firefox_setup.exe

Internet Software

Install Maven

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application firefox_setup.exe, “Internet Software Setup ” by Install Maven has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. With this installer, users are expecting to download the free Mozilla Firefox web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Web   (signed by Install Maven)

Product:
Internet Software

Description:
Internet Software Setup

MD5:
8493b4027be677f8f4a757f4ee80629f

SHA-1:
cdf7de9a148ea378536cfd9e7bc44cd4628ce4d5

SHA-256:
0653bc38b5ebe6e5d587442fa68210b820f36c406fa98dea57b9bd01dc525fe9

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/3/2024 4:58:33 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
16.9.16.1

File size:
794.3 KB (813,408 bytes)

Product version:
5.2.0

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\firefox_setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
1/14/2015 4:00:00 PM

Valid to:
1/14/2017 3:59:59 PM

Subject:
CN=Install Maven, O=Install Maven, STREET="500 Westover Drive #6502", L=Sanford, S=NC, PostalCode=27330, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1AEA3FD66D4051104F184E059398A99D

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:l5wMW5oBUtNqIs9f8T90aUsmfzpXXWMSf0bOrir:liVOBUrs9fI0aUsSzFXWMJOrir

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file firefox_setup.exe has been seen being distributed by the following URL.

http://cdn.downloadzonefiles.org/?downloadAs=Firefox_Setup.exe&data=bfdlIAtxEqwcVvGBRplL5Ei4QVJQ/niFDzapqHMBqopKCvwzhBLuARTItsTt2KN8ACWwHXQC0WsVdNuud 5EqwrtOtrHIdRs/UeXDeI4UsMpCQtH6ybqYRCJ9ZZACralBfxnLP5p6 M9ZlEpF0VK5tGqH7oIcTqHKZXt0JWAQO3R7YOeTMFuhluXUaZKzVSQnmFEys3k4ruYGIxVJO9ROi11JfbSS/0cLNzkyqKT4PQ2qNwhhjdic1eYjCf8xxxcnoF3Ay2DK9NA4PC/lDko09BH0dBxbISoHlfVY4NV7bsFmGoAaCuXf/yo3ZBj43l2eZvK1Zn1s8IeHLjDQMkOGRGV7lAFB1NhbT9UYoULPw840tBS0xcyJasuQoj78/7hq64W3F6MSh6P3l5Kgz0mpb1Ljtkp1YQFOvbLL/LQEabrcvP2grS3MX3N7GzZO2qO2byEUaMS3KlxGHuwQOgcu2o9v4dbhzyFhGFzZktK3n8mqJQgnHEGVceLcE7wzFlLMF BfzcAaGTw6mi7i5TSWUN0LR1QxmGKc7HVfHqFJF9tjTIX5 MGqoD863QZXka6ROCh1LQd6N1Ssrv8axHY0eaSr836r1L/DdjvfeR1TxaGpXsU6nalFEAaxAPB8 r44QzoI7ofl/pZ AOQL1dPv9o33yiU7u01s/EFELap85i EygOV/jP0Ymh8sRUqMbO3QUzSue fx33ykqO9dZbZPXJz2 Ge cW7wXY/pZq/Cvh4yZShKustJwryf7kIeI e7/TqfoW2HU1DqT7VOQY4XbgubuC/VMRMp/4RwijFZIyoxLv7Le/mfl0qE7JeFnjSgRxsOK/1/.../lQtUpp ZQgOGHNHc46V3L8n4jH9SByekGXScNWKTU2nU

Remove firefox_setup.exe - Powered by Reason Core Security