» firefox_setup_26.0.exe
Overview
Analysis
File Details

firefox_setup_26.0.exe

Mozilla FireFox

Download Manager

This is part of the Air Installer, a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application firefox_setup_26.0.exe, “Mozilla FireFox ” by Download Manager has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the AirInstaller Download Manager installer. With this installer, users are expecting to download the free Mozilla Firefox web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.

File name:

Publisher:

Download Manager Cert (signed by Download Manager)

Product:

Mozilla FireFox

Description:

Mozilla FireFox

Version:

2.0.44.0

MD5:

3f7b631eb8974aa2765fc423db15e728

SHA-1:

5f0432c5dc516719f3efc4999f56f22b74d2b3ab

SHA-256:

0f39e27d498e4e91987b38926ba8bfd3bbb290fe74005872c41f0e7412d4181c

Scanner detections:

24 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/27/2024 1:49:39 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Graftor.153852

851

Agnitum Outpost

PUA.AirAdInstaller

7.1.1

Avira AntiVirus

ADWARE/Adware.Gen

7.11.177.24

avast!

Win32:Adware-gen [Adw]

141003-0

AVG

Adware BundleApp_r.AK

2014.0.4037

Bitdefender

Gen:Variant.Adware.Graftor.153852

1.0.20.1400

Dr.Web

Trojan.SMSSend.5375

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.153852

14.10.07

ESET NOD32

Win32/AirAdInstaller.A potentially unwanted application

7.0.302.0

F-Prot

W32/A-8c0ea402

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Graftor.153852

11.2014-07-10_3

G Data

Gen:Variant.Adware.Graftor.153852

14.10.24

IKARUS anti.virus

PUA.AirAdInstaller

t3scan.1.7.8.0

K7 AntiVirus

Unwanted-Program

13.183.13597

Kaspersky

not-a-virus:AdWare.Win32.AirAdInstaller

15.0.0.494

Malwarebytes

PUP.Optional.AirAdInstaller

v2014.10.07.07

MicroWorld eScan

Gen:Variant.Adware.Graftor.153852

15.0.0.840

NANO AntiVirus

Riskware.Win32.AirAdInstaller.ddthut

0.28.2.62483

nProtect

Trojan-Clicker/W32.AirAdInstaller.920448

14.10.06.01

Reason Heuristics

PUP.Installer.DownloadManager.R

14.10.7.7

Rising Antivirus

PE:PUF.Airinstall!1.9C4C

23.00.65.141005

Vba32 AntiVirus

AdWare.AirAdInstaller

3.12.26.3

VIPRE Antivirus

Threat.5061940

33706

Zillya! Antivirus

Adware.AirAdInstaller.Win32.394

2.0.0.1945

File size:

898.9 KB (920,448 bytes)

Product version:

2.0.44.0

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

AirInstaller Download Manager

Language:

English (United States)

Common path:

C:\users\{user}\downloads\firefox_setup_26.0.exe

Digital Signature

Signed by:

Download Manager

Authority:

VeriSign, Inc.

Valid from:

6/10/2014 10:00:00 AM

Valid to:

7/12/2017 9:59:59 AM

Subject:

CN=Download Manager, O=Download Manager, L=Victoria, S=British Columbia, C=CA

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

6771A39C2739AF7082C1C8D8234BB168

File PE Metadata

Compilation timestamp:

8/8/2014 6:53:25 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:Lb12XCHyGvKeB545hhdYn2KEAdSKM1YSMltXCQBsrxrme:LjHyUl5EhjYnnEi21YdNKlme

Entry address:

0x296630

Entry point:

60, BE, 00, 70, 5C, 00, 8D, BE, 00, A0, E3, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Entropy:

7.8734

Packer / compiler:

UPX 2.90LZMA

Code size:

832 KB (851,968 bytes)

Remove firefox_setup_26.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.