{71238372-3743-33ab-8a9f-93722af74c97}.xpi

Desktopy

The file {71238372-3743-33ab-8a9f-93722af74c97}.xpi loads in Mozilla Firefox as a compliled extension named 'Desktopy'.
Scan {71238372-3743-33ab-8a9f-93722af74c97}.xpi - Powered by Reason Core Security
MD5:
6d4b82325dcb0f8bf08ff16daf7b7471

SHA-1:
e7ef00216debc84fc57b0cc96b28f4524bef6ad0

SHA-256:
e61d2c1b10e062850322dd7d1c72d8db940f40daec27eb98d020a59d65860c6f

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/4/2016 12:59:26 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
infected with Trojan.Triosir.2
9.0.1.05190

File size:
2.7 KB (2,785 bytes)

File type:
Cross-Platform Installer Module (XPI), used by Mozilla bundles

Common path:
C:\users\{user}\appdata\roaming\mozilla\firefox\profiles\{user}.default\extensions\{71238372-3743-33ab-8a9f-93722af74c97}.xpi

Mozilla Extension
Name:
{71238372-3743-33ab-8a9f-93722af74c97}.xpi

Display:
Desktopy

Id:
{71238372-3743-33ab-8a9f-93722af74c97}

Description:
“null”


<RDF:RDF xmlns:em="http://www.mozilla.org/2004/em-rdf#" xmlns:NC="http://home.netscape.com/NC-rdf#" xmlns:RDF="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
  <RDF:Description RDF:about="urn:mozilla:install-manifest" em:id="{71238372-3743-33ab-8a9f-93722af74c97}" em:name="Desktopy" em:version="1.0.3" em:updateURL="http://desktopy.info/modules/update/firefox/update.rdf" em:updateKey="MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpp+7YCgSGEIaJv+pbzCVbN+LxKpofgNwdl2l1Dw425v4zM8HymEYywMfI4tu2E2B+I7vYlAmfKwqQ1tktJI03Ht53Xngx2pCxo4ouihcrP614h3BbDdu6Thq21Iy29UDWLN5O7F8i8H4Yygq+Fe2kegG9MmJt0gIWxqP01O+z1wIDAQAB">
    <em:targetApplication RDF:resource="rdf:#$OesAS1" />
  </RDF:Description>
  <RDF:Description RDF:about="rdf:#$OesAS1" em:id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}" em:minVersion="0.7" em:maxVersion="33.*" />
</RDF:RDF>
Scan {71238372-3743-33ab-8a9f-93722af74c97}.xpi - Powered by Reason Core Security