Install Waterfox (1)[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Install Waterfox (1).exe
Size

480KB
MD5

3cb4a1ba1f5c2a0d63be5f39e6370dd8
SHA1

0cca6c78bacd8a1a9e1bc876bd84e6e5c69d9230
SHA256

341d7921674b024098cdee0af1aadd1c49fb126354dd77b9d32327dd920bb5cd
SHA512

4f7cda8a98c26aa499b5973e81db58cc8dfc11d1574e610d6e4fd6e11863f763bb23da44dd1c504da0fd83bbd7690c9b19f5a0e76975ae1c5850f1b5360780cd
SSDEEP

6144:sFI/Cm45mLvKm/UgJnllfahWdgyvZ8dUmGEz+HZBJ5Z8cHE7+9F9CWL:+mLTffV5vKUmGEOB93W+9F4

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

Install Waterfox (1).exe
.exe windows x86

Code Sign

26:95:3c:08:b4:9d:36:55:12:e7:60:66
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

25/07/2022, 19:27

Not After

11/09/2023, 18:58

Subject

SERIALNUMBER=08071145,CN=WATERFOX LIMITED,O=WATERFOX LIMITED,STREET=Arthur G Mead Ltd\, Fitzrovia House,L=London,ST=London,C=GB,1.3.6.1.4.1.311.60.2.1.3=#13024742,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

36:34:56:36:70:ac:0b:bf:4c:a5:c9:0f:22:56:6e:ad
Certificate

Issuer

CN=Dummy

Not Before

31/12/2012, 23:00

Not After

31/01/2013, 23:00

Subject

CN=Dummy

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:69:f7:7f:ba:3f:fd:4d:8e:08:c6:78:01:01:38:f1:6d:65:a0:41:78:3e:76:15:d0:1c:c9:cc:10:32:05:90
Signer

Actual PE Digest

31:69:f7:7f:ba:3f:fd:4d:8e:08:c6:78:01:01:38:f1:6d:65:a0:41:78:3e:76:15:d0:1c:c9:cc:10:32:05:90

Digest Algorithm

sha256

PE Digest Matches

true

23:c5:af:2d:c0:75:d5:9f:6b:fe:19:f4:05:f6:4e:fb:14:f3:95:2d:1a:34:89:d9:35:d3:e9:c2:04:b6:fb:f2:55:e7:d6:01:7f:73:31:34:73:d9:4d:fd:88:dd:d0:cf:40:98:ea:1f:c4:29:df:b6:8e:8e:47:c0:a4:f2:cc:09
Signer

Actual PE Digest

23:c5:af:2d:c0:75:d5:9f:6b:fe:19:f4:05:f6:4e:fb:14:f3:95:2d:1a:34:89:d9:35:d3:e9:c2:04:b6:fb:f2:55:e7:d6:01:7f:73:31:34:73:d9:4d:fd:88:dd:d0:cf:40:98:ea:1f:c4:29:df:b6:8e:8e:47:c0:a4:f2:cc:09

Digest Algorithm

sha512

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 260KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 178KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

26:95:3c:08:b4:9d:36:55:12:e7:60:66Certificate

Extended Key Usages

Key Usages

36:34:56:36:70:ac:0b:bf:4c:a5:c9:0f:22:56:6e:adCertificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

31:69:f7:7f:ba:3f:fd:4d:8e:08:c6:78:01:01:38:f1:6d:65:a0:41:78:3e:76:15:d0:1c:c9:cc:10:32:05:90Signer

23:c5:af:2d:c0:75:d5:9f:6b:fe:19:f4:05:f6:4e:fb:14:f3:95:2d:1a:34:89:d9:35:d3:e9:c2:04:b6:fb:f2:55:e7:d6:01:7f:73:31:34:73:d9:4d:fd:88:dd:d0:cf:40:98:ea:1f:c4:29:df:b6:8e:8e:47:c0:a4:f2:cc:09Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 260KB

UPX1 Size: 64KB - Virtual size: 68KB

.rsrc Size: 178KB - Virtual size: 180KB

Headers

File Characteristics

Sections

.text Size: 105KB - Virtual size: 105KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 178KB - Virtual size: 177KB

26:95:3c:08:b4:9d:36:55:12:e7:60:66
Certificate

36:34:56:36:70:ac:0b:bf:4c:a5:c9:0f:22:56:6e:ad
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

31:69:f7:7f:ba:3f:fd:4d:8e:08:c6:78:01:01:38:f1:6d:65:a0:41:78:3e:76:15:d0:1c:c9:cc:10:32:05:90
Signer

23:c5:af:2d:c0:75:d5:9f:6b:fe:19:f4:05:f6:4e:fb:14:f3:95:2d:1a:34:89:d9:35:d3:e9:c2:04:b6:fb:f2:55:e7:d6:01:7f:73:31:34:73:d9:4d:fd:88:dd:d0:cf:40:98:ea:1f:c4:29:df:b6:8e:8e:47:c0:a4:f2:cc:09
Signer

UPX0
Size: - Virtual size: 260KB

UPX1
Size: 64KB - Virtual size: 68KB

.rsrc
Size: 178KB - Virtual size: 180KB

.text
Size: 105KB - Virtual size: 105KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 178KB - Virtual size: 177KB