesięcy temu ) Zobacz najnowsze
Antywirus Wynik Uaktualnij
Antiy-AVL RiskWare[RiskTool]/Win32.PassFox 20171215
Avira (no cloud) SPR/PSW.Gen 20171215
CAT-QuickHeal HackTool.PassFox.SD4 20171215
DrWeb Tool.PassView.1033 20171215
ESET-NOD32 a variant of Win32/PSWTool.PassFox.D potentially unsafe 20171215
Fortinet Riskware/PassFox 20171215
GData Win32.Trojan.Agent.4SG1M7 20171215
Jiangmin RiskTool.PassFox.l 20171215
K7AntiVirus Unwanted-Program ( 004c30961 ) 20171215
K7GW Unwanted-Program ( 004c30961 ) 20171214
Kaspersky not-a-virus:HEUR:RiskTool.Win32.PassFox.heur 20171215
MAX malware (ai score=99) 20171215
McAfee Tool-PassView 20171215
McAfee-GW-Edition Tool-PassView 20171215
NANO-Antivirus Riskware.Win32.PassFox.emeozm 20171215
Symantec PasswordRevealer 20171215
TrendMicro-HouseCall Suspicious_GEN.F47V1105 20171215
Webroot W32.Passfox.Heur 20171215
Zillya Trojan.Katusha.Win32.48526 20171214
ZoneAlarm by Check Point not-a-virus:HEUR:RiskTool.Win32.PassFox.heur 20171215
Ad-Aware 20171215
AegisLab 20171215
AhnLab-V3 20171215
Alibaba 20171215
ALYac 20171215
Arcabit 20171215
Avast 20171215
Avast-Mobile 20171215
AVG 20171215
AVware 20171215
Baidu 20171215
BitDefender 20171215
Bkav 20171215
ClamAV 20171215
CMC 20171215
Comodo 20171215
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171215
Cyren 20171215
eGambit 20171215
Emsisoft 20171215
Endgame 20171130
F-Prot 20171215
F-Secure 20171215
Ikarus 20171215
Sophos ML 20170914
Kingsoft 20171215
Malwarebytes 20171215
Microsoft 20171215
eScan 20171215
nProtect 20171215
Palo Alto Networks (Known Signatures) 20171215
Panda 20171215
Qihoo-360 20171215
Rising 20171215
SentinelOne (Static ML) 20171207
Sophos AV 20171215
SUPERAntiSpyware 20171215
Symantec Mobile Insight 20171215
Tencent 20171215
TheHacker 20171210
TrendMicro 20171215
Trustlook 20171215
VBA32 20171215
VIPRE 20171215
ViRobot 20171215
WhiteArmor 20171204
Yandex 20171214
Zoner 20171215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2008 - 2017 Nir Sofer

Product PasswordFox
File version 1.58
Description Password-Recovery For Firefox
Signature verification Signed file, verified signature
Signing date 10:21 AM 11/5/2017
Signers
[+] Nir Sofer
Status Valid
Issuer COMODO Code Signing CA 2
Valid from 12:00 AM 09/12/2014
Valid to 11:59 PM 09/12/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint A80BAEDA573DF2712F23A41857E648475EAC9BA5
Serial number 1A F0 66 0E 83 7A 35 A2 CD 92 EC 61 3F C1 5D B8
[+] COMODO Code Signing CA 2
Status Valid
Issuer UTN-USERFirst-Object
Valid from 12:00 AM 08/24/2011
Valid to 10:48 AM 05/30/2020
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 08:09 AM 06/07/2005
Valid to 10:48 AM 05/30/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] Sectigo (AddTrust)
Status Valid
Issuer AddTrust External CA Root
Valid from 10:48 AM 05/30/2000
Valid to 10:48 AM 05/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 12:00 AM 12/31/2015
Valid to 06:40 PM 07/09/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 08:09 AM 06/07/2005
Valid to 10:48 AM 05/30/2020
Valid usage All
Algorithm sha1RSA
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] Sectigo (AddTrust)
Status Valid
Issuer AddTrust External CA Root
Valid from 10:48 AM 05/30/2000
Valid to 10:48 AM 05/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-05 10:18:12
Entry Point 0x0000FB5A
Number of sections 4
PE sections
Overlays
MD5 6d137b61f07538027fa632c40a5a263a
File type data
Offset 90112
Size 11984
Entropy 7.42
PE imports
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
CreateToolbarEx
CreateStatusWindowW
ImageList_AddMasked
ImageList_SetImageCount
ImageList_Create
Ord(17)
ImageList_ReplaceIcon
GetDeviceCaps
CreateFontIndirectW
SetBkMode
GetTextExtentPoint32W
GetStockObject
SelectObject
SetBkColor
DeleteObject
SetTextColor
CreateToolhelp32Snapshot
GetLastError
LoadLibraryExW
SystemTimeToFileTime
FileTimeToSystemTime
LoadLibraryW
GetFileTime
GetVersionExW
FreeLibrary
GetTimeFormatW
ExitProcess
GlobalUnlock
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
Process32NextW
GetCurrentProcess
FileTimeToLocalFileTime
SizeofResource
CompareFileTime
FindNextFileW
GetCurrentProcessId
OpenProcess
LockResource
GetModuleHandleW
GetWindowsDirectoryW
GetDateFormatW
SetErrorMode
MultiByteToWideChar
GetStartupInfoW
ReadProcessMemory
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
Process32FirstW
WritePrivateProfileStringW
GetTempFileNameW
EnumResourceNamesW
ExpandEnvironmentStringsW
WideCharToMultiByte
GetModuleFileNameW
GetModuleHandleA
ReadFile
WriteFile
CloseHandle
EnumResourceTypesW
FindFirstFileW
GlobalLock
LocalFree
FormatMessageW
GetTempPathW
GetCurrentDirectoryW
SetCurrentDirectoryW
LoadResource
FindResourceW
CreateFileW
GlobalAlloc
FindClose
GetPrivateProfileStringW
GetFileSize
SHGetMalloc
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SetFocus
RegisterWindowMessageW
GetParent
EnableWindow
UpdateWindow
DrawTextExW
EndDialog
BeginPaint
GetMessageW
DefWindowProcW
ModifyMenuW
GetDlgCtrlID
DestroyMenu
EnumChildWindows
PostQuitMessage
ShowWindow
DrawFrameControl
LoadMenuW
SetWindowPos
GetSysColorBrush
GetSystemMetrics
SetWindowLongW
MessageBoxW
GetMenu
GetWindowRect
EndPaint
SetMenu
MoveWindow
DialogBoxParamW
MapWindowPoints
SetDlgItemInt
ChildWindowFromPoint
TranslateMessage
GetDlgItemTextW
PostMessageW
GetSysColor
GetDlgItemInt
SetDlgItemTextW
DispatchMessageW
EndDeferWindowPos
ReleaseDC
GetMenuStringW
CheckMenuItem
SendMessageW
SetClipboardData
RegisterClassW
SendDlgItemMessageW
BeginDeferWindowPos
GetWindowPlacement
EmptyClipboard
DestroyWindow
GetClientRect
GetCursorPos
GetDlgItem
GetWindow
GetDC
InvalidateRect
CreateDialogParamW
GetSubMenu
OpenClipboard
LoadImageW
GetClassNameW
TrackPopupMenu
LoadStringW
IsDialogMessageW
GetMenuItemCount
GetMenuItemInfoW
SetWindowTextW
GetWindowTextW
EnableMenuItem
DeferWindowPos
LoadCursorW
LoadIconW
CreateWindowExW
LoadAcceleratorsW
GetWindowLongW
CloseClipboard
TranslateAcceleratorW
SetCursor
FindTextW
GetSaveFileNameW
_purecall
__wgetmainargs
malloc
__p__fmode
wcstoul
memset
wcschr
__dllonexit
_wcslwr
_controlfp
_ultow
wcscpy
strlen
_memicmp
_cexit
_c_exit
log
??2@YAPAXI@Z
_onexit
wcslen
wcscmp
abs
exit
_XcptFilter
memcmp
wcsncat
__setusermatherr
_wtoi64
__p__commode
_wcmdln
_except_handler3
_wcsicmp
_wcsnicmp
_adjust_fdiv
_itow
??3@YAXPAX@Z
free
wcscat
_initterm
_snwprintf
memmove
memcpy
wcsrchr
strcpy
modf
_exit
_wtoi
strcmp
__set_app_type
CoUninitialize
CoInitialize
Number of PE resources by type
RT_STRING 7
RT_DIALOG 5
RT_ICON 3
RT_BITMAP 3
RT_MENU 2
RT_GROUP_ICON 2
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 15
HEBREW DEFAULT 12
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
27648

ImageVersion
0.0

ProductName
PasswordFox

FileVersionNumber
1.5.8.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.58

TimeStamp
2017:11:05 10:18:12+00:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.58

FileDescription
Password-Recovery For Firefox

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2008 - 2017 Nir Sofer

MachineType
Intel 386 or later, and compatibles

CompanyName
NirSoft

CodeSize
61440

FileSubtype
0

ProductVersionNumber
1.5.8.0

EntryPoint
0xfb5a

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 a662c8b65c0170c831f7661df7765be2
SHA1 61f900714ef36eb95d7dddbce044bce37aef5a74
SHA256 e01b0e7feadd08a7ea87c1cde44e7b97daf9632eaee8311ef6967f33258d03c1
ssdeep
1536:hyFva3H/NFNDOZBd24YUsSI5gepTRGVZSH7BAXP8bix:hyc3H/xO3d24YUrI5pFgVZSH7BAXEG

authentihash 883053b0a8ae483df0de5fe4d7b2b764d3e78fc0927bf70295d83bc9c0b54fec
imphash 830c22d616f9ac1efb0fe5fc97a41067
File size 99.7 KB ( 102096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-11-05 16:41:56 UTC ( 1 rok, 6 miesięcy temu )
Last submission 2019-05-06 08:59:06 UTC ( 2 tygodnie, 2 dni temu )
Nazwy plików PasswordFox.exe
PasswordFox.exe
passwordfox.exe
passwordfox.exe
PasswordFox (2).exe
PasswordFox.exe
PasswordFox.exe
passwordfox.exe
PasswordFox.exe
fox.exe
PasswordFox.exe
PasswordFox.exe
PasswordFox.exe
PasswordFox.exe
PasswordFox.exe
passwordfox.exe
PasswordFox.exe
Brak komentarzy. Żaden z członków społeczności VirusTotal nie skomentował tego. Bądź pierwszy, by to zrobić!

Skomentuj

?
Dodaj komentarz

Nie jesteś zalogowany. Tylko zarejestrowani użytkownicy mogą dodawać komentarze, zalogować się i mieć swój głos!

Brak ocen. Nikt jeszcze nie oddał swojego głosu, bądź pierwszy!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications