thunderbird.exe
- File Path:
C:\Program Files\Mozilla Thunderbird\thunderbird.exe - Description: Thunderbird
- Comments: Mozilla Thunderbird Mail and News Client
Hashes
| Type | Hash |
|---|---|
| MD5 | 78426A2669EAB01A71F33B7799715867 |
| SHA1 | 9570FD1F4BCA355227C10B0D5EFCBFC5A2A43631 |
| SHA256 | BC7BF8189C4DBBFC1F2ADCF47264610F8F70A6F8F831A43498A6690693521FB5 |
| SHA384 | 5206383DB4A0017400317CE2317815FF1E87CAD6DA94003964B1B3C21C2685B410730540405FBEAD59C5FF6ED79FD223 |
| SHA512 | D71A1C134B3121F80E12F7537E8338FE33CDEEA52EF40F2BDD27C7E224D119A2D5E36EA4FDDA703F8AECFF415EBB5C52B2C16CDDB23B7231A553B1881F25D21A |
| SSDEEP | 6144:O9QAahVVIylMh4c1bFDk4dMeAWMyHs8AJJ1VA7LvIGfDgvNtIVyIKS:Aii1bFDN68s8AJJ1VAvIAON+FKS |
| IMP | 089C63456D1F058BE9E2E1384BAD4BD1 |
| PESHA1 | 31DD0B09593B54C29B5304D0F1F62E60104E58A8 |
| PE256 | 9487FDA59A52AF9CE753190F80721E596D69177F237DB53AA9365D546463E5A5 |
Runtime Data
Usage (stdout):
Usage: C:\Program Files\Mozilla Thunderbird\thunderbird.exe [ options ... ] [URL]
where options include:
-h or --help Print this message.
-v or --version Print Thunderbird version.
--full-version Print Thunderbird version, build and platform build ids.
-P <profile> Start with <profile>.
--profile <path> Start with profile at <path>.
--migration Start with migration wizard.
--ProfileManager Start with ProfileManager.
--no-remote Do not accept or send remote commands; implies
--new-instance.
--new-instance Open new instance, not a new window in running instance.
--UILocale <locale> Start with <locale> resources as UI Locale.
--safe-mode Disables extensions and themes for this session.
--allow-downgrade Allows downgrading a profile.
--MOZ_LOG=<modules> Treated as MOZ_LOG=<modules> environment variable,
overrides it.
--MOZ_LOG_FILE=<file> Treated as MOZ_LOG_FILE=<file> environment variable,
overrides it. If MOZ_LOG_FILE is not specified as an
argument or as an environment variable, logging will be
written to stdout.
--console Start Thunderbird with a debugging console.
--headless Run without a GUI.
-addressbook Open the address book at startup.
-compose [ <options> ] Compose a mail or news message. Options are specified
as string "option='value,...',option=value,..." and
include: from, to, cc, bcc, newsgroups, subject, body,
message (file), attachment (file), format (html | text).
Example: "to=john@example.com,subject='Dinner tonight?'"
--jsconsole Open the Browser Console.
--jsdebugger [<path>] Open the Browser Toolbox. Defaults to the local build
but can be overridden by a firefox path.
--wait-for-jsdebugger Spin event loop until JS debugger connects.
Enables debugging (some) application startup code paths.
Only has an effect when `--jsdebugger` is also supplied.
--devtools Open DevTools on initial load.
--start-debugger-server [ws:][ <port> | <path> ] Start the devtools server on
a TCP port or Unix domain socket path. Defaults to TCP port
6000. Use WebSocket protocol if ws: prefix is specified.
-mail Open the mail folder view.
-mail <URL> Open the message specified by this URL.
-news Open the news client.
--recording <file> Record drawing for a given URL.
--recording-output <file> Specify destination file for a drawing recording.
-options Open the options dialog.
-file Open the specified email file or ICS calendar file.
-setDefaultMail Set this app as the default mail client.
Window Title:
Write: (no subject)
Open Handles:
| Path | Type |
|---|---|
| (—) C:\Users\user\AppData\Roaming\Thunderbird\Profiles\0lyfv6or.default-release\parent.lock | File |
| (R-D) C:\Program Files\Mozilla Thunderbird\Accessible.tlb | File |
| (R-D) C:\Program Files\Mozilla Thunderbird\IA2Marshal.dll | File |
| (R-D) C:\Program Files\Mozilla Thunderbird\xul.dll | File |
| (R-D) C:\Windows\apppatch\DirectXApps_FOD.sdb | File |
| (R-D) C:\Windows\Fonts\StaticCache.dat | File |
| (R-D) C:\Windows\System32\en-US\advapi32.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\AudioSes.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\avrt.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\bcrypt.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\combase.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\crypt32.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\dhcpcsvc.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\dhcpcsvc6.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\dnsapi.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\dwmapi.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\DWrite.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\iertutil.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\iphlpapi.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\kernel32.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\MMDevAPI.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\mscms.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\msctf.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\mswsock.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\napinsp.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\ntdll.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\ntmarta.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\ole32.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\pnrpnsp.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\powrprof.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\propsys.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\rdpendp.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\rpcrt4.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\rsaenh.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\sechost.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\setupapi.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\SHCore.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\shell32.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\shlwapi.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\twinapi.appcore.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\urlmon.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\user32.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\userenv.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\uxtheme.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\webauthn.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\Windows.Globalization.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\windows.storage.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\Windows.UI.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\winmm.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\wintypes.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\wldp.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\ws2_32.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\wscapi.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\wsock32.dll.mui | File |
| (R-D) C:\Windows\System32\oleacc.dll | File |
| (RW-) C:\Program Files\Mozilla Thunderbird | File |
| (RW-) C:\Users\user\AppData\Roaming\Thunderbird\Profiles\0lyfv6or.default-release\cert9.db | File |
| (RW-) C:\Users\user\AppData\Roaming\Thunderbird\Profiles\0lyfv6or.default-release\cookies.sqlite | File |
| (RW-) C:\Users\user\AppData\Roaming\Thunderbird\Profiles\0lyfv6or.default-release\cookies.sqlite-shm | File |
| (RW-) C:\Users\user\AppData\Roaming\Thunderbird\Profiles\0lyfv6or.default-release\cookies.sqlite-wal | File |
| (RW-) C:\Users\user\AppData\Roaming\Thunderbird\Profiles\0lyfv6or.default-release\global-messages-db.sqlite | File |
| (RW-) C:\Users\user\AppData\Roaming\Thunderbird\Profiles\0lyfv6or.default-release\key4.db | File |
| (RW-) C:\Users\user\AppData\Roaming\Thunderbird\Profiles\0lyfv6or.default-release\permissions.sqlite | File |
| (RW-) C:\Users\user\AppData\Roaming\Thunderbird\Profiles\0lyfv6or.default-release\webappsstore.sqlite | File |
| (RW-) C:\Users\user\AppData\Roaming\Thunderbird\Profiles\0lyfv6or.default-release\webappsstore.sqlite-shm | File |
| (RW-) C:\Users\user\AppData\Roaming\Thunderbird\Profiles\0lyfv6or.default-release\webappsstore.sqlite-wal | File |
| (RW-) C:\xCyclopedia | File |
| (RWD) C:\Windows\Fonts\arial.ttf | File |
| (RWD) C:\Windows\Fonts\segoeui.ttf | File |
| (RWD) C:\Windows\Fonts\segoeuib.ttf | File |
| (RWD) C:\Windows\Fonts\segoeuii.ttf | File |
| \BaseNamedObjects__ComCatalogCache__ | Section |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 | Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 | Section |
| \Sessions\1\BaseNamedObjects\174cHWNDInterface:1101f2 | Section |
| \Sessions\1\BaseNamedObjects\174cHWNDInterface:12011e | Section |
| \Sessions\1\BaseNamedObjects\174cHWNDInterface:1c0270 | Section |
| \Sessions\1\BaseNamedObjects\174cHWNDInterface:260372 | Section |
| \Sessions\1\BaseNamedObjects\174cHWNDInterface:30026a | Section |
| \Sessions\1\BaseNamedObjects\174cHWNDInterface:4501b2 | Section |
| \Sessions\1\BaseNamedObjects\174cHWNDInterface:520214 | Section |
| \Sessions\1\BaseNamedObjects\174cHWNDInterface:f0210 | Section |
| \Sessions\1\BaseNamedObjects\windows_shell_global_counters | Section |
| \Sessions\1\Windows\Theme2547664911 | Section |
| \Windows\Theme3854699184 | Section |
Loaded Modules:
| Path |
|---|
| C:\Program Files\Mozilla Thunderbird\mozglue.dll |
| C:\Program Files\Mozilla Thunderbird\thunderbird.exe |
| C:\Windows\System32\ADVAPI32.dll |
| C:\Windows\System32\KERNEL32.DLL |
| C:\Windows\System32\KERNELBASE.dll |
| C:\Windows\System32\msvcrt.dll |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\RPCRT4.dll |
| C:\Windows\System32\sechost.dll |
Signature
- Status: Signature verified.
- Serial:
0DDEB53F957337FBEAF98C4A615B149D - Thumbprint:
91CABEA509662626E34326687348CAF2DD3B4BBA - Issuer: CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
- Subject: E=”release+certificates@mozilla.com”, CN=Mozilla Corporation, OU=Firefox Engineering Operations, O=Mozilla Corporation, L=Mountain View, S=California, C=US
File Metadata
- Original Filename: thunderbird.exe
- Product Name: Thunderbird
- Company Name: Mozilla Corporation
- File Version: 78.2.0
- Product Version: 78.2.2
- Language: Language Neutral
- Legal Copyright: Thunderbird and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/70
- VirusTotal Link: https://www.virustotal.com/gui/file/bc7bf8189c4dbbfc1f2adcf47264610f8f70a6f8f831a43498a6690693521fb5/detection/
File Similarity (ssdeep match)
| File | Score |
|---|---|
| C:\program files\Mozilla Thunderbird\thunderbird.exe | 55 |
| C:\Program Files\Mozilla Thunderbird\thunderbird.exe | 69 |
Possible Misuse
The following table contains possible examples of thunderbird.exe being misused. While thunderbird.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | net_connection_win_susp_outbound_smtp_connections.yml | - \thunderbird.exe |
DRL 1.0 |
| malware-ioc | turla-outlook.yar | $s5 = "Software\\Mozilla\\Mozilla Thunderbird\\Profiles" ascii wide |
© ESET 2014-2018 |
| signature-base | general_cloaking.yar | and not filepath contains “Thunderbird” | CC BY-NC 4.0 |
MIT License. Copyright (c) 2020-2021 Strontic.