firefox.exe

Quick Downloader

The Adlogica setup manager, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application firefox.exe by Quick Downloader has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the Adlogica Quick Downloader installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. With this installer, users are expecting to download the free Mozilla Firefox web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Quick Downloader  (signed and verified)

MD5:
42f21f3fb718da8a34765ec4d8e3d017

SHA-1:
c48cd9115e3a0f7e6ca44e8a502824e56740d674

SHA-256:
f3c757839d97ba61c3b1e12453cbf0c9b4c5ddb3695037d0b8ab5658efb0059c

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/9/2024 1:12:44 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.175.122

Dr.Web
infected with Trojan.Packed.28387
9.0.1.0261

ESET NOD32
Win32/OutBrowse.AC potentially unwanted application
8.7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
9/18/2014

herdProtect (fuzzy)
2014.11.22.22

K7 AntiVirus
Unwanted-Program
13.183.13521

Malwarebytes
PUP.Optional.OutBrowse
v2014.11.22.05

McAfee
Adware-OutBrowse.a
5600.7004

NANO AntiVirus
Trojan.Win32.OutBrowse.ddvyee
0.28.2.62440

nProtect
Trojan-Clicker/W32.Inffinity.567224
14.09.17.01

Reason Heuristics
PUP.QuickDownloader.H
14.9.18.0

Vba32 AntiVirus
Hoax.PornoAsset
3.12.26.3

VIPRE Antivirus
Threat.5063361
33120

File size:
553.9 KB (567,224 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adlogica Quick Downloader (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\firefox.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
8/7/2013 6:00:00 PM

Valid to:
8/8/2014 5:59:59 PM

Subject:
CN=Quick Downloader, O=Quick Downloader, STREET=96 Jessie st, STREET=4th floor, L=San Francisco, S=CA, PostalCode=94105, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00886E74060345A7D9DD833C2ADF305E49

File PE Metadata
Compilation timestamp:
12/5/2009 3:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:CJHC57C0BDbxRLhP4FbfEjL/1V6CVPa5CysCikKWFzN:C4fxn4FDe71V6CirdKWRN

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9760

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file firefox.exe has been seen being distributed by the following 2 URLs.

Remove firefox.exe - Powered by Reason Core Security