FirefoxUp[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

FirefoxUp.rar
Size

846KB
MD5

a6500fbfb62964e672a64ab02a115941
SHA1

83dd8a070d6359b56250771f1261fa6862bc93b5
SHA256

cce463ee4fbb1b4b65ace593860fd9ae5da6e1c1e75aae484b9c831373bd5aa4
SHA512

5c02b96581c54c8b5ee476fe520fa9a80505f6d9efb14cb02e840318bf24bd30e948f546bfb2439a05c7b0f48ba6804932b52bc8aaa9cd298e4e09d71d69ad4b
SSDEEP

24576:0dhdYueuxtw33trfXZmA3cE2g8skDs/ud8nBvPL:4dYPuytrfXMA3cs/nBvPL

Score

1^/10

Malware Config

Signatures

Files

FirefoxUp.rar
.rar
FirefoxUp.exe
.exe windows:6 windows x86 arch:x86

52468fe4cf42af8bca3a394e0fb3bcf2

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2018 00:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:55

Not After

15-04-2021 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:b3:ab:95:b8:9d:4a:e0:90:60:8b:4a
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14-05-2021 20:05

Not After

14-05-2024 20:05

Subject

SERIALNUMBER=155694934,CN=nordvpn s.a.,O=nordvpn s.a.,STREET=PH F&F Tower\, 50th Street & 56th Street\, Suite 32-D,L=Panama City,ST=Panama,C=PA,1.2.840.113549.1.9.1=#0c1161646d696e406e6f726476706e2e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13025041,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27-05-2021 09:55

Not After

28-06-2032 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20-02-2019 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

40:c5:73:17:5d:24:d0:0b:f2:c1:a4:21:b4:e4:cc:aa:17:70:51:4f:09:17:5c:38:ec:42:9b:4e:fd:f6:1a:5f
Signer

Actual PE Digest

40:c5:73:17:5d:24:d0:0b:f2:c1:a4:21:b4:e4:cc:aa:17:70:51:4f:09:17:5c:38:ec:42:9b:4e:fd:f6:1a:5f

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\work\2b60f604cfd30423\CitrixReceiver\src\tools\ReceiverCleanUPTool\Release\ReceiverCleanupUtility.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

msi

ord205
ord141
ord190

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

LoadLibraryW
GetProcAddress
GetModuleHandleW
MultiByteToWideChar
FreeLibrary
GetCurrentProcessId
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
GetSystemInfo
GetVersionExW
Module32FirstW
TerminateProcess
GetSystemDirectoryW
GetFileSizeEx
ReadFile
CreateDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
DeleteFileW
FindClose
GetCurrentProcess
FindNextFileW
FindFirstFileExW
GetLocalTime
GetSystemTime
GetFullPathNameW
GetExitCodeProcess
CreateProcessW
FindResourceW
LoadResource
CloseHandle
LockResource
CreateFileW
WaitForSingleObject
GetModuleFileNameW
ExpandEnvironmentStringsW
WriteFile
SizeofResource
Sleep
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
HeapFree
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
SetEndOfFile
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
WriteConsoleW
Process32FirstW
IsValidLocale
GetTimeFormatW
GetDateFormatW
FlushFileBuffers
GetFileType
SetFilePointerEx
GetFileAttributesExW
ReadConsoleW
ReadConsoleInputW
SetConsoleMode
GetConsoleMode
GetCommandLineW
GetCommandLineA
GetStdHandle
GetModuleHandleExW
ExitProcess
GetConsoleCP
LoadLibraryExW
RtlUnwind
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
WideCharToMultiByte
GetStringTypeW
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
EnterCriticalSection
LeaveCriticalSection
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
SetEvent
ResetEvent
WaitForSingleObjectEx

advapi32

CreateProcessAsUserW
QueryServiceStatusEx
LookupPrivilegeValueW
DuplicateTokenEx
AdjustTokenPrivileges
EqualSid
AllocateAndInitializeSid
RegSetValueExA
RegCreateKeyExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegUnLoadKeyW
RegLoadKeyW
RegGetValueW
GetTokenInformation
CheckTokenMembership
ConvertStringSidToSidW
RegDeleteKeyW
RegSetValueExW
RegDeleteValueW
CloseServiceHandle
OpenSCManagerW
DeleteService
ControlService
OpenProcessToken
OpenServiceW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW

shell32

ShellExecuteW
SHFileOperationW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid
StringFromGUID2

oleaut32

SysAllocString
SysFreeString
VariantInit

shlwapi

PathFileExistsW

winhttp

WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpConnect
WinHttpSendRequest
WinHttpWriteData
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpOpen
WinHttpQueryHeaders

Sections

.text
Size: 453KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 143KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52468fe4cf42af8bca3a394e0fb3bcf2

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

5d:b3:ab:95:b8:9d:4a:e0:90:60:8b:4aCertificate

Extended Key Usages

Key Usages

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9fCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

40:c5:73:17:5d:24:d0:0b:f2:c1:a4:21:b4:e4:cc:aa:17:70:51:4f:09:17:5c:38:ec:42:9b:4e:fd:f6:1a:5fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

msi

userenv

kernel32

advapi32

shell32

ole32

oleaut32

shlwapi

winhttp

Sections

.text Size: 453KB - Virtual size: 456KB

.rdata Size: 143KB - Virtual size: 144KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

5d:b3:ab:95:b8:9d:4a:e0:90:60:8b:4a
Certificate

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

40:c5:73:17:5d:24:d0:0b:f2:c1:a4:21:b4:e4:cc:aa:17:70:51:4f:09:17:5c:38:ec:42:9b:4e:fd:f6:1a:5f
Signer

.text
Size: 453KB - Virtual size: 456KB

.rdata
Size: 143KB - Virtual size: 144KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB