» firefox.exe
Overview
Analysis
File Details
Downloads (2)

firefox.exe

Installer

Prompt Funnel (New Media Holdings Ltd.)

The application firefox.exe, “Installer Setup ” by Prompt Funnel (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The installer is marketed through download protals and search ads as the free Mozilla Firefox web browser but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

firefox.exe

Publisher:

Generic installer (signed by Prompt Funnel (New Media Holdings Ltd.))

Product:

Installer

Description:

Installer Setup

Version:

3.3.1.7

MD5:

09fe47bc9111a552b25a4646d5467142

SHA-1:

234d658e50995b67de9e1ea4ea849de87ab449d4

SHA-256:

409fdfb9f614ac15c6536fa259809f9c57ec456faa08c888f62efd99a3729716

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

1/6/2025 3:56:49 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.NewMedia.Installer.Installer (M)

16.1.11.16

File size:

962.1 KB (985,224 bytes)

Product version:

4.1.2

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\firefox.exe

Digital Signature

Signed by:

Prompt Funnel (New Media Holdings Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

10/30/2015 4:35:08 PM

Valid to:

10/30/2016 4:35:08 PM

Subject:

CN=Prompt Funnel (New Media Holdings Ltd.), O=Prompt Funnel (New Media Holdings Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121E192A11C95AAEEB64ABF0A45A725DEA8

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:7NxpIJFozfhCRmTNgk490fK0qIUt0/Sg5yGBFvg0JbnH7OyA3QX/:7NEozHTNg1nzmMKFvg0JDCXO

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file firefox.exe has been seen being distributed by the following 2 URLs.

http://www.sharepresentcontent.com/c?x=XU34UuEv0ufMhsoyuT 8jQYrs X/H2C8zb mUpi5OZc=&c=/MRO0xJ e1FPansaANg8GfhCcbMERnd/ gwcNNn8UlIlwR5cnx5sagbGTRL/bmLKofwt07TVTJOi5UWcSnD1/PFP3wE5Oa07IXN/RbG5/oHVcelomd/.../68UEKVCoaTgVw==&downloadAs=Firefox.exe

http://www.cityworldcentral.com/c?x=xmHiyZoxfwatjoBMHX7pqX9HVdg7s/.../iecGpxd Fx9ibzle7CfHHPltR6AC xolk0vjcxuflp1DlM7VwYIQ==&downloadAs=Firefox.exe

Remove firefox.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.