» firefox_download_3216259132.exe
Overview
Analysis
File Details
Downloads (1)

firefox_download_3216259132.exe

Pelon

ConnectorSpeedy (New Media Holdings Ltd.)

The application firefox_download_3216259132.exe, “Pelon Setup ” by ConnectorSpeedy (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. With this installer, users are expecting to download the free Mozilla Firefox web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.

File name:

Publisher:

ConnectorSpeedy (New Media Holdings Ltd.) (signed and verified)

Product:

Pelon

Description:

Pelon Setup

MD5:

0658de7ef0ea4f5f692f4ce6098d56cb

SHA-1:

8a3fd92cd25d9fb81f41ad31ab03db88d62e3950

SHA-256:

ffacec430c073cb2e9c21fbfa27d3a14967e24f4d8202e53996026398bc96fc0

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/23/2024 7:50:33 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.NewMedia.NMH.Bundler (M)

16.6.17.1

File size:

944.2 KB (966,872 bytes)

Product version:

1.3

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\firefox_download_3216259132.exe

Digital Signature

Signed by:

ConnectorSpeedy (New Media Holdings Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

3/15/2016 5:51:17 PM

Valid to:

7/11/2017 4:51:47 PM

Subject:

CN=ConnectorSpeedy (New Media Holdings Ltd.), O=ConnectorSpeedy (New Media Holdings Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121814B859A983623A89FCFF9F06C7D2C51

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:6f3lNYTind4SSEvT1lP5lbLoFdAF/vr23FGKQ25fQoM86Zmr+o+0EkaEXmbf+c+1:6f3/YpiTnFCRtQoM++42b+U4tMi

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file firefox_download_3216259132.exe has been seen being distributed by the following URL.

http://dl.jetzt-herunterladen.com/

Remove firefox_download_3216259132.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.