Firefox.exe

Ez-download

The Adlogica setup manager, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application Firefox.exe by Ez-download has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the Adlogica Downloader installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. With this installer, users are expecting to download the free Mozilla Firefox web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Ez-download  (signed and verified)

MD5:
44d3d20274f326ca8a4b37c7903d7b46

SHA-1:
d9731dcef671c1fcbf34677ca975083a3c58880f

SHA-256:
dacce8a72053815e840b70ce79ea03872d56c5320896ad4b2d28f70744df385e

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 12:39:09 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Adware-gen [Adw]
2014.9-140411

Dr.Web
Adware.Downware.2081
9.0.1.0101

ESET NOD32
Win32/OutBrowse
8.9665

NANO AntiVirus
Trojan.Win32.Generic.cthmwf
0.28.0.59048

Reason Heuristics
PUP.Ezdownload.H
14.8.7.23

Vba32 AntiVirus
Downloader.OutBrowse
3.12.26.0

File size:
960.6 KB (983,656 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adlogica Downloader (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\firefox.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/13/2013 8:00:00 PM

Valid to:
8/14/2015 7:59:59 PM

Subject:
CN=Ez-download, O=Ez-download, STREET=96 Jessie st 4th floor, L=SAN FRANCISCO, S=CA, PostalCode=94105, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F70CD1FD9DEF6FE1E710D56A167734BD

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:hCg1EyW14YtkSWM1YSw1PEg6Tk85EmZ3ejOu+SXlrUN2onkovNW70:4g1E110lSw1P9J8XZ36OhCZozvg70

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9253

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file Firefox.exe has been seen being distributed by the following URL.

Remove Firefox.exe - Powered by Reason Core Security