ca700fd7149ed035adba94acbda33523

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2017-Jul-05 16:09:48
Detected languages English - United States
CompanyName Mozilla
FileDescription Firefox
FileVersion 4.42
InternalName 7zS.sfx
LegalCopyright Mozilla
OriginalFilename 7zS.sfx.exe
ProductName Firefox
ProductVersion 4.42

Plugin Output

Suspicious PEiD Signature: UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h)
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
The PE only has 7 import(s).
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
Info The PE is digitally signed. Signer: Mozilla Corporation
Issuer: DigiCert SHA2 Assured ID Code Signing CA
Suspicious VirusTotal score: 1/65 (Scanned on 2018-05-16 01:27:10) Cylance: Unsafe

Hashes

MD5 ca700fd7149ed035adba94acbda33523
SHA1 0296ee8eae2e11b4ee9a0e3142b3826d5867f399
SHA256 9c19e1d949c9606e0c50c6e7d1725ca8720d753655aa128a49a1980feb92f04e
SHA3 3b244e91f4409c5c5511f2449c7919b5139300607e4fecd52b8cc91f8ca1a067
SSDeep 6144:adqLfv9EKUvCSKs/zwfo4q3j27tLy7jzTM:adqLfjUvnKQwfjq3j2dy7jzw
Imports Hash fc785ac8507eb2f8e2af81f89b4cb6fd

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2017-Jul-05 16:09:48
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0xe000
SizeOfInitializedData 0x9000
SizeOfUninitializedData 0x22000
AddressOfEntryPoint 0x00030C80 (Section: UPX1)
BaseOfCode 0x23000
BaseOfData 0x31000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x3a000
SizeOfHeaders 0x1000
Checksum 0x45555
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x22000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 41ab685e77f5b1d4c234e9ce764d701d
SHA1 1dbc1c2a1f41681dc1f2046cf5b7c5f77e722126
SHA256 7791c09b2ae815d933072603aa719773dcde933aa6dd2f610435d82e7a9dd731
SHA3 632197e8b318e29a512426e2ba1e3110578cb6922d665963ee91ceb8fcb34ccd
VirtualSize 0xe000
VirtualAddress 0x23000
SizeOfRawData 0xe000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.87283

.rsrc

MD5 5b4482ada83280e1ff00bc92b236e311
SHA1 e76290316afcfaa080f1a8b9dde76f9a2e5bcd18
SHA256 c4e54b696f40b1b617dc775d370a9a51fb916ded3a9a0f8c4b1e204341417353
SHA3 491827e42cae4ca7dbedd055d8204d93ab7f90e4cf0f3aeeda70338848937311
VirtualSize 0x9000
VirtualAddress 0x31000
SizeOfRawData 0x8a00
PointerToRawData 0xe400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.65391

Imports

KERNEL32.DLL LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
MSVCRT.dll free

Delayed Imports

10

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.65247
MD5 9ab0eb627d8376aa3ffcbe94f8d6e558
SHA1 8218b82a06579bb2fb32dbbbf1cff3d08643f9a8
SHA256 f4b73340430f3091a316d15d4874110763d9f4df3333d999f917110128aa82b9
SHA3 9b80c56554b42e1fc55b934fdeb48699f685515193fb94e1519e96eda3f44a41

11

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.51887
MD5 54dd06b5186085a82200222153481dba
SHA1 2db0a57a40615eb7edbfe552826cb08cf0258e51
SHA256 7a9f91293b02ea9ffbb6a0aaa2a3358aada80b486028740de4616c73e2b440b6
SHA3 5fab5ecfb3fbc07772533a96d878429cba4695717c7bd0bdabebd4d5cc034cf5

12

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.66101
MD5 bba10e0241322145b5080190e41a924e
SHA1 015f65000f1f3dcbd54084c3956a7af695cdc8d0
SHA256 32898656706a1218a00657615c0c3858bb1d51b85a3c7d9c789066e6ad4be818
SHA3 39a171abc6ccd6b81ac3b3fc9c78bf77551a89c3e6fa484a85a522d820257ec4

13

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.19265
MD5 4fddc7421049bc9cc1b7466108518735
SHA1 67a550003d290602b49f3ac0e15889bd6ebbb78a
SHA256 fd981b833005af2a6295b581e6c57c5e608cf45464a5652d3ceb269eff453f6b
SHA3 7dbc14ca2160e70f925b856e10aa6218f6de4a75f72a00a34a800309b3d20e90

500

Type RT_DIALOG
Language English - United States
Codepage UNKNOWN
Size 0xb8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.88615
MD5 1eee0db62f3e5fe9d16ca3f70d323e87
SHA1 1bc99fc972764c1ad59952dedf84afe5119cf58b
SHA256 cd55add06431925d5979b14625cfc221643ac67962e925d872193e380a5b3e9a
SHA3 5bcb1f4217a92a4b3a19f2936fb63f884cb4348ad1816c9493ec57d14d9c3a27

1

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x94
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.64851
MD5 dd4dcfe83002eec6c59b8457e563c88e
SHA1 0c801582324c4cd5c48a2b63438e460502155985
SHA256 528f9d2fd99e91c8cdd2aab83d5a6cb9c155a1c9eb03857d9dbeb1a80caab2c2
SHA3 348ca0332f7ef5423bb3e7753bf4efd33d062b4c66c163b7e59a431ff26161a4

5

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x9c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.6538
MD5 760437dda2333b13a936791d0eed2c08
SHA1 31f9e8c5e0b9558e73852d21cbb3fbb6f3af0676
SHA256 d3bdb6260939b9d22dbdf0518f5e4e2b5bcaa89e9323bd1a2e6ff769c74aaa76
SHA3 e37151575356c86b4d1133333387339d2b47de73316b6084bcd3f12a604673b7

159

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x3e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.73042
Detected Filetype Icon file
MD5 1efa0add4caf40f0b61d53949ff3b820
SHA1 b26d1a58e5e451ed1903257858fa7f12f1f81c38
SHA256 5497e2692dbb0dd7d43297be1d975a0bf8092f3a511a5849e7435e1f804ec069
SHA3 a8f5376c47444af2e98d4dd9927b0ab710b9e93b9e9f087c46032cc3aee1144c

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x274
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.25849
MD5 d9a123285fee42fc542b0593c3c86dd1
SHA1 ad382baba7ad312b4e303bfd7ee26fbcb681b7f8
SHA256 94e9965a70bd64f270f2cf70654850e7834741368d16b2fd454edc0eb0229e20
SHA3 d58cdd3ee8f427f215e529b38d22950053c891030f358c266d27fbda5a1fe44b

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x554
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.38773
MD5 0647f05317b9c3d67c99b335e0f9a59f
SHA1 045bc58dbd2a3c82560b2b6fbb640a23ae774c8b
SHA256 f095f02cfffc4a476399de0ab3e312bf178f362dc14064e6adb82d5d2e848eba
SHA3 cb15456cb2d2d3b9bae1d1e1da4419d2206856e54855b9a1aeb9b39a6e580bf4

1 (#4)

Type UNKNOWN
Language UNKNOWN
Codepage UNKNOWN
Size 0x9
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.16993
MD5 73fa953912efe55b3e24b528c97a46fd
SHA1 8a52b766ae1d47d7ca3c4a9012d1eb47176f6c27
SHA256 ec480357ed57b50ec4da1f40b7eb83e2832f2a31e638123bc8fd46d0e48d1549
SHA3 b61c81233f0885c4f94d52c60a28bfe9410d80081f8ab846236ffe63d122c559

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 4.42.0.0
ProductVersion 4.42.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Mozilla
FileDescription Firefox
FileVersion (#2) 4.42
InternalName 7zS.sfx
LegalCopyright Mozilla
OriginalFilename 7zS.sfx.exe
ProductName Firefox
ProductVersion (#2) 4.42
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xe4138d49
Unmarked objects 0
14 (7299) 7
C objects (VS98 build 8168) 11
Linker (VS98 build 8168) 2
Imports (2179) 3
Total imports 155
C++ objects (VS98 build 8168) 68
Resource objects (VS98 cvtres build 1720) 1

Errors

[*] Warning: Could not read the name of the DLL to be delay-loaded! [*] Warning: Section UPX0 has a size of 0! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
<-- -->