home

mozilla-firefox-33-1-32-bits.exe

Prompt Delivery (Fried Cookie Ltd.)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application mozilla-firefox-33-1-32-bits.exe by Prompt Delivery (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The installer is marketed through download protals and search ads as the free Mozilla Firefox web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Prompt Delivery (Fried Cookie Ltd.)  (signed and verified)

MD5:
b71cc192fc54feb26d882b5f65a25ac4

SHA-1:
229a4c6704b89719412075b96e5279ec61af22b5

SHA-256:
6a4224d20738114bce9f9f06d998a47febe8ac294c748de1d0c91682241bbb60

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/16/2024 12:31:38 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.FC (M)
16.5.24.12

File size:
700.2 KB (717,016 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\mozilla-firefox-33-1-32-bits.exe

Digital Signature
Signed by:
Prompt Delivery (Fried Cookie Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
11/5/2014 8:27:25 AM

Valid to:
11/6/2015 8:27:25 AM

Subject:
CN=Prompt Delivery (Fried Cookie Ltd.), O=Prompt Delivery (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121AE0493FC6AADBC4B4916257B79BC1ED2

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:UZSaNVPWkrZ+LFfnz35nvBfpXhD7KvDcQkAFPWbst4b0AEuSfMD:UZSc9rZ+LRnz35vvROvDcQkAJWbsu4cv

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file mozilla-firefox-33-1-32-bits.exe has been seen being distributed by the following URL.

http://d.baixakifiles2.com/?ic_user_id=254&data=QYlxCjYp8pw dYhEhzHvQgeKg7goPLn52Ct2kRxtmFdcE6H qFEhmz6UDQRaADJCd5/nLl7h9 vzYJVSCnxrwF6D/6Htd IVx1mbp0/sIMDFUamQ78L4pldMox /ZaFg3T jCElNP81xfiFIw Cqau6OT0QA9oHXe846FKXke1vCdZJ6y4UYgIB euUgWUo117mqbJD9QpmpzhIJTT41Bka85LdHMCqqHHP1vAx090DP2wkHm2WQt49TZWTToa8IGjvreOfbv4s2AFZKlrnqvgrWmO1PkgzyqRWWuqytUum3ftV23fvf1EW5Yr7nvYgLV6yiF53FQwYlhmciOt/jZ1pBohS7vp9jMD5SvJJhK7u8X4 C4pqjFoSJjE7huAYB9GvtK/OVlObN4fnqEq3XfVR7csSBHlsawql3VqadOq701 6OONAeE9Bv3dvvULMzvOn3HV3Tyj8msm99clZtmSwtEKFZYC0WbtmgjyE0KKL8phYusloWdhJVyqZgMSqQedTPeODaQHM21CjapTCiBbQIwqnK3 CF ZJlUR3i/vDTj/1FxUG9 UtQUPbY5Lfz1 lr01 tUTBWidUH9ViP Y3AAPnemZNPMtgpfmF2Ek 9dlfrtbCfRFlo11UTnDTE1VOf2XV5QMvNApoYK049pxnUUhGP7hm1/dRU99F3uZ3pNWbHAgzr8N2SIRRuYDtQdPDEF4FgRvJTB9PL4RpKu8WvAL/.../N MeZym19MdYYSG4uh7i24nPPgpnAWOIdBzteFrbxVFzpgHawDJoicTlvJYo8 yVCSclVLgFNDwJ P1X9AOOt8oI3mJbqAsfemHwCzcMB1xXeW3Unuylq9oZCL6TUkbS4W5r0e7cJScK6aB3

Remove mozilla-firefox-33-1-32-bits.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.