Recommended action: No obvious malicious behavior was observed in this sandbox run.
Why this verdict: No strong indicators were observed.
Important: This report should not say a file is absolutely “safe.” A better phrase is: no obvious malicious behavior was observed in this sandbox run.
VirusTotal: Unavailable/error from CAPE: Unable to complete connection to VirusTotal. Status code: 429
Manual lookup: Open SHA256 in VirusTotal
This report only uses VirusTotal detection counts if they are present in the CAPE JSON. A link alone is not the same as a local detection result.
| File name | firefox.exe |
|---|---|
| File type | PE32+ executable (GUI) x86-64, for MS Windows |
| Size | 705152 |
| MD5 | d85d3613ee4b1735944b52fc49a9b87e |
| SHA1 | 4ce29f2cc0e38b307414ea523c6104062526d5c6 |
| SHA256 | 8408ac39d51d3caeb1bc69d91658770a620274c598b827aa43e5f171106537c3 |
| VirusTotal lookup | Open SHA256 in VirusTotal |
| Task ID | 9 |
|---|---|
| Started | 2026-06-15 18:21:32 |
| Ended | 2026-06-15 18:21:54 |
| Duration | 22 seconds |
| Package | exe |
| Route | none |
| Machine | cuckoo1 |
| CAPE score | 1.0 |
| CAPE status | Clean |
| Digital signature | Guest signer check failed: File not found: C:\Users\IT\AppData\Local\Temp\9\firefox.exe |
| Severity | Confidence | Signature | Meaning |
|---|---|---|---|
| 2 | 100% | antianalysis_tls_section | Contains .tls (Thread Local Storage) section |
| 2 | 100% | packer_unknown_pe_section_name | The binary contains an unknown PE section name indicative of packing |
| 2 | 100% | packer_entropy | The binary likely contains encrypted or compressed data |
| 2 | 100% | contains_pe_overlay | The PE file contains an overlay |
| 1 | 80% | static_pe_pdbpath | The PE file contains a PDB path |
| Observed item | Count |
|---|---|
| Executed commands / child processes | 0 |
| File writes | 0 |
| File deletes | 0 |
| Registry writes | 0 |
| Created services | 0 |
| Started services | 0 |
| CAPE payload-like items | 0 |
| CAPE extracted configs | 0 |
| Dropped/related files captured | 0 |
None observed.
None observed.
None observed.
None observed.
None observed.
No CAPE payload-like items were extracted.
None observed.
No network activity recorded in this report.