» firefox setup stub 40.0.3.exe
Overview
Analysis
File Details
Downloads (1)

firefox setup stub 40.0.3.exe

7-Zip

Igor Pavlov

The executable firefox setup stub 40.0.3.exe has been detected as malware by 13 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from download.mozilla.org.

File name:

Publisher:

Igor Pavlov

Product:

7-Zip

Description:

7z Setup SFX

Version:

4.42

MD5:

6cac600bbb87825c209ae434d0b417b9

SHA-1:

767e7db49b6dfde7329516d1ee674046ab8375ae

SHA-256:

5e69b3e5ebace23093f934a6d2682b9e416ffe883030cf6b2ccd281792dd0abc

Scanner detections:

13 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/26/2024 1:09:31 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.3

5691347

avast!

Win32:SaliCode

160118-1

AVG

Win32/Sality

2015.0.4477

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

10.0.0.5366

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Prot

W32/Sality.gen2

4.6.5.141

F-Secure

Win32.Sality.3

5.15.21

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.4031.0

Norman

Win32.Sality.3

11.01.2016 17:30:26

Sophos

Virus 'Mal/Sality-D'

5.22

File size:

313.1 KB (320,576 bytes)

Product version:

4.42

Original file name:

7zS.sfx.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\firefox setup stub 40.0.3.exe

File PE Metadata

Compilation timestamp:

4/16/2014 10:29:40 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:Avc6rBQDbBU0C1pBv8uX8yK+/hFUYbr4X3x3cUAJy6j9OsSK0QAFkd/XyXT0RZ:AwDbBU0C1pBv8w8z+/hpbrUcUA0K99So

Entry address:

0x21E30

Entry point:

69, C1, 8B, 58, E4, 6B, 4E, 56, 68, 4F, 60, 9B, 00, 85, E8, 76, 05, B9, 14, 2A, 95, CE, 1B, C1, 49, 68, 7C, 24, 1D, 00, 56, 69, F9, 6B, E7, 40, 75, 88, E9, F7, C3, B6, 07, C9, E0, 6B, D2, 00, B9, A8, 95, AA, 41, F6, C1, 71, 70, 02, 14, 5E, 0F, BF, FF, 41, BB, E8, B6, 0B, 00, FF, CE, 8D, 3D, 2D, B4, E1, E1, 0F, BE, FA, 81, F3, FD, 0F, 00, 00, EB, 05, 0F, AF, F5, 22, EC, 03, D3, 84, C4, 81, EA, 14, B9, 0B, 00, 20, FF, 84, F6, 81, F1, A4, A6, 7B, BE, 0F, B7, CF, 69, F0, 20, 8C, B0, C1, 81, FA, D9, 00, 00, 00... 
[+]

Entropy:

7.9182 (probably packed)

Code size:

40 KB (40,960 bytes)

The file firefox setup stub 40.0.3.exe has been seen being distributed by the following URL.

https://download.mozilla.org/?product=firefox-stub&os=win&lang=en-US

Remove firefox setup stub 40.0.3.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.