» icreinstall_mozilla_firefox.exe
Overview
Analysis
File Details
Network (2)

icreinstall_mozilla_firefox.exe

Application installer

Dov gil Management

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_mozilla_firefox.exe, “Application installer Setup ” by Dov gil Management has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The installer is marketed through download protals and search ads as the free Mozilla Firefox web browser but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

Publisher:

Application (signed by Dov gil Management)

Product:

Application installer

Description:

Application installer Setup

Version:

5.0.5.1

MD5:

72c033e7110372ec145512d3bdcfd0f2

SHA-1:

76deb43b8524d0798a8b2ba43d0afde24d99f60f

SHA-256:

f60334471293d46d72e617b3718e25c3650482d3c1c6b3485b9cf53d30018255

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Utilizes the InstallCore download manager that may bundle various adware-type offers.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/6/2024 1:52:26 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.installCore (M)

17.1.24.14

File size:

749.2 KB (767,160 bytes)

Product version:

3.3.3

Installer program

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\icreinstall_mozilla_firefox.exe

Digital Signature

Signed by:

Dov gil Management

Authority:

GlobalSign nv-sa

Valid from:

2/12/2015 7:19:59 AM

Valid to:

2/13/2016 7:19:59 AM

Subject:

E=assaf@gildov.com, CN=Dov gil Management, O=Dov gil Management, L=Petah Tikva, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121C11E8A2F3EE3168E1FB51C1D8F55540B

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to os.solvefile.com (207.189.109.121:80)

TCP (HTTP):

Connects to cdnus.solvefile.com (207.189.109.121:80)

Remove icreinstall_mozilla_firefox.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.