» revise invoice.scr
Overview
Analysis
File Details
Behaviors (1)

revise invoice.scr

Tor Browser

AtomPark Software Inc

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Update’.

File name:

revise invoice.scr

Publisher:

Mozilla Corporation (signed by AtomPark Software Inc)

Product:

Tor Browser

Version:

45.6.0

MD5:

410cc335f474dbe4edf9c69de0352a56

SHA-1:

de1b3dba18239b2f7b6c6626c1c334f742f02c58

SHA-256:

45c2476a013bebf27a022c1a8fde6b9d468340519796d5ad3445bc1f9bf31432

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

12/26/2024 4:12:43 PM UTC (today)

File size:

1.6 MB (1,673,896 bytes)

Product version:

45.6.0

©Firefox and Mozilla Developers; available under the MPL 2 license.

Trademarks:

Firefox is a Trademark of The Mozilla Foundation.

Original file name:

firefox.exe

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\revise invoice.scr

Digital Signature

Signed by:

AtomPark Software Inc

Authority:

COMODO CA Limited

Valid from:

7/23/2015 5:30:00 AM

Valid to:

7/22/2016 5:29:59 AM

Subject:

CN=AtomPark Software Inc, O=AtomPark Software Inc, STREET=901 N Pitt str, STREET=Suite 325, L=Alexandria, S=VA, PostalCode=22314, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

009614B25066CEEF978B5B6079B9F0485E

File PE Metadata

Compilation timestamp:

1/16/2017 2:30:19 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

Entry address:

0x16EF8E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.7790

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

1.4 MB (1,495,040 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Update

Command:

C:\users\{user}\appdata\local\temp\{random}.tmp\revise invoice.scr

Scan revise invoice.scr - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.