» firefox.exe
Overview
Analysis
File Details
Downloads (1)

firefox.exe

OutBrowse

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application firefox.exe by OutBrowse has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The installer is marketed through download protals and search ads as the free Mozilla Firefox web browser but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

firefox.exe

Publisher:

OutBrowse (signed and verified)

MD5:

deaeb4a950d875a52b48daace86474d8

SHA-1:

29e7ae903af51ad9ca5d4910404fabf2fd7e25c3

SHA-256:

4ce77e3ab9f6ca4e1195f0ae3f62a73e3b7ef591718c35adbf976dc6242cce14

Scanner detections:

15 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

11/27/2024 7:33:11 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.OutBrowse

2014.06.09

Avira AntiVirus

APPL/Downloader.Gen

7.11.153.232

AVG

OutBrowse

2015.0.3449

Comodo Security

Application.Win32.Outbrowse.G

18485

Dr.Web

Adware.Downware.2081

9.0.1.05190

ESET NOD32

Win32/OutBrowse.J potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/OutBrowse

6/8/2014

IKARUS anti.virus

PUP.OutBrowse

t3scan.1.6.1.0

K7 AntiVirus

Unwanted-Program

13.1712333

Malwarebytes

PUP.Optional.Outbrowse

v2014.06.08.08

McAfee

Adware-OutBrowse

5600.7105

NANO AntiVirus

Trojan.Win32.Generic.cthmwf

0.28.0.60100

Reason Heuristics

PUP.OutBrowse.H

14.8.7.20

Sophos

OutBrowse

4.98

VIPRE Antivirus

Threat.4784459

30086

File size:

108.1 KB (110,696 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

OutBrowse Revenyou (using Nullsoft Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\firefox.exe

Digital Signature

Signed by:

OutBrowse

Authority:

VeriSign, Inc.

Valid from:

10/23/2013 7:00:00 PM

Valid to:

10/24/2014 6:59:59 PM

Subject:

CN=OutBrowse, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=OutBrowse, L=Ramat Gan, S=Ramat Gan, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

56A6FE571611B68C9224798AD62913CA

File PE Metadata

Compilation timestamp:

12/5/2009 4:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:9gXdZt9P6D3XJzCS5Ky/9XO3jR0eWSzUu/0Ww:9e34USUQ9OzRgW/cz

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.6846

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file firefox.exe has been seen being distributed by the following URL.

http://dl.app2desktop.com/.../Get?p=1955&d=3208&l=5187&n=1&productname=Firefox&d1=12&d2=1&d3=1&d4=6&d5=00000000&filename=Firefox

Remove firefox.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.