firefox-64bit-x64_setup.exe

WebSys, s.r.o.

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application firefox-64bit-x64_setup.exe by WebSys, s.r.o has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The installer is marketed through download protals and search ads as the free Mozilla Firefox web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
WebSys, s.r.o.  (signed and verified)

MD5:
9a0c01b6d991cf86f3444d2dfe59d69f

SHA-1:
43f673a485bb9a18a71e4a59a8c44b172f7f337a

SHA-256:
947c47279fb8793b5e491d50e0a60bd791e66f3487c0ba5c13238528e9cbab30

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore monetization platform to install additional offers that might include adware.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/23/2024 10:08:06 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
17.2.25.5

File size:
672.8 KB (688,968 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\firefox-64bit-x64_setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/10/2014 5:30:00 AM

Valid to:
2/11/2015 5:29:59 AM

Subject:
CN="WebSys, s.r.o.", O="WebSys, s.r.o.", STREET=Namestie sv. Martina 9, L=Holid, S=Slovakia, PostalCode=90851, C=SK

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B6DBC4D5DDB70F36487D154735DE96E7

File PE Metadata
Compilation timestamp:
6/20/1992 3:52:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.7368

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

Remove firefox-64bit-x64_setup.exe - Powered by Reason Core Security