Waterfox Setup G6[.]0[.]12[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Waterfox Setup G6.0.12.exe
Size

65.4MB
MD5

d4eaa67555859dc74b9429c38d2eda26
SHA1

4536190b65e2d062f0b4e1b0082b7665c4cf4d82
SHA256

d887224ed276434388342010f37929e405d4d56a2c4e8bd6c9cc4a8ce13c3fad
SHA512

c06e6a37cb0b146288bb13980cabf71d04060c6ae971f9d07ac1d746a89e3cf6e0bb94c4915b383f71321d7524ca3f13b2c17c90f9c9466b00cd52ed634c3e53
SSDEEP

1572864:B14tkGUJAHZUzYJsaJoqvzl+UzLbLpY+ZjjkQs3NEph9u6F:L6ktQUMJt9Llx1d9ENEpGS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

Waterfox Setup G6.0.12.exe
.exe windows:4 windows x86 arch:x86

Code Sign

44:5d:45:f6:33:51:6e:94:f2:5f:83:64
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

12/09/2023, 10:26

Not After

12/09/2024, 10:26

Subject

SERIALNUMBER=14843353,CN=BrowserWorks Ltd,O=BrowserWorks Ltd,STREET=153-157 Cleveland Street,L=London,ST=London,C=GB,1.2.840.113549.1.9.1=#0c18616c6578407761746572666f7870726f6a6563742e6f7267,1.3.6.1.4.1.311.60.2.1.3=#13024742,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

36:34:56:36:70:ac:0b:bf:4c:a5:c9:0f:22:56:6e:ad
Certificate

Issuer

CN=Dummy

Not Before

31/12/2012, 23:00

Not After

31/01/2013, 23:00

Subject

CN=Dummy

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:c2:7e:54:c7:cd:7d:2f:ce:11:76:14:e3:be:f3:71:4e:4d:a7:1a:97:9a:73:0d:fc:f4:81:92:e8:1e:9f:b2
Signer

Actual PE Digest

53:c2:7e:54:c7:cd:7d:2f:ce:11:76:14:e3:be:f3:71:4e:4d:a7:1a:97:9a:73:0d:fc:f4:81:92:e8:1e:9f:b2

Digest Algorithm

sha256

PE Digest Matches

true

04:a8:35:b2:81:97:ad:c2:2c:13:5c:d8:56:db:c9:a9:78:71:67:36:15:44:5a:45:1f:dd:43:51:4d:92:74:79:0b:c1:54:fe:cb:60:65:4f:e9:1e:f8:1d:8d:84:e1:52:f1:f3:2e:12:59:25:96:82:a0:b1:d2:a7:e4:22:97:5d
Signer

Actual PE Digest

04:a8:35:b2:81:97:ad:c2:2c:13:5c:d8:56:db:c9:a9:78:71:67:36:15:44:5a:45:1f:dd:43:51:4d:92:74:79:0b:c1:54:fe:cb:60:65:4f:e9:1e:f8:1d:8d:84:e1:52:f1:f3:2e:12:59:25:96:82:a0:b1:d2:a7:e4:22:97:5d

Digest Algorithm

sha512

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 260KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 178KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

44:5d:45:f6:33:51:6e:94:f2:5f:83:64Certificate

Extended Key Usages

Key Usages

36:34:56:36:70:ac:0b:bf:4c:a5:c9:0f:22:56:6e:adCertificate

Extended Key Usages

Key Usages

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

53:c2:7e:54:c7:cd:7d:2f:ce:11:76:14:e3:be:f3:71:4e:4d:a7:1a:97:9a:73:0d:fc:f4:81:92:e8:1e:9f:b2Signer

04:a8:35:b2:81:97:ad:c2:2c:13:5c:d8:56:db:c9:a9:78:71:67:36:15:44:5a:45:1f:dd:43:51:4d:92:74:79:0b:c1:54:fe:cb:60:65:4f:e9:1e:f8:1d:8d:84:e1:52:f1:f3:2e:12:59:25:96:82:a0:b1:d2:a7:e4:22:97:5dSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 260KB

UPX1 Size: 64KB - Virtual size: 68KB

.rsrc Size: 178KB - Virtual size: 180KB

Headers

File Characteristics

Sections

.text Size: 105KB - Virtual size: 105KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 178KB - Virtual size: 177KB

44:5d:45:f6:33:51:6e:94:f2:5f:83:64
Certificate

36:34:56:36:70:ac:0b:bf:4c:a5:c9:0f:22:56:6e:ad
Certificate

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

53:c2:7e:54:c7:cd:7d:2f:ce:11:76:14:e3:be:f3:71:4e:4d:a7:1a:97:9a:73:0d:fc:f4:81:92:e8:1e:9f:b2
Signer

04:a8:35:b2:81:97:ad:c2:2c:13:5c:d8:56:db:c9:a9:78:71:67:36:15:44:5a:45:1f:dd:43:51:4d:92:74:79:0b:c1:54:fe:cb:60:65:4f:e9:1e:f8:1d:8d:84:e1:52:f1:f3:2e:12:59:25:96:82:a0:b1:d2:a7:e4:22:97:5d
Signer

UPX0
Size: - Virtual size: 260KB

UPX1
Size: 64KB - Virtual size: 68KB

.rsrc
Size: 178KB - Virtual size: 180KB

.text
Size: 105KB - Virtual size: 105KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 178KB - Virtual size: 177KB