» firefox_setup.exe
Overview
Analysis
File Details
Downloads (1)

firefox_setup.exe

Generic

Download Stream

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application firefox_setup.exe, “Generic Setup ” by Download Stream has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The installer is marketed through download protals and search ads as the free Mozilla Firefox web browser but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

firefox_setup.exe

Publisher:

Software internet (signed by Download Stream)

Product:

Generic

Description:

Generic Setup

Version:

1.3.2.3

MD5:

ac2db2b7e9d14acb6ef5c192cc4c9ed6

SHA-1:

c3dad3caa59b4678f27c1ea1a5de66205bc587b6

SHA-256:

e8f887dea89de1d37b994d46b8e8b6ebe9703efd0b532428e8d1e221a22f00e3

Scanner detections:

6 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/15/2024 10:53:48 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.InstallCore.890

9.0.1.041

ESET NOD32

Win32/InstallCore.AAG potentially unwanted application

10.7.0.302.0

G Data

Win32.Application.InstallCore.EG

16.2.25

Malwarebytes

PUP.Optional.Bundle

v2016.02.10.12

Reason Heuristics

PUP.installCore.DownloadStream.Installer (M)

16.2.10.12

Vba32 AntiVirus

Malware-Cryptor.InstallCore.gen

3.12.26.4

File size:

775.2 KB (793,768 bytes)

Product version:

5.6.9

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\firefox_setup.exe

Digital Signature

Signed by:

Download Stream

Authority:

COMODO CA Limited

Valid from:

2/26/2015 5:00:00 PM

Valid to:

2/26/2017 4:59:59 PM

Subject:

CN=Download Stream, O=Download Stream, STREET="1930 Village Center Circle #3-1234", L=Las Vegas, S=NV, PostalCode=89134, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

6F743ED7A3F6BE2849D3B5B7D2D51E3A

File PE Metadata

Compilation timestamp:

6/19/1992 4:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:Y6SppmokAS0jdcNIbtfCV9HfOsby83wzBejPZtWhAz7s+lu5Gm9AA9iIjUvjGsJw:Y6SXmI2S14HfOs28A0DWWz5l5YcGsFw

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Entropy:

7.8846

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file firefox_setup.exe has been seen being distributed by the following URL.

http://cdn.open-downloadcontent.com/c?x=Vn4BJTsX0MmcVyEo52KQ74syTHxZJwyny4PePqRNuvU=&c=a9oolUrvasnP8FSO07QmV4xThcfa4OU59CKADVZHrWrEr5LOlKz1ttjCK5rB08Fwz37CL7okc6ouCtpcYr5m9PqcGeBu4lRtCpo9h2UyApN1lKl7Oef4at0y4OHw BLn&fallback_url=http://download-installer.cdn.mozilla.net/pub/firefox/releases/38.0.5/win32/.../Firefox Setup Stub 38.0.5.exe&downloadAs=Firefox_Setup.exe

Remove firefox_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.