» palemoon-websetup.exe
Overview
Analysis
File Details
Downloads (4)

palemoon-websetup.exe

Pale Moon web-installer

Markus Straver

This is a setup and installation application. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.

File name:

Publisher:

Moonchild Productions (signed by Markus Straver)

Product:

Pale Moon web-installer

Description:

On-line installer for Pale Moon

Version:

3.0.1.74

MD5:

4653b286bda5063ac51ac4ed4860d65e

SHA-1:

8bce0e41699ea29db6843d68364e607f1c243692

SHA-256:

4133eeffca525b0ec99ec787bb6ca160d5277ab1ad59e1d37be77382f3967a7a

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

5/10/2024 9:44:06 AM UTC (today)

File size:

793.9 KB (813,000 bytes)

Product version:

3.0.1.74

Original file name:

palemoon-websetup

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\palemoon-websetup.exe

Digital Signature

Signed by:

Markus Straver

Authority:

StartCom Ltd.

Valid from:

1/20/2014 1:09:44 AM

Valid to:

1/20/2016 2:15:16 PM

Subject:

E=mark.straver@bredband.net, CN=Markus Straver, L=Atvidaberg, S=Ostergotlands, C=SE, Description=36RDczdJb52R9R0N

Issuer:

CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:

0C8C

File PE Metadata

Compilation timestamp:

6/20/1992 7:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:e+sF7xTfSyEkVlXKfbJ/i2FXHDVDeVzN/kLcMQxw:3WxTfj3lWNbZjV+WlQ6

Entry address:

0x1F49B0

Entry point:

60, BE, 00, 80, 55, 00, 8D, BE, 00, 90, EA, FF, C7, 87, A4, B0, 1A, 00, 37, B0, DC, 01, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 61, 2B, 1F, 00, 57, 83, C3, 04, 53, 68, A5, C9, 09, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9... 
[+]

Entropy:

7.9657 (probably packed)

Code size:

632 KB (647,168 bytes)

The file palemoon-websetup.exe has been seen being distributed by the following 4 URLs.

https://dw.uptodown.com/dwn/Qgq-5Y8Mh0bHb59_DE257CNhLxNYMkSgDOCno4ol0kTUlz2PvZTgY-w6ukBEHZOzYZRsg47UybDVXCepa4WqE7PrLT-xvpOYPAZl-yFiSt8Mp_9xENtXGqN8BOFQVfms/QLA-uWPgGJ37pUhaM-lKgsn4AZIZFcGL46tPsKM_ACDOIX2kqAkLkgk2qBTDMAb1DRpyh9id-hpsgXTLneft2zHyeXrA5Fdck0okiTNGPAXt0obemFb_pzdlg_UlZVxN/8wxFWFDRXZkJSb5RrkBB25ve7TL1Cicbp8WaJgfhj2SxWJE93w1ffvdb313kAA4Gk-ByVeKM9QHFVkETY4UQTasx1cD4dBNDS5j4giPzpVghkzwhmryisR4mPD6Khx5G/.../

https://dw.uptodown.com/dwn/OvBmxJ-N9SFDKzoKGTYbYtzoxiYeA-i7fHG-bqWly9Igd5g7_cdsrQN4T2yfOQI7Lzv_-prqzA7sXr-oAQUc-gx4fHf5glDSAZkanFYEejFiAzaHfWBRBxEpeO8-Wv4e/FzwO2ldvTBH59wB9sOeR1hOh-q4e4GVi5FOKcYwIHve4eYd5VV4gijzGFd4H-ssJu27ns0hHOC7AsBneub16TYmWLKBHOnc51v5jXf02VYEJHaQE1o2-KgCWMafYhSoS/YQy4SSy0QLa9CWT-aZb3Womn2AxDwzR5hDN9jeyIccnyhNa-U4i91jBr3EEwNglSy7BN-OOb6SqoDfZiYh4XYxyrmIEhVYVY4hYWxrsIQn2sOaxA9rDBORdwzFJ4s1h_/.../

https://dw.uptodown.com/dwn/g9GwlrzoMQX-Frp0NLL7mP_ptXJ76QoKoJyxbvfoI0DbdErciQzjzLiSRlII54JDfheCnM2kY7oM2LAlQMJfeP6ZAT7TKDDYmpt5e1KU_uQKeDf8lEDt3-jUUsn94NQw/8nnLotANVj5KM8Lg1qVMyl8MT3GgwYbKdvs1uFcBSn6HebJfpg2aABRW0XhdvBze6puZYuduvWt6WiD3BfNyAw9qHj8siEB5Pe2-HHIMIplN2Nd8KMCV4_ukf9sdmyFJ/-HQLRtbEpnNy-vvZnMvCGUbNm6LEapP11TdcE0oD5vQW6-zh_jcS1aEba-nxKYnJQIALUukTmiij6VKFdMU2HAsF0koUyWCTKkiKlmgQdAYeC-_bVq5nYCqQqLxqJSP2/.../

http://relmirror.palemoon.org/.../palemoon-websetup.exe

Scan palemoon-websetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.