Manalyze report for 6bd5c481fc1c55d6edd5400372c9aea4

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Aug-30 22:18:33
Detected languages	English - United States
CompanyName	Mozilla
FileDescription	Firefox
FileVersion	`18.05`
InternalName	7zS.sfx
LegalCopyright	Mozilla
OriginalFilename	7zS.sfx.exe
ProductName	Firefox
ProductVersion	`18.05`

Plugin Output

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX v2.0 -> Markus, Laszlo & Reiser (h)` `UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX -> www.upx.sourceforge.net` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.` `The PE only has 5 import(s).`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress`
Malicious	The program tries to mislead users about its origins.	`The PE pretends to be from Firefox but is not signed!`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`6bd5c481fc1c55d6edd5400372c9aea4`
SHA1	`a01f21bd706b65477012b9c79947801a49071191`
SHA256	`ee7af0583ca4d777963e9d68a29219b2182aeb1561791ee73e3d3762226585fc`
SHA3	`e7ace7fd331edf4a276fec4a30e33496ae5ed7895f15a7dcdd6be059ee7a5dcd`
SSDeep	`24576:GIxcnvXeWc+Dl6dfeBvnq1FSE0DkFTvAywNLdXgwhOZ4TniOX:ZmnWWc+Dlxvq37vAywNxhq2niOX`
Imports Hash	`05d3dce2be32df01ca249872dd2cc117`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2018-Aug-30 22:18:33
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x11000`
SizeOfInitializedData	`0x10000`
SizeOfUninitializedData	`0x24000`
AddressOfEntryPoint	`0x00034FA0 (Section: UPX1)`
BaseOfCode	`0x25000`
BaseOfData	`0x36000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x46000`
SizeOfHeaders	`0x1000`
Checksum	`0x5236bcd`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x24000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`f502c06f322696bd2415945e1a8abe52`
SHA1	`05943890215ba999f3c78e996e4a83c35d76ae91`
SHA256	`813d363654841a636b92c48bf4eb7fe7299f93e8a963593c2965754b91909f01`
SHA3	`bcb0b4721c63850e61775c54e9214127b3d31fa2f69e1b33872bf03dc291a361`
VirtualSize	`0x11000`
VirtualAddress	`0x25000`
SizeOfRawData	`0x10200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.87799`

.rsrc

MD5	`ac7c12a8fde39f819eed0728fd7f1066`
SHA1	`15b59c1b8814b4e0d4e194cd6d35b7db822e7f10`
SHA256	`c7bf9a7fe9f26ad5d75cc0e5fc6ebb62f7711fa4bbdb491663f3f87006f35454`
SHA3	`2e3603f4052b483fa1a22a8d96fc3a3ed9546e599ff1b40851b5665dcfa35ea8`
VirtualSize	`0x10000`
VirtualAddress	`0x36000`
SizeOfRawData	`0xfc00`
PointerToRawData	`0x10600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.52725`

Imports

KERNEL32.DLL	`LoadLibraryA` `ExitProcess` `GetProcAddress` `VirtualProtect`
MSVCRT.dll	`free`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x528`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8228`
MD5	`ed0a3a56448f6108ceebdd453ba9c7d4`
SHA1	`d3ad75ab08e7181f8b56e0be306cc6bf1b1f55d6`
SHA256	`cdb69d6a41a444edfc5c3c224b5cb4106f644f3f1bbfa3cf225e29bc8cc62858`
SHA3	`cd4ef91ffb26f01d31604cc2d32278668df0ae84b6e9dcc978abb6fafba26988`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1428`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.52861`
MD5	`fe2bdbf54bfc0bfa7dc189d52b4b139f`
SHA1	`9513d5ecec7a4e7704e7f6a9a39896b8d19aa50f`
SHA256	`f3c73f323ee4eff15323945c05e6e38f5223b9c8fd5ab1b805f57056452618bb`
SHA3	`40084a73503e4418e3316577ee5336af2a31d17b680cfb4181f80d21d8372cfe`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2d28`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.45625`
MD5	`47d02a2f3fbbd3617617ae521da73ef6`
SHA1	`2b6fe3603efc1f9cd42a039a91bed88ed625a96c`
SHA256	`822d72b611978f4dd11b88e0a50b6982b1fbe24830608779a931f1239c72ba3c`
SHA3	`f3928d95e09fe02794322e698e96584a1f1d2abb3cdb311ecd469dd9d4f2cee8`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa9cb`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98617`
Detected Filetype	PNG graphic file
MD5	`41e0a23ede3925de219f66a2c98edea0`
SHA1	`881ce8abf36f7adc5c45cd34122687b69b5cfbc4`
SHA256	`a1f0941f6d396adbc7170999351cb26f694a6dede11ef3a99f4c962914b1d846`
SHA3	`1c8901ed7e01edd075d7b700f71ad2ac28d349f29948c8accbad7dc08322ea10`

97

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.74142`
MD5	`e6947dd6060b65fae3b2375380208e82`
SHA1	`e94fc8eca8dcd6f12d942dd621a94b87743d365e`
SHA256	`2d7b9a27ae75da0b3921064a78183436ce803cb7c52614006386df3a8955e3db`
SHA3	`dd567a7658e0b4f5b653eacebcef1dca4410a994a6eb1e1470e488299dc4ea79`

1 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.09793`
MD5	`f3ad7ae9dd5fa99613edbbe9ca9a4920`
SHA1	`82777a575fb9cb3531345f2bef3d5ac2584c1ac2`
SHA256	`b8c70e2f9a52211752c5ebaf922b456ce0a69ddb5a9a0a0acc0465d7f6944392`
SHA3	`9f1ec0b4c799804db0966ea3cf8166c63d5c0f3987802e28883cf17511bbf20c`

5

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x88`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.34937`
MD5	`c7bb0250f8eff2b5c7a344291646031a`
SHA1	`79aeba2a79cb9cef5ee09a39b2f9b203b6fefdad`
SHA256	`119918801341fe7686454ff62130f3eed59b83437d358243f21b52a7667ced50`
SHA3	`12ea1e86af781653c92f1c95081d3da3b52beb11f95ddc175b13e2a48a151f7a`

188

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x54`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.07381`
MD5	`395514a72f6b42270630786a3794ce78`
SHA1	`33bdc1f87e544cc9a65c868d1cf1d8bd704e7bc0`
SHA256	`e3c6535846fb1a4d68bb9d70961ad49bc23ce50ca8a0b593f4d9b371766e1b94`
SHA3	`722d211f60c133d2552a16fd1a33960645a612b3beacde478f071bbff232496a`

207

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x34`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.37823`
MD5	`3021a53b80fc4941d86ed1a9212ce72b`
SHA1	`526f5bf35b5d8628af5e39eaebbf9f641ea185ca`
SHA256	`e03cd4e8d869296900d0197c95c15998d5e233f94125c01c96f57d90a109904f`
SHA3	`cff5f85e86d37c6e38a3e852e7584cb0238e2ddb033471bb7ffbf9b1bdf92351`

1 (#3)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.49052`
Detected Filetype	Icon file
MD5	`f2058d8170e966dad62c5501670db662`
SHA1	`eee3f73c420e724b25c9c3f0aaeb104b3c4245d6`
SHA256	`e93c24062ba1a208bc73a4f75c27ab1fae9d104ccbfe58a1e36d674336e1681b`
SHA3	`a726299b9b0eae5c34da984b7ff3515f21179683621fb5a18c333a44784ac1b0`

1 (#4)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x274`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29189`
MD5	`52505b8edd4572f2f09109990850f076`
SHA1	`592473bd7bfe815ea28b021597c27b3e3794bf92`
SHA256	`72aab0e17a2e8072053a3df19b15c2dd973c8e4f640078f32a8f5682df191edf`
SHA3	`0119e245972c9fb0d68c81175a982108648f1b97c5f75d12861943ed744589d7`

1 (#5)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x555`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.38843`
MD5	`f21f79cf1ca5652845318ad03825f04a`
SHA1	`adf0785e5050595b6a665001d794f4ce32cdc4cd`
SHA256	`2a5331d93a54e27e116db4b468c9dd8a64b917f290b40321459aab6e7a6685cd`
SHA3	`318a9aafda7778b33497c730ad34aa866d460ab0241ff6dbaf23409b29f84669`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	18.5.0.0
ProductVersion	18.5.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Mozilla
FileDescription	Firefox
FileVersion (#2)	18.05
InternalName	7zS.sfx
LegalCopyright	Mozilla
OriginalFilename	7zS.sfx.exe
ProductName	Firefox
ProductVersion (#2)	18.05

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x596098ce`
Unmarked objects	`0`
14 (7299)	`7`
Linker (VS98 build 8168)	`2`
C objects (VS2003 (.NET) build 4035)	`1`
Imports (VS2003 (.NET) build 4035)	`3`
Total imports	`172`
C objects (VS98 build 8168)	`26`
C++ objects (VS98 build 8168)	`73`
Resource objects (VS98 cvtres build 1720)	`1`

Errors

[*] Warning: Could not read the name of the DLL to be delay-loaded!
[*] Warning: Could not read a WIN_CERTIFICATE's header.
[*] Warning: Section UPX0 has a size of 0!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!