home

firefox_download_2715216703.exe

Kig

ConnectorSpeedy (New Media Holdings Ltd.)

The application firefox_download_2715216703.exe, “Kig Setup ” by ConnectorSpeedy (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. With this installer, users are expecting to download the free Mozilla Firefox web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Ger   (signed by ConnectorSpeedy (New Media Holdings Ltd.))

Product:
Kig

Description:
Kig Setup

MD5:
be39cc454f4b98261a0f7e3b32b3ad1f

SHA-1:
c6e88bcb73817bf0366a5892753c55dd53a1bb0e

SHA-256:
c924fc11c8f62f3b8f7580e18ce1de4a41c0f645195315bd7dc9e1df8d955587

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 11:54:10 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewMedia.NMH (M)
17.3.10.9

File size:
959.4 KB (982,424 bytes)

Product version:
5.3

Copyright:
Application

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\firefox_download_2715216703.exe

Digital Signature
Signed by:
ConnectorSpeedy (New Media Holdings Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
3/15/2016 5:51:17 PM

Valid to:
7/11/2017 3:51:47 PM

Subject:
CN=ConnectorSpeedy (New Media Holdings Ltd.), O=ConnectorSpeedy (New Media Holdings Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121814B859A983623A89FCFF9F06C7D2C51

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.8909

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file firefox_download_2715216703.exe has been seen being distributed by the following URL.

http://www.download-files-now.com/HTHd9_9FjnL Qwv6nTbdKEF3blnrIJNWTSZwSwfbVqLPZlrZZK2qm7sQY8uvpx_wtrVIP7LI592pMCyp8p_eSoBkB otmGhpJIb9t_Q8mxvanW_rlaj8kgleUlRVLWRSbR2_JDnbVc5IysvPF5C6UF7qWeCfsTg sPwaTWvCdjWI3zA2ybLdeE6E0XR_EzT76sIvn5a7m90JSO7R2gXruqe suXbu3B36nRxyIPRlMUToY2DT2NTu0b9tf9lZlGytNS5_R0Zzbrttb0vIi02F1jwUOLwtKTmM2NPj5nWgb5IgD088kicEYt9A8bjqqR31_9uEeYfaOHfs1P FLmDRTZwQijaNYFDKNkTiIjqHItL8QfKjxzUTNiP0EJtRheAiSW79d4JnIq5Sa2Vmpb05FMMkTWp7fjCAtLTg_8ND S4IrHvxzDrOa2xjFu3wCfYiQsSUg4kIxjyo27NjIzk3QcmCw94Xwd5 uCV6ZweXLVcFWdgyCJfxCcHGqQmo2ZLExsyeMJC8q59OkgCKxxa1vYRa2RnAmMplASGDHzaZikvbCKTFkAZYN9gGptCs2L7Qu_Mix PdUWNfWGcbTsbTYM 49Ys1Z8XAEaHECds0lNaT1MVTkvnIfLk rzweDydG04iKNKIK16AwX56tc oOuka2AROtib7ojhm k100i6mxwKw12tQzDRf arLsK1pBzRZeskBNpVG9DBOekyq4gsNOeTGUQ==-G0UAAMTO1ppGaDclmBBtFGxve3DIgUNb1EUCDIONsXMlDJt3m4RJyHuyizJBi FpR_Pwq0nlIJrdAA==

Remove firefox_download_2715216703.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.