Waterfox Setup G6[.]0[.]19[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Waterfox Setup G6.0.19.exe
Size

66.6MB
MD5

9dd67c471581a33bf437c93c6200370a
SHA1

9c6b4b244a586adaf6af51cb16eb16b14b94692f
SHA256

556e93eeadf05927102c9676cc93122f4b8afa6d0a921f96b9fced3caa7eab4a
SHA512

fff14f3132f924edad62ac097ba2938a89d76371222823f7762ac842c4a40ce9bf13381667d398f787df2c5a75075c07e77e0cae9797a763166f1f2d984b45b3
SSDEEP

1572864:07soHYU7BpCm3H8RvENdAbrLi5h4sS/jUHybWJtTXrjx4pXEhXeqwURFH:XT+DjWidmrYSWtXrd494e1UzH

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

Waterfox Setup G6.0.19.exe
.exe windows:4 windows x86 arch:x86

Code Sign

44:5d:45:f6:33:51:6e:94:f2:5f:83:64
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

12/09/2023, 10:26

Not After

12/09/2024, 10:26

Subject

SERIALNUMBER=14843353,CN=BrowserWorks Ltd,O=BrowserWorks Ltd,STREET=153-157 Cleveland Street,L=London,ST=London,C=GB,1.2.840.113549.1.9.1=#0c18616c6578407761746572666f7870726f6a6563742e6f7267,1.3.6.1.4.1.311.60.2.1.3=#13024742,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

36:34:56:36:70:ac:0b:bf:4c:a5:c9:0f:22:56:6e:ad
Certificate

Issuer

CN=Dummy

Not Before

31/12/2012, 23:00

Not After

31/01/2013, 23:00

Subject

CN=Dummy

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e0:db:36:ed:ed:95:3a:d0:73:2a:e8:6f:26:b2:9c:95:c4:1d:10:eb:6a:40:e1:30:bf:30:26:7e:76:e8:bf:5b
Signer

Actual PE Digest

e0:db:36:ed:ed:95:3a:d0:73:2a:e8:6f:26:b2:9c:95:c4:1d:10:eb:6a:40:e1:30:bf:30:26:7e:76:e8:bf:5b

Digest Algorithm

sha256

PE Digest Matches

true

e4:09:c7:08:80:d2:04:ff:4f:61:6b:22:86:9c:89:75:e5:01:51:a4:ff:e2:89:d9:d0:10:b2:97:5e:b2:7e:29:3e:1a:88:11:90:c0:f2:02:3a:45:2c:fa:48:b5:1d:38:a2:a6:d7:32:7e:1d:44:4c:a7:43:11:e8:06:8c:75:3c
Signer

Actual PE Digest

e4:09:c7:08:80:d2:04:ff:4f:61:6b:22:86:9c:89:75:e5:01:51:a4:ff:e2:89:d9:d0:10:b2:97:5e:b2:7e:29:3e:1a:88:11:90:c0:f2:02:3a:45:2c:fa:48:b5:1d:38:a2:a6:d7:32:7e:1d:44:4c:a7:43:11:e8:06:8c:75:3c

Digest Algorithm

sha512

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 260KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 178KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

44:5d:45:f6:33:51:6e:94:f2:5f:83:64Certificate

Extended Key Usages

Key Usages

36:34:56:36:70:ac:0b:bf:4c:a5:c9:0f:22:56:6e:adCertificate

Extended Key Usages

Key Usages

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

e0:db:36:ed:ed:95:3a:d0:73:2a:e8:6f:26:b2:9c:95:c4:1d:10:eb:6a:40:e1:30:bf:30:26:7e:76:e8:bf:5bSigner

e4:09:c7:08:80:d2:04:ff:4f:61:6b:22:86:9c:89:75:e5:01:51:a4:ff:e2:89:d9:d0:10:b2:97:5e:b2:7e:29:3e:1a:88:11:90:c0:f2:02:3a:45:2c:fa:48:b5:1d:38:a2:a6:d7:32:7e:1d:44:4c:a7:43:11:e8:06:8c:75:3cSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 260KB

UPX1 Size: 64KB - Virtual size: 68KB

.rsrc Size: 178KB - Virtual size: 180KB

Headers

File Characteristics

Sections

.text Size: 105KB - Virtual size: 105KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 178KB - Virtual size: 177KB

44:5d:45:f6:33:51:6e:94:f2:5f:83:64
Certificate

36:34:56:36:70:ac:0b:bf:4c:a5:c9:0f:22:56:6e:ad
Certificate

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

e0:db:36:ed:ed:95:3a:d0:73:2a:e8:6f:26:b2:9c:95:c4:1d:10:eb:6a:40:e1:30:bf:30:26:7e:76:e8:bf:5b
Signer

e4:09:c7:08:80:d2:04:ff:4f:61:6b:22:86:9c:89:75:e5:01:51:a4:ff:e2:89:d9:d0:10:b2:97:5e:b2:7e:29:3e:1a:88:11:90:c0:f2:02:3a:45:2c:fa:48:b5:1d:38:a2:a6:d7:32:7e:1d:44:4c:a7:43:11:e8:06:8c:75:3c
Signer

UPX0
Size: - Virtual size: 260KB

UPX1
Size: 64KB - Virtual size: 68KB

.rsrc
Size: 178KB - Virtual size: 180KB

.text
Size: 105KB - Virtual size: 105KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 178KB - Virtual size: 177KB