home

firefoxsetup.exe

Program Web software

Premium Scale (New Media Holdings Ltd.)

The application firefoxsetup.exe, “Program Web software Setup ” by Premium Scale (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The installer is marketed through download protals and search ads as the free Mozilla Firefox web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Internet   (signed by Premium Scale (New Media Holdings Ltd.))

Product:
Program Web software

Description:
Program Web software Setup

Version:
2.3.4.7

MD5:
47f33cf9748b533880e04935cdeef053

SHA-1:
1c91610bb66b0341c9d20add87a5057900882fd7

SHA-256:
27a221c12f9e662ba098d71c9b996cb98ca68e8306fd1325500a2ec230bbf7fe

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/24/2024 10:50:08 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewMedia.NMH (M)
16.10.24.23

File size:
778.9 KB (797,640 bytes)

Product version:
4.3.4

Copyright:
Application

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Turkish (Turkey)

Common path:
C:\users\{user}\downloads\firefoxsetup.exe

Digital Signature
Signed by:
Premium Scale (New Media Holdings Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
2/9/2015 8:04:15 PM

Valid to:
2/10/2016 8:04:15 PM

Subject:
CN=Premium Scale (New Media Holdings Ltd.), O=Premium Scale (New Media Holdings Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121CCC26B8A89F90AFF2AB668372A1A4978

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:rldpSLTflmSNUUKhrOhF+v+eh+7wXHuBihQ8+3jqSYFv7XP2tiv20qaNHs+rWLN:rldgLTnULOT+vth+kXe8+3IF/uuHHriN

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

Remove firefoxsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.