Architecture |
IMAGE_FILE_MACHINE_I386
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date |
2018-Aug-30 22:18:33
|
Detected languages |
English - United States
|
CompanyName |
Mozilla
|
FileDescription |
Firefox
|
FileVersion |
18.05
|
InternalName |
7zS.sfx
|
LegalCopyright |
Mozilla
|
OriginalFilename |
7zS.sfx.exe
|
ProductName |
Firefox
|
ProductVersion |
18.05
|
Suspicious |
PEiD Signature: |
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h)
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
|
Suspicious |
The PE is packed with UPX |
Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
The PE only has 5 import(s).
|
Info |
The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
- LoadLibraryA
- GetProcAddress
|
Info |
The PE is digitally signed. |
Signer: Mozilla Corporation
Issuer: DigiCert SHA2 Assured ID Code Signing CA
|
Suspicious |
VirusTotal score: 1/68 (Scanned on 2019-07-22 01:25:26) |
Cylance:
Unsafe
|
MD5 |
e3c95614e97bb52dd502684c4f27298c
|
SHA1 |
eb51384d91f0dbbd90be9d1fae98c59e4bf95cc5
|
SHA256 |
72adf585a996f022f059ab7207abc596c1ad35f434ac3f27c3de6ae8c8759012
|
SHA3 |
02e11f1f6b91adfada2bba7e004319aba14f2a2a69fa9f525c7eb873cfee0185
|
SSDeep |
6144:1mvr9RLcN0BvxoLjGRU4UUU3UUUD9rOAeJ589CptqAXF6oTh9qUjjYAF82e4:1mr9RUsJGjqU4UUU3UUUZa7n8Qr1V6o
|
Imports Hash |
05d3dce2be32df01ca249872dd2cc117
|
e_magic |
MZ
|
e_cblp |
0x90
|
e_cp |
0x3
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0xf0
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections |
3
|
TimeDateStamp |
2018-Aug-30 22:18:33
|
PointerToSymbolTable |
0
|
NumberOfSymbols |
0
|
SizeOfOptionalHeader |
0xe0
|
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic |
PE32
|
LinkerVersion |
6.0
|
SizeOfCode |
0x10000
|
SizeOfInitializedData |
0x10000
|
SizeOfUninitializedData |
0x24000
|
AddressOfEntryPoint |
0x00034310 (Section: UPX1)
|
BaseOfCode |
0x25000
|
BaseOfData |
0x35000
|
ImageBase |
0x400000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
4.0
|
ImageVersion |
0.0
|
SubsystemVersion |
4.0
|
Win32VersionValue |
0
|
SizeOfImage |
0x45000
|
SizeOfHeaders |
0x1000
|
Checksum |
0x466b5
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve |
0x100000
|
SizeofStackCommit |
0x1000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x24000
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
MD5 |
d7fa6b1b11a11d89baa411388c884ec0
|
SHA1 |
f01b1c16ad1f87dcf3ea588cede7d570ce65f662
|
SHA256 |
d73eb50b397601df577d109f7202f8bd19cc52b463a1302ebeb1c80d6d27a2e0
|
SHA3 |
45ef4737bf08709502933329615db59d4c835d5800a587b7586ce700ae2409d0
|
VirtualSize |
0x10000
|
VirtualAddress |
0x25000
|
SizeOfRawData |
0xf600
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
7.89699
|
MD5 |
05b1facd758169afb4d5180e526f655a
|
SHA1 |
34d5d04e07894f8f8b372a1f115c0a727add0843
|
SHA256 |
b11a49c625eeb5d92b08cf23e3f7fedee334af2749c77ee2c5105ad386b45afc
|
SHA3 |
331e37b160a4e6d142deb06c71c85ef7fb5be5cbdeeb8424878886b04bd3bd07
|
VirtualSize |
0x10000
|
VirtualAddress |
0x35000
|
SizeOfRawData |
0xf200
|
PointerToRawData |
0xfa00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
7.39743
|
KERNEL32.DLL |
LoadLibraryA
ExitProcess
GetProcAddress
VirtualProtect
|
MSVCRT.dll |
free
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x528
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.18273
|
MD5 |
76f16f335ec94c0b4b24193680dcf839
|
SHA1 |
3497411da0505833678f26a5f3e458596fcb1d1c
|
SHA256 |
3a5e4ee1ce76120d682ee9bb1603e5a9c70a6ee611d0371c5abb9bb63dbae9aa
|
SHA3 |
a5f26df137caff55267035294d2f6312e4731f5663a129e841baef1eb2c51594
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x1428
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.28933
|
MD5 |
ad716d5d46d1137747842dffc3ce2a83
|
SHA1 |
ab83ee8afa4bdccd44c53dbdb0bbf8fdff152240
|
SHA256 |
19857d659c05005910fe52b10c09356c77fc8659e768bd6dd30ea48d7bbfec8b
|
SHA3 |
97958e1a265e4d4f14cb2676301099a4f68312eabfc48f596588cc00a9d6891f
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x2d28
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.05971
|
MD5 |
d976f610877c5c7e1c1d629485eef605
|
SHA1 |
d6f2038475129a457b24d27ac6c384ee387b2ef1
|
SHA256 |
9a3c8f9c793b20db3f62534233c0f3e86c02942b03d13a5d3669b76ddb46817d
|
SHA3 |
7ff439feac39f4e2d28a86f4a486647e4efb484c0769d6c496d4d00e4e024adb
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x9eac
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
7.98148
|
Detected Filetype |
PNG graphic file
|
MD5 |
3394bd0b933f97c3cada69f839c6114c
|
SHA1 |
234142c2cf6e584942b06251bb766fc9b6c54f64
|
SHA256 |
edf20165f30188b176989554e37515291e3ea0a38e5fdb47bba87550775599b3
|
SHA3 |
3558c4166f5a4eadc79d99ea91e847daf8c7c3e1cc0e280244680b6d02f75957
|
Type |
RT_DIALOG
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0xb8
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
6.89291
|
MD5 |
2fcc1d6b77fdc9e8ac70114cd0ac1a88
|
SHA1 |
fdbf4e0dd8b4217959e8a315c7e73a0b79f4b6f4
|
SHA256 |
c10796f25833b368f9044636ca7fd25ae72acac57ba2f2e3b12593cb7c669bec
|
SHA3 |
0398a9b95f717e744f3959f64e6505ca4e240ee93775a1997fbe1d230c34d002
|
Type |
RT_STRING
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x60
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
6.22804
|
MD5 |
1fd30b265ba8a0102d468127cb01f2ec
|
SHA1 |
58435e6bc014e36dfdf0efbba1bfb4b377aa2e20
|
SHA256 |
780849e0b4d735f58a55f3a286b50580d9fef8320efe5b47be1d05e459bc4b63
|
SHA3 |
9f5baa4ce64652ff7c5740a872c76892cb5e6175c489df46ddc93e307166334b
|
Type |
RT_STRING
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x88
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
6.59467
|
MD5 |
01ee552fd8833ec92ecd9411dae513a5
|
SHA1 |
d0f6de37b15edef39e644986ca2532f7f51a2a5d
|
SHA256 |
76921e2b5afe9ee754c2b86afbe9221e56faeee8538507fd3e639f35cc3af981
|
SHA3 |
d6bf708748d551477a497c9181a2b45be4a33a05ed56483668e4904df985d44e
|
Type |
RT_STRING
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x54
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
6.06482
|
MD5 |
abb4d52a1e591a68c7a7901d3bb2efe7
|
SHA1 |
5f8cf393ef44e82b960918e5d7ecb2aa21e3a198
|
SHA256 |
ef778740dcedd2f3d757aa535de229a2b1563bcee61ad7f23b5ba9e1f6228be1
|
SHA3 |
d6cf3a5ca93e5cb42a49e6114087fd15246a7bc074189b96eb5a0df474781f1a
|
Type |
RT_STRING
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x34
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.46967
|
MD5 |
58166b527d5d296058d410b6204ee6e7
|
SHA1 |
b2601435ee3e9c30cc4c9c6af32b7dcd14135eb8
|
SHA256 |
0f7725d0aff461fe07284fc4475ee9ef22e85d2e151cfa7f080c75f85a5fcaa5
|
SHA3 |
14e06980cc92f6319e43c1ac0385c47f3a5e8e58d82d67de4211d6c5505a54ca
|
Type |
RT_GROUP_ICON
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x3e
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
2.49052
|
Detected Filetype |
Icon file
|
MD5 |
e5e41f148e158c254f876099deaf3c8e
|
SHA1 |
2b32721c5ae96c427abf6795c63386ab32441bde
|
SHA256 |
6d93a7b30de9a2501cf14de795ae1c10a75ad7e64272b2967e2101f8d3f6dbe7
|
SHA3 |
92b0cc23fa0867bc29063c816f9e3846231420b71d1d0228a7735a71eb8b1c34
|
Type |
RT_VERSION
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x274
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.29189
|
MD5 |
52505b8edd4572f2f09109990850f076
|
SHA1 |
592473bd7bfe815ea28b021597c27b3e3794bf92
|
SHA256 |
72aab0e17a2e8072053a3df19b15c2dd973c8e4f640078f32a8f5682df191edf
|
SHA3 |
0119e245972c9fb0d68c81175a982108648f1b97c5f75d12861943ed744589d7
|
Type |
RT_MANIFEST
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x555
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.38843
|
MD5 |
f21f79cf1ca5652845318ad03825f04a
|
SHA1 |
adf0785e5050595b6a665001d794f4ce32cdc4cd
|
SHA256 |
2a5331d93a54e27e116db4b468c9dd8a64b917f290b40321459aab6e7a6685cd
|
SHA3 |
318a9aafda7778b33497c730ad34aa866d460ab0241ff6dbaf23409b29f84669
|
Signature |
0xfeef04bd
|
StructVersion |
0x10000
|
FileVersion |
18.5.0.0
|
ProductVersion |
18.5.0.0
|
FileFlags |
(EMPTY)
|
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language |
English - United States
|
CompanyName |
Mozilla
|
FileDescription |
Firefox
|
FileVersion (#2) |
18.05
|
InternalName |
7zS.sfx
|
LegalCopyright |
Mozilla
|
OriginalFilename |
7zS.sfx.exe
|
ProductName |
Firefox
|
ProductVersion (#2) |
18.05
|
Resource LangID |
English - United States
|
XOR Key |
0x596098ce
|
Unmarked objects |
0
|
14 (7299) |
7
|
Linker (VS98 build 8168) |
2
|
C objects (VS2003 (.NET) build 4035) |
1
|
Imports (VS2003 (.NET) build 4035) |
3
|
Total imports |
172
|
C objects (VS98 build 8168) |
26
|
C++ objects (VS98 build 8168) |
73
|
Resource objects (VS98 cvtres build 1720) |
1
|
[*] Warning: Could not read the name of the DLL to be delay-loaded!
[*] Warning: Section UPX0 has a size of 0!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!