» firefoxupdate.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

firefoxupdate.exe

Firefox

Chao Wei

The application firefoxupdate.exe by Chao Wei has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Update Service(FirefoxU)”. While running, it connects to the Internet address c8.3e.559e.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.

File name:

firefoxupdate.exe

Publisher:

Chao Wei (signed and verified)

Product:

Firefox

Version:

50.0.4.321

MD5:

fcdf6bf2cb5ed08e53910df1c218c138

SHA-1:

7b0f3728224d1bf26a68f80979f1e05dca434113

SHA-256:

d181e75da166fee9d5d8e1ce47c589b45d9b93134ddfb4b5b9eddc5d8027ca9a

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

1/11/2025 2:42:48 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Elex.Chao (M)

16.11.29.10

File size:

115.2 KB (117,936 bytes)

Product version:

50.0.4.321

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\firefox\bin\firefoxupdate.exe

Digital Signature

Signed by:

Chao Wei

Authority:

thawte, Inc.

Valid from:

11/28/2016 7:00:00 AM

Valid to:

8/19/2017 6:59:59 AM

Subject:

CN=Chao Wei, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

48E306C3FE6E1DF075CC774F7103CFC2

File PE Metadata

Compilation timestamp:

11/29/2016 2:47:03 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

1536:2p0wnFzrwCavcyuEs6akRTfxzTvEYrQoLyD/bUhGFSjteJ1XQnwBsWbGcdkisysz:2nFzrYcy7RvPULohGkj4Xq8nkisys+oB

Entry address:

0x832A

Entry point:

E8, DC, 04, 00, 00, E9, 8E, FE, FF, FF, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 58, 00, 00, 00, C7, 06, B4, 41, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 83, 61, 04, 00, 8B, C1, 83, 61, 08, 00, C7, 41, 04, BC, 41, 41, 00, C7, 01, B4, 41, 41, 00, C3, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 25, 00, 00, 00, C7, 06, D0, 41, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 83, 61, 04, 00, 8B, C1, 83, 61, 08, 00, C7, 41, 04, D8, 41, 41, 00, C7, 01, D0, 41, 41, 00, C3, 55, 8B, EC, 56, 8B, F1, 8D, 46, 04, C7, 06, 94, 41, 41, 00, 83... 
[+]

Entropy:

6.4151

Code size:

74.5 KB (76,288 bytes)

Service

Display name:

Update Service(FirefoxU)

Service name:

FirefoxU

Description:

Keeps your Firefox software up to date. If this service is disabled or stopped, your Firefox software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and f

Type:

Win32OwnProcess

Depends on:

RpcSs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to c8.3e.559e.ip4.static.sl-reverse.com (158.85.62.200:80)

Remove firefoxupdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.