Waterfox Setup G6[.]0[.]9[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Waterfox Setup G6.0.9.exe
Size

64.7MB
MD5

529e87df6cc75d46e8ccf3c7b099d7a7
SHA1

9c4e0abad302002cd9e9512786f25d293292a93d
SHA256

28270eb3e52bf4d3bce0e29b93b9a424f5bb5bbac72ce45eea851656a6396b68
SHA512

b80b32d89b261817cd364d5fc1d9e3087a0ef3499a912daf77fe990422326f3c47a9f09406cffb50fe7e50e522574992294ae00bae599fcb3eb63e9c3640e65e
SSDEEP

1572864:lZXr99hjwUUs5pikPGwMqDRjcILaWlBboHQPKKCIhNhWrE:lxDGwiIRAmhcw8m7

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

Waterfox Setup G6.0.9.exe
.exe windows:4 windows x86 arch:x86

Code Sign

44:5d:45:f6:33:51:6e:94:f2:5f:83:64
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

12/09/2023, 10:26

Not After

12/09/2024, 10:26

Subject

SERIALNUMBER=14843353,CN=BrowserWorks Ltd,O=BrowserWorks Ltd,STREET=153-157 Cleveland Street,L=London,ST=London,C=GB,1.2.840.113549.1.9.1=#0c18616c6578407761746572666f7870726f6a6563742e6f7267,1.3.6.1.4.1.311.60.2.1.3=#13024742,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

36:34:56:36:70:ac:0b:bf:4c:a5:c9:0f:22:56:6e:ad
Certificate

Issuer

CN=Dummy

Not Before

31/12/2012, 23:00

Not After

31/01/2013, 23:00

Subject

CN=Dummy

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:51:1c:1f:45:ee:4d:dc:fa:1f:ef:32:c4:11:48:a9:c0:d4:04:bd:3a:f3:05:d3:f9:dd:4b:5b:9e:3c:27:c0
Signer

Actual PE Digest

79:51:1c:1f:45:ee:4d:dc:fa:1f:ef:32:c4:11:48:a9:c0:d4:04:bd:3a:f3:05:d3:f9:dd:4b:5b:9e:3c:27:c0

Digest Algorithm

sha256

PE Digest Matches

true

4e:8d:f0:61:48:88:5e:1d:47:d9:33:46:5f:7c:81:f2:9b:af:a1:12:35:f5:27:03:90:71:5d:5b:16:90:39:8b:61:9f:9f:47:05:1a:c7:ec:a4:89:35:17:77:f3:3c:3a:36:3d:8c:aa:c3:0d:60:7d:0c:46:41:32:24:33:e8:af
Signer

Actual PE Digest

4e:8d:f0:61:48:88:5e:1d:47:d9:33:46:5f:7c:81:f2:9b:af:a1:12:35:f5:27:03:90:71:5d:5b:16:90:39:8b:61:9f:9f:47:05:1a:c7:ec:a4:89:35:17:77:f3:3c:3a:36:3d:8c:aa:c3:0d:60:7d:0c:46:41:32:24:33:e8:af

Digest Algorithm

sha512

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 260KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 178KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

44:5d:45:f6:33:51:6e:94:f2:5f:83:64Certificate

Extended Key Usages

Key Usages

36:34:56:36:70:ac:0b:bf:4c:a5:c9:0f:22:56:6e:adCertificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

79:51:1c:1f:45:ee:4d:dc:fa:1f:ef:32:c4:11:48:a9:c0:d4:04:bd:3a:f3:05:d3:f9:dd:4b:5b:9e:3c:27:c0Signer

4e:8d:f0:61:48:88:5e:1d:47:d9:33:46:5f:7c:81:f2:9b:af:a1:12:35:f5:27:03:90:71:5d:5b:16:90:39:8b:61:9f:9f:47:05:1a:c7:ec:a4:89:35:17:77:f3:3c:3a:36:3d:8c:aa:c3:0d:60:7d:0c:46:41:32:24:33:e8:afSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 260KB

UPX1 Size: 64KB - Virtual size: 68KB

.rsrc Size: 178KB - Virtual size: 180KB

Headers

File Characteristics

Sections

.text Size: 105KB - Virtual size: 105KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 178KB - Virtual size: 177KB

44:5d:45:f6:33:51:6e:94:f2:5f:83:64
Certificate

36:34:56:36:70:ac:0b:bf:4c:a5:c9:0f:22:56:6e:ad
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

79:51:1c:1f:45:ee:4d:dc:fa:1f:ef:32:c4:11:48:a9:c0:d4:04:bd:3a:f3:05:d3:f9:dd:4b:5b:9e:3c:27:c0
Signer

4e:8d:f0:61:48:88:5e:1d:47:d9:33:46:5f:7c:81:f2:9b:af:a1:12:35:f5:27:03:90:71:5d:5b:16:90:39:8b:61:9f:9f:47:05:1a:c7:ec:a4:89:35:17:77:f3:3c:3a:36:3d:8c:aa:c3:0d:60:7d:0c:46:41:32:24:33:e8:af
Signer

UPX0
Size: - Virtual size: 260KB

UPX1
Size: 64KB - Virtual size: 68KB

.rsrc
Size: 178KB - Virtual size: 180KB

.text
Size: 105KB - Virtual size: 105KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 178KB - Virtual size: 177KB