home

mozilla-firefox-35-0-32-bits.exe

Generic Internet program

The application mozilla-firefox-35-0-32-bits.exe, “Generic Internet program Setup ” has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the installCore installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The installer is marketed through download protals and search ads as the free Mozilla Firefox web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Product:
Generic Internet program

Description:
Generic Internet program Setup

MD5:
97b74c1e0d927b57a6181cc7fb480df3

SHA-1:
b68f36dfc855068e485a67858589eeb65b28a9bf

SHA-256:
48c6b0bea20f9ee4983af04250707c7d26fa63e60208b559e12439e61e404230

Scanner detections:
11 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/16/2024 9:51:14 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
APPL/InstallCore.QL
7.11.205.178

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.15520

Comodo Security
Application.Win32.InstallCore.KK
20874

ESET NOD32
Win32/InstallCore.QL (variant)
9.11086

Fortinet FortiGate
Riskware/InstallCore
5/20/2015

K7 AntiVirus
Trojan
13.193.14781

Malwarebytes
PUP.Optional.InstallCore
v2015.05.20.04

McAfee
Artemis!97B74C1E0D92
5600.6760

Reason Heuristics
PUP.Bundler.InstallCore
15.5.20.4

Trend Micro House Call
Suspicious_GEN.F47V0121
7.2.140

File size:
672 KB (688,111 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\mozilla-firefox-35-0-32-bits.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:ssvpdGwhWNOlNFCeKNXGvYJbpfoC6dVOq+sXtEuK4ifuRxExubHaP/kY:ssvbGwhi4FC1XnVreXtEgZRxExM6P5

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file mozilla-firefox-35-0-32-bits.exe has been seen being distributed by the following 8 URLs.

http://d.highaa.com/?ic_user_id=9289&data=P hytcNY4FEugpcvHxh8No/fJpw0nGzEo4IfDsWYnsTfkoVsTlAzx /IJSSB85tQpLQjW7h8qwqruAvDCDfdPz3zvkiSwDAAHP2OvUxsU5C6smLeXN31Zwm1F//sM9/3b1MeMGCG62iDi4PKqbE1g8Q4TZ3HGxQRpAnOabMAWDnRA9bNSdI4txrAwND5DkjEtmzR8VJLoymgzPnZoVVGDWPun6R0b3T3tVmY6okMntXjsG7BqhMOVZWpLmYJitBuNI/iaBAKzCkELJmJMyUvQWNbundTANN48gqPdhnHiQKCsNykgdamuZazGV/nzsCPuFkjlTUtsZRm6eZ8VG9FscOnsLrsoPWESLHcpM FgooEL4N5b5JvTXYKdM79R5xbIEIwMMSWMuTamR14QMbUlJmmJcIRGt7h1WTfk5R0aM r 4gYxreJGUg/Do/8rJ19N4LNGlzJLtxGD3ptR LyANSRf7Z qBq8n5xfvgZZ7HjRvCie5Pdb611ZfviM/mBCd9ldz6REnHpVgtDbItgodSnCWmrhf0KDo7Rv99QhOYmzeQqGwc3ShdBjgZPj/z4uhuwpsZG6TVOXkMcamYhfU AiKn4w2/ipzA07cPXh0pdhqw1faxEUi3IXNpoD4NfvVUgv8VaS/VVEb/SulNJF8XZxGHsyfpJhrzoWOlHySSjCH38mfbJrxWi4fFi1zsIhd227j1RmJ7APXLgBGI3inJbdflb7LKNG7z5rW GPepnkjAYS0WIrVoqVJmiHLyzbEUNghudWPDrxT8I8 ptWpYVagVj7aeSvAl0nOV1FEIHzIKVPnEFlk5MHRLk=&key=KcyIvnBjvh SVIWz8JVDvnb3MlvXA/.../qY3v xrnVZ41H8IuSjRbBWuBcCI9m itzcsc31jRUEeGmwiov4uZK

http://d.likelyaa.com/?ic_user_id=9289&data=gg0bTByRNvX4z4Xv347RWtDlI/wgGfkD0I7qkZiSV y4g5P3YDEF6hcVPFx9N9wmlts7UbfDxogxkH3MO/VyCgN0G0a6mlVmIU4883zlP9SqHUvBXnOwTL3HmXUCAYtBScMvKhP3/P4UA6bmMjsoPqeH2Hppl0zy YGMHqRxPhbz4mAi7bUmJ84o3wK6VnKZBT0mq/S5B xcFLBBpGGs5h4WNQ2P2JfoX/R/C9nnMspVESynWQCTVoM75NnITzft80kU7DQuT23Efus/O0eLDMmrXefeIwiUw1ErtzC1i2cc3bOgAkGspxCy uR4Q57hR31rVQKOMPQZa2OoEvIIq3tvPwyQYoX8vG15fu8Gbh/hiulNQJlNg scZm0g1SPZ5QhUjOoUFaGtXjGFou6RcnV5CaUL/eRzG Gd8k2Vupc6LReRTGDUySDrobBVxsmHBE8yMGF7ZCpj012v8And8aItBiRwDePYNZjuCtrH MGx42PEcs2AmWRTjKBrZAhWwmkKcCj/VcKtHmfi6ON8zRFITqtNAcWFWHlT/z01LdEVtViV9k45yYUTUYO17gIXqogawUMhV/DhXlVBShWWbTMkQ CNaGiN0TG5V6W3riuhsEM8bIt0G0oxvzeHn7dSKlOTKXZgX5TDK4O3Z8Eo3ewun59Lsw16 TP2KsR8efsTERFNaVMMbuge IZu175DXb/h8ZCn 4Zve8tq/nlnQkd33l1/PoGL6GAh2BNtgsoQiOYHlO9v7k0Q/YTMJF3UAl/p fsWoL1QsklS0qrzZtWTToakc4UVr4YrGy5v6GgOgBdXqLOcTG64IIU=&key=EnHBHsaYngiebNfbvucUcqLVNLcJmfCri74AO2VRMnhOxqUVAucSVcO ZBbU94m1L/S3PbIlc/.../kxHKS03gttxuYpXoGx3f0bpfFC5OAt7

http://d.likelyaa.com/?ic_user_id=9289&data=/xPio3N0WVeokSslqSfroWDYNKApYTPy3ifeIN7LHORhOEFrqQS328CQzER0EyGtpb7VVGPdvksvjqR7FvkxwBqgoZzhqrJFkkxx3Xl24R9FxhHb6XozgH9ap6MySg5p7o3f5xZaZQoThcEIFq4w2MW90M1MBWZFfWCZsC8Ati1N6H8cXZ1hOPv2dNxa9KMDWHAREZ8LEp7KIywmr/dGobJDguovqUyPpIao0MC1WWg4/fiOHQhtroQfjY9BQi32avtdtVLde65Ew8NJHzKkkr0nSz4jyXxKXYSrYHP beTdxeOZc0Yeh72jhJssuRqG0HfoaNl9eBTQz6KpOz/rD2GzcA0wo 6SQ7owNYSsBF/ qi8Cqt5bp8hW6cTmNfbjDYB Lo/GTVFUnllVX8Qc/ngqrxZYi9VzRGQqWyyigRqhk xrNJvaX/D4ZeOjzKsdiXJF9NCHZm9kfE9cmn2v4I1V5TyHAF4eml/A4V/ZQb7ErPDnCR7BHMg/e7hLqWN zwkLft4hjJCB8OcBG1FUvroXT6SZRXmjF6YSMsVnkhYeyNEtWprIxt e2MDugHvLLIb0GOVgyrBuzm/E/bfnBeLRbG9kz3Mtz8hEOQW eOmJ4yVyqfdFxI932pedwGxFdEJ0qSWpg0ertM owTcL6Wzg4heleydmIkay2mWevA0zuoE/wUz7f/OVfZft7TO9mGh3Zyr97VM0j/.../U2ThgWnpWYm1QCco99FTnrnCC5Da OEbTqazFZ7pS4XSH2zCaIZMh6D36nhCfFvxr3 uTIbuV7M1xL4nV0EsRMa7hoVimHp1 H42mEM=&key=kD14c2a8dk5UhlxxabUSEbLT2MwTHwtIbfkqz1J0mpuW9jJScGzj26Jzw dL8fQvOzuTndvaruZvxqh0llDcCOkxk8qNloATO4qAthx6eefJaL1XuX9 NjJgEDd

http://d.likelyaa.com/?ic_user_id=9289&data=8BOtY92NcemPlucYnhs9wnrqO82g0UV1lee8NZRdV5K1d XQ2ZLtEGQspBrAsXfZRIbZmn0dtSsKUjHCBF3Or2peslW0/VnWNKVjYv5WbofQ2VlVs2Xfq1xVgF1A70erlNfxS9fgMInid7Z1FRmIA8VIsN9zwdGm4cDJkHdyLYKTK1DIjaoANBF1hpKAYxPPvdw6TCcmU YGg5VMcxZ7/Ysg48/R42aCb6q7dKR9vlUxbS4FihGxWJeeT7HxdlxP7Kn83nF 5sZttx/kvkRgA2vCj/Ke5tzxF71QOwfCmqqY44josO5wjLnoGWNVaUEOSKhBNpmXeNXQQ26lP06OJLhdU Myns /WMpX26Jy6Cm/HGGvT8mOeJOss0Y8NvhUou1yEsl0EcHWxOW/E3qojzXc1WEHsVS4xfp3pDx7gEaxLLiDNRXLCVubeE5CARDaWhAuxZ3iXSpQZOpf0Wg9OxT/c ns62TYWB7SiL aGv9aIW0FvfLd7PRaCf5zOHpEzbzpGhQWRQOA9 02cEL40qvwi8 KNOZT7uSg LLdx6wm7vf2 X0Zz2kXtKG P5qrFFRcaa2YS77A3K5wQcwzr4gjEdFM/8Vxmo2qNMOEoFV6XG7AjoVUdFh/Zri yBo/1r4xRSdDc8pJ83lyq1bcLOG9QmU82Jfq/2VyBbUqNV3Q5HQ FV72dzJDpXU29ZmJqnI/bBrQBOCBEiVfP3TbpnLQkeDAA8YDPdM5mr0cK4lgI C/jVVv14W29tWRqdp4 6BnqBpdx4CQzES1IJ5xaTZ72znzLoOByBrNf7RJt G74njCnB y3liyRxI=&key=C60xShWTefB lSxiIfS9YH1fnZKLdoelNcgfFFo82VRYqw/qcqiRFVaeEO2rJoWjXa9W 4z/.../QP5Z884u 1e9Za0JVwojgm3Hmr

http://d.likelyaa.com/?ic_user_id=9289&data=A1YeUt8LXAwvIf z9YaaXuaaakuNQHwMJ4Jvzuw0p2FiSwJ90t99Cuk3PE19qRg wc5EmK15cSB0PM3ZAUQzYhZuRwCjMvCPfZQJM11GKGl4ookeli81h9ub/t4u8uREpnbrEvPpLvxBFKNzxhOPJv4BtiABKI1oJZaG2Is9SormBRCkVshBLZ44MlAQPEddc2HmF1RbXuIa1BZVcHymjTuEZmjkYYMNnhIaTlrHsxtWq0EpLATkm2x0uMGVmYejZTC7/Dosqyhec1UqQCu0rb0wI9N9PzY4KOBfgmi gVRSLl7f8uwgZA0wIyDOQSBEiOLgn6UpG9w4lNzank2TojazRH/th9qDLbvIIDP tpapNqw7sm2AGG/sGvw4zd77W2xlFqIOL5BPUUGskOaHuyEZx9rdSk0fV4DB8grLavcfLwaoMQtqCnI4rfoRdhtUo6LJqBvH4VBM pEUZR/oCc483zaAOzvb0sgp2aJIzxI3s8Hk bgvuUgR2Cjt1ZA1YAcghTr4K0GUp7acC818iqoLNQIOOkOLASkroFl43/tinlynXZ7lhCpBU1YvHQA82rPYKovCa r64IkkUKk1ReIu9YTVmhlOSAlK9xSDvyAO7DC099PeFZ74nc4pq5pK4YW qr6jDwh0pVwB9OUDNsof dZUkZ1sRguD/hDkS8atP/BoQWC9/oTqLeA6/ /.../ ZlQJZwWB6QpJolXi9k6wvWD0gx7bRtZlTScbcQlFIDU3vKkC8QPvuSEdIjuN1zeD7NZnQqS0N373 aBrRfsDTpWXfEO6Y=&key=psWgqg38yoLP0zayux8wZ7aqf7znZHDqkdMBgw1EFUckNZEfOxcBGQnXtTcpHAUFiUfAQ9LAK1oWksaiYD32W58fedAUfEg0Aux7d2nSOOUXqq5HKZVKtnw2Oy1

http://d.highaa.com/?ic_user_id=9289&data=UDnG1jDudVgKrERyhpPEwuLY2IxFYNowNBJc soBmx7M2k4SCRccZEOag6u8fN89F9tev73ClPgupc/6WXAFcKWiLtl95Y O /MySIPtBB wWU86f71x5JWEs/voC4IcV7R9aztAfDz JkmFErgMMejF4wk9chctA68igPGQI5EIBkVqWN0NVQ3H/fblA0wwdmw8RcuMPZLBL6Q/VqUv/2kvPIL2grCYBmE7nj6adua8IlxP0am0SWoi83WTkP34HUvxz/GhSf/wOelf84t6jFIbphf rwF0j/ uqDUXhTXSlYa09GtGgs5unZ3f0efMYa2x796Wpb04gXBXJJcIW8q2EPgboVtfc4F7QGTbWgsTNMOLpK0CAMYZb21pNzxZBKoWpQpQTwghPw1FWvHMq1AxaLzQUBqx9EjBdokEMZXn22PKXMwLv986/19urCnO1GJvAp7y5HIs7IZsfM2dVR1YDKf8mkkHd 3GR2 x7U4ZM0b8bbt1sfrPl3dqFWZle8SEFYJit0GzsamXi w A8BGv9JWkJ4b8TvAPxTAVMn4EX3SGEta4mo0m2AbaKYdvQn7GtIi2/emdRf3Pz xFAGCcgY4BhvzcLkXKc3HbkK3Hcrt 43/ko2U0BoMpMVn34pjZSScq4Hjn72xWuvN/g0/M19YuN6p9kXXTmMEMwfTiyOMX0lv wm28bhRYmenvq 9FfrbH6PxqiGF/MItoFyHWMzRWdFrYGLoV3A65xowPjxmiIgeoxhj8R3K5wjJ8LL eo2c2yA2Mp m3FTKeGAOeAfCIWK1wBz/.../sGMeKTKd72QJKZqpJndi38 BUk7HPqGD2lnvIBqRl2

http://d.highaa.com/?ic_user_id=9289&data=HC8lCFlY0Yu4fy HAdlM 39c utH6r1Xv3BkVIUHaE/wJYYvahpYb4 pTN4BPlV8fPa6YS9vuftkurcuMjm6Bbm9JnAfx3IBwFwY8TkHAoBiPqdnoVnLIdoljJF4MCWzRzd4kvmbytLg5jHDa3/lte6GqA MHbEB0vL VcSQwCLQ 2Zo24hxfJSko3hefYxx/gKARHt0yaFM PYdyjGgBScgkDIyvRsHM7q6Q2oK52gUrysA7Orm f6tRqzx4EcXfSOncwveBgbclpO1yxbljJGNChQwkcG IPAvWwmFjXf1mm1T/GaaYwe/klS0 ij/htcbKevnDpYEqv t8eRvSSmilN8vQC5r7He2ZbZeN3p3yMQBVQDbx8u303p8/A9V1qOb0Qd8iEodqNx6PAmsnGzjOkKTDgeyF4OFvObGpz59SeXRDcwT3IAyQILSCDLcOwLaSrz5JEmq3IAEfwRFZL/KxcRJ4oho37W4XHc4Tq6ExQRDMo6AQQHHcYXy1/6XZx3p9JZdhCNzvkTcm9ydqDYvmXLKsClNt59LK2/ShHZHJHLQrQG8pFzIzZ22oqwedUzpBBPFGnnF0u96Is6DJk sr7yPmAUKagokEVR1ZCaeOqP1cX kdUoFyJbuN8V8PL7U4/teLjfknFxWYqpd6o5VWmaEn3OrTWyj5Ls9HJOcqYF2/tp3XZjFAL u8CLVNWoWIlIC8uJTaJ0qRPVv5EE8IDvcFoKSIZUq0l82cMDYdgtTWHlfaxZv9NuQ9dyzeU5cP2/L9VAXdbIK8S1QPYoAYGKZabXjd3K5XyZgHfGOBpzXzBnpAR5i2uE=&key=cdOLnHTbAHmXWWy/8GMW7Nj/gKyWqnQ0VNyuQt9kOyIuczRmqcleYtl19HCfbvNKjHm35vbuByR8tmCKC/hPh3l//HifYn1Am3hXLRIXkNv o0IDXd3ohOkwkT6Wo

http://d.likelyaa.com/?ic_user_id=9289&data=myZGzSlkqY5ymDTn5xbX 9yZ3rA1fnDZHqtbhuQuXYdEiODvKUwfqo8NEcaCRK5 zskeCMEjHSKBBYrH0NI FJ o opW7x1iDmlmYN0Q40y9e/iI/GmTF2l7qH1iZWXbWWvcbxzg5uo8NTUiCFqr0hD1sOMFiIfiOlb7vsCPBFtiDNuedyF1X/SW9SvblGw8CIMVQo43baPAqG9CWR iaqLyFQiN7kRW5hHQlo/tFdYryotKsWcYYx9voBpod6ZNmzYErw7F0LNO1dA8Ep26AEH7JV0xGhyYv7UYCu99AO4WZuaaf9Nx20XM0MI3bjsOWZ2J3DeDce5kZlmGXdMz1L8TIF19y26pJyzPGPRlPzN3HKc zJTa858sRHgkzXpwDaglMbr6KOUlBMbz2fm2rGMaUuLdC2rx63ZCde5n8k 1m1c2VnAblfDtKYo1dSvqoOc0lzasjncz0XI1dleIde4zZKMkc5F0uofuA7lYY3QUn9ScT69jy9Nq78XrrvIPUFsYK5vh12awV1EdIOOMPi7UlFCdjewMOkRpcBaTfq8a7dxBJzPKipzkuH9lTO5XivPwb14mpl5SPuxH5f/BRao7PNzSdza GkEMqfQng Gz2H vJSI5HlIekwK jN33Dgh/QYZhVqtQhKfFYXSh9y6u w25aw5iSBmKBMOuH6mU1J5UpfiAtexdhfZTYHXQWRUIgCMVm3gmz8/sf8WlLIgp/HvjUCk111jXJddWY wNnsLe/7Fju0W920ly7nhVBDxt13cZcTAbh 5xq36LVOc68DSr4DM5icF6mQ8Qd4t6mC8l5KWRue8rLqU=&key=mEl7SgEOsWKM4Lsmm8P/.../cXOEWxeY6NX4XfhVoKW13 wOOW3BAFYvK4ntGBMomVoxDu6LqNP1fMRTVocHDekdx80r7OmOHJo9FdYCKQHfLvOzPKd

Remove mozilla-firefox-35-0-32-bits.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.