mozilla-firefox-35-0-1-32-bits.exe

Generic Internet program

The application mozilla-firefox-35-0-1-32-bits.exe, “Generic Internet program Setup ” has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from d.downloadsfilesnow.com and multiple other hosts.
Product:
Generic Internet program

Description:
Generic Internet program Setup

MD5:
449e1cb2c40c7efd7b1af8e162d252c2

SHA-1:
ee2a865612227c2d922b527178418bf98a5c0afc

SHA-256:
cd3806910069504df8010dc11fd47b57190b317e06e181d0a88ddec7d4ab6c54

Scanner detections:
15 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/26/2024 7:21:29 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
APPL/InstallCore.ZS
7.11.213.4

avast!
Win32:Dropper-gen [Drp]
2014.9-151126

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.151126

Comodo Security
Application.Win32.InstallCore.KK
21254

Dr.Web
Trojan.Packed.29973
9.0.1.0330

ESET NOD32
Win32/InstallCore.QL potentially unwanted (variant)
9.11251

Fortinet FortiGate
Riskware/InstallCore
11/26/2015

K7 AntiVirus
Trojan
13.1915120

Malwarebytes
v2015.11.26.07

McAfee
Artemis!449E1CB2C40C
5600.6569

NANO AntiVirus
Riskware.Win32.InstallCore.dnajxq
0.30.0.296

Reason Heuristics
PUP.Installer.Bundler.Installer.Meta (M)
15.11.26.19

Trend Micro House Call
TROJ_GEN.R0C1H05BB15
7.2.330

VIPRE Antivirus
Trojan.Win32.Generic
38018

File size:
672 KB (688,111 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\mozilla-firefox-35-0-1-32-bits.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:WsvpdGwhWNOlNFCeKNXGvYJbpfoC6dVOq+sXtEuK4ifuRxExubHaP/kY:WsvbGwhi4FC1XnVreXtEgZRxExM6P5

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file mozilla-firefox-35-0-1-32-bits.exe has been seen being distributed by the following 5 URLs.

Remove mozilla-firefox-35-0-1-32-bits.exe - Powered by Reason Core Security