firefox_download_2739212867.exe

Pelon

ConnectorSpeedy (New Media Holdings Ltd.)

The application firefox_download_2739212867.exe, “Pelon Setup ” by ConnectorSpeedy (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. With this installer, users are expecting to download the free Mozilla Firefox web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:

Product:
Pelon

Description:
Pelon Setup

MD5:
e5055289f8cace33e306823833ce16df

SHA-1:
6fea9853aea62feeace7e6f28c9da494a574cf4d

SHA-256:
2a685c68fe65f2d348c7bc79a4a88744694b40f76e9fbfb9dba2612986575c90

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/27/2024 12:30:27 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewMedia.NMH.Bundler (M)
16.7.3.14

File size:
944.2 KB (966,872 bytes)

Product version:
1.3

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\firefox_download_2739212867.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
3/15/2016 5:51:17 PM

Valid to:
7/11/2017 4:51:47 PM

Subject:
CN=ConnectorSpeedy (New Media Holdings Ltd.), O=ConnectorSpeedy (New Media Holdings Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121814B859A983623A89FCFF9F06C7D2C51

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:Nf3lNYTind4SSEvT1lP5lbLoFdAF/vr23FGKQ25fQoM86Zmr+o+0EkaEXmbf+c+K:Nf3/YpiTnFCRtQoM++42b+U4tMB

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file firefox_download_2739212867.exe has been seen being distributed by the following URL.

Remove firefox_download_2739212867.exe - Powered by Reason Core Security