home

firefox setup.exe

Dakedin

Darwen Marketing Inc.

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application firefox setup.exe, “Dakedin Setup ” by Darwen Marketing has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The installer is marketed through download protals and search ads as the free Mozilla Firefox web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Darwen Marketing Inc.  (signed and verified)

Product:
Dakedin

Description:
Dakedin Setup

Version:
2.5.3.1

MD5:
764b8ca996e3416c82274c15cc8a3ec2

SHA-1:
58d9fff74fa3fb04373341f9045d9ac9f52f5a68

SHA-256:
af7d2ebc6fa9bdd87f6e482af1e63aaee7cb9498127e75bf3e41f433ed59e0e8

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/16/2024 1:18:04 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
17.3.13.5

File size:
956.4 KB (979,336 bytes)

Product version:
4.8

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\firefox setup.exe

Digital Signature
Signed by:
Darwen Marketing Inc.

Authority:
thawte, Inc.

Valid from:
5/31/2016 9:00:00 PM

Valid to:
6/1/2017 8:59:59 PM

Subject:
CN=Darwen Marketing Inc., OU=IT, O=Darwen Marketing Inc., L=Victoria, S=British Columbia, C=CA

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
3A06E9DBD0206A134B76F68EF10A4949

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xAA98

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
40.5 KB (41,472 bytes)

The file firefox setup.exe has been seen being distributed by the following URL.

http://www.capitalvaultsbits.com/tdoJxxHTjni2Tq6CciSmU8N0cH58Yyumuc0QeKL8 LzkZZ9cAuR7jrQOauqQ5Bv31MjTYW81N1D3WngFW6B6SeDAV3h2SMnx1c6TobZzFe E0nuYe9 h2NcKvHdqUU7S_OKrvhJQDkIARDRDYIvXeiRTHXcgFNHpMaL_DqJDPwV_LtboeE0UOfDJBKKXvljCoT8SXXOdmGgFol55eyY6ZQHrZIxJB1XQSXW ijeo2hgxRHZ8G5Ki42U9tYDvoRG13VLKYdeWkaaW3qlkZPEoXRK2MY2vAINuUghJ Mnw0xlDSLPBd_2HX7licRQ_j5xVVF_AR0AEvLL_ Igow0uxpqHmM6AzerAejpPIpMyKRhFj19UJ3dEUcYdVUQvGaf_N1x2UusnQQ1Z9b6BN _LG7NyUwKlVnYlAxdOvy8JRhRtKa7SuOfqYwOsQlnqcutkZeGRa0A5z2vD6y8yi8eC9FuimNPhwJKLj8n4LcRrp6NsgZyhs5FZJH5TxjGa2 DGxvpDDtsZ6 E5fCwpUsE9yu3uN7GkW5cJ0 2UYgFqtYozGT3aJQVxL4 _xYc_47IMs0X7VSTBEl0foMMzodKQnTdXHr8IayHxZ2Ivl6REoNDrzLdS9C264s5iI47MbKdY4A9BkbLM-Ow==

Remove firefox setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.