e3c95614e97bb52dd502684c4f27298c

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2018-Aug-30 22:18:33
Detected languages English - United States
CompanyName Mozilla
FileDescription Firefox
FileVersion 18.05
InternalName 7zS.sfx
LegalCopyright Mozilla
OriginalFilename 7zS.sfx.exe
ProductName Firefox
ProductVersion 18.05

Plugin Output

Suspicious PEiD Signature: UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h)
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
The PE only has 5 import(s).
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Info The PE is digitally signed. Signer: Mozilla Corporation
Issuer: DigiCert SHA2 Assured ID Code Signing CA
Suspicious VirusTotal score: 1/68 (Scanned on 2019-07-22 01:25:26) Cylance: Unsafe

Hashes

MD5 e3c95614e97bb52dd502684c4f27298c
SHA1 eb51384d91f0dbbd90be9d1fae98c59e4bf95cc5
SHA256 72adf585a996f022f059ab7207abc596c1ad35f434ac3f27c3de6ae8c8759012
SHA3 02e11f1f6b91adfada2bba7e004319aba14f2a2a69fa9f525c7eb873cfee0185
SSDeep 6144:1mvr9RLcN0BvxoLjGRU4UUU3UUUD9rOAeJ589CptqAXF6oTh9qUjjYAF82e4:1mr9RUsJGjqU4UUU3UUUZa7n8Qr1V6o
Imports Hash 05d3dce2be32df01ca249872dd2cc117

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2018-Aug-30 22:18:33
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x10000
SizeOfInitializedData 0x10000
SizeOfUninitializedData 0x24000
AddressOfEntryPoint 0x00034310 (Section: UPX1)
BaseOfCode 0x25000
BaseOfData 0x35000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x45000
SizeOfHeaders 0x1000
Checksum 0x466b5
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x24000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 d7fa6b1b11a11d89baa411388c884ec0
SHA1 f01b1c16ad1f87dcf3ea588cede7d570ce65f662
SHA256 d73eb50b397601df577d109f7202f8bd19cc52b463a1302ebeb1c80d6d27a2e0
SHA3 45ef4737bf08709502933329615db59d4c835d5800a587b7586ce700ae2409d0
VirtualSize 0x10000
VirtualAddress 0x25000
SizeOfRawData 0xf600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.89699

.rsrc

MD5 05b1facd758169afb4d5180e526f655a
SHA1 34d5d04e07894f8f8b372a1f115c0a727add0843
SHA256 b11a49c625eeb5d92b08cf23e3f7fedee334af2749c77ee2c5105ad386b45afc
SHA3 331e37b160a4e6d142deb06c71c85ef7fb5be5cbdeeb8424878886b04bd3bd07
VirtualSize 0x10000
VirtualAddress 0x35000
SizeOfRawData 0xf200
PointerToRawData 0xfa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.39743

Imports

KERNEL32.DLL LoadLibraryA
ExitProcess
GetProcAddress
VirtualProtect
MSVCRT.dll free

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x528
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.18273
MD5 76f16f335ec94c0b4b24193680dcf839
SHA1 3497411da0505833678f26a5f3e458596fcb1d1c
SHA256 3a5e4ee1ce76120d682ee9bb1603e5a9c70a6ee611d0371c5abb9bb63dbae9aa
SHA3 a5f26df137caff55267035294d2f6312e4731f5663a129e841baef1eb2c51594

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x1428
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.28933
MD5 ad716d5d46d1137747842dffc3ce2a83
SHA1 ab83ee8afa4bdccd44c53dbdb0bbf8fdff152240
SHA256 19857d659c05005910fe52b10c09356c77fc8659e768bd6dd30ea48d7bbfec8b
SHA3 97958e1a265e4d4f14cb2676301099a4f68312eabfc48f596588cc00a9d6891f

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x2d28
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.05971
MD5 d976f610877c5c7e1c1d629485eef605
SHA1 d6f2038475129a457b24d27ac6c384ee387b2ef1
SHA256 9a3c8f9c793b20db3f62534233c0f3e86c02942b03d13a5d3669b76ddb46817d
SHA3 7ff439feac39f4e2d28a86f4a486647e4efb484c0769d6c496d4d00e4e024adb

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x9eac
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.98148
Detected Filetype PNG graphic file
MD5 3394bd0b933f97c3cada69f839c6114c
SHA1 234142c2cf6e584942b06251bb766fc9b6c54f64
SHA256 edf20165f30188b176989554e37515291e3ea0a38e5fdb47bba87550775599b3
SHA3 3558c4166f5a4eadc79d99ea91e847daf8c7c3e1cc0e280244680b6d02f75957

97

Type RT_DIALOG
Language English - United States
Codepage UNKNOWN
Size 0xb8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.89291
MD5 2fcc1d6b77fdc9e8ac70114cd0ac1a88
SHA1 fdbf4e0dd8b4217959e8a315c7e73a0b79f4b6f4
SHA256 c10796f25833b368f9044636ca7fd25ae72acac57ba2f2e3b12593cb7c669bec
SHA3 0398a9b95f717e744f3959f64e6505ca4e240ee93775a1997fbe1d230c34d002

1 (#2)

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x60
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.22804
MD5 1fd30b265ba8a0102d468127cb01f2ec
SHA1 58435e6bc014e36dfdf0efbba1bfb4b377aa2e20
SHA256 780849e0b4d735f58a55f3a286b50580d9fef8320efe5b47be1d05e459bc4b63
SHA3 9f5baa4ce64652ff7c5740a872c76892cb5e6175c489df46ddc93e307166334b

5

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x88
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.59467
MD5 01ee552fd8833ec92ecd9411dae513a5
SHA1 d0f6de37b15edef39e644986ca2532f7f51a2a5d
SHA256 76921e2b5afe9ee754c2b86afbe9221e56faeee8538507fd3e639f35cc3af981
SHA3 d6bf708748d551477a497c9181a2b45be4a33a05ed56483668e4904df985d44e

188

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x54
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.06482
MD5 abb4d52a1e591a68c7a7901d3bb2efe7
SHA1 5f8cf393ef44e82b960918e5d7ecb2aa21e3a198
SHA256 ef778740dcedd2f3d757aa535de229a2b1563bcee61ad7f23b5ba9e1f6228be1
SHA3 d6cf3a5ca93e5cb42a49e6114087fd15246a7bc074189b96eb5a0df474781f1a

207

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x34
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.46967
MD5 58166b527d5d296058d410b6204ee6e7
SHA1 b2601435ee3e9c30cc4c9c6af32b7dcd14135eb8
SHA256 0f7725d0aff461fe07284fc4475ee9ef22e85d2e151cfa7f080c75f85a5fcaa5
SHA3 14e06980cc92f6319e43c1ac0385c47f3a5e8e58d82d67de4211d6c5505a54ca

1 (#3)

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x3e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.49052
Detected Filetype Icon file
MD5 e5e41f148e158c254f876099deaf3c8e
SHA1 2b32721c5ae96c427abf6795c63386ab32441bde
SHA256 6d93a7b30de9a2501cf14de795ae1c10a75ad7e64272b2967e2101f8d3f6dbe7
SHA3 92b0cc23fa0867bc29063c816f9e3846231420b71d1d0228a7735a71eb8b1c34

1 (#4)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x274
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.29189
MD5 52505b8edd4572f2f09109990850f076
SHA1 592473bd7bfe815ea28b021597c27b3e3794bf92
SHA256 72aab0e17a2e8072053a3df19b15c2dd973c8e4f640078f32a8f5682df191edf
SHA3 0119e245972c9fb0d68c81175a982108648f1b97c5f75d12861943ed744589d7

1 (#5)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x555
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.38843
MD5 f21f79cf1ca5652845318ad03825f04a
SHA1 adf0785e5050595b6a665001d794f4ce32cdc4cd
SHA256 2a5331d93a54e27e116db4b468c9dd8a64b917f290b40321459aab6e7a6685cd
SHA3 318a9aafda7778b33497c730ad34aa866d460ab0241ff6dbaf23409b29f84669

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 18.5.0.0
ProductVersion 18.5.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Mozilla
FileDescription Firefox
FileVersion (#2) 18.05
InternalName 7zS.sfx
LegalCopyright Mozilla
OriginalFilename 7zS.sfx.exe
ProductName Firefox
ProductVersion (#2) 18.05
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x596098ce
Unmarked objects 0
14 (7299) 7
Linker (VS98 build 8168) 2
C objects (VS2003 (.NET) build 4035) 1
Imports (VS2003 (.NET) build 4035) 3
Total imports 172
C objects (VS98 build 8168) 26
C++ objects (VS98 build 8168) 73
Resource objects (VS98 cvtres build 1720) 1

Errors

[*] Warning: Could not read the name of the DLL to be delay-loaded! [*] Warning: Section UPX0 has a size of 0! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
<-- -->