home

mozilla-firefox-beta-34-0-b6-32-bits.exe

Prompt Delivery (Fried Cookie Ltd.)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application mozilla-firefox-beta-34-0-b6-32-bits.exe by Prompt Delivery (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. With this installer, users are expecting to download the free Mozilla Firefox web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Prompt Delivery (Fried Cookie Ltd.)  (signed and verified)

MD5:
2be8ee90d3218e39d3ef0d9c19006218

SHA-1:
0436c44b80aa8da408f1f51ca1198da6ebc24feb

SHA-256:
c742e8089195a23915f7c14f15a45951e961f3e5e049578f0566e4e295f56024

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/16/2024 12:29:29 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.FC (M)
16.9.23.7

File size:
700.2 KB (717,016 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\mozilla-firefox-beta-34-0-b6-32-bits.exe

Digital Signature
Signed by:
Prompt Delivery (Fried Cookie Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
11/5/2014 8:27:25 AM

Valid to:
11/6/2015 8:27:25 AM

Subject:
CN=Prompt Delivery (Fried Cookie Ltd.), O=Prompt Delivery (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121AE0493FC6AADBC4B4916257B79BC1ED2

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:FZSaNVPWkrZ+LFfnz35nvBfpXhD7KvDcQkAFPWbst4b0AEuSfMD:FZSc9rZ+LRnz35vvROvDcQkAJWbsu4cv

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file mozilla-firefox-beta-34-0-b6-32-bits.exe has been seen being distributed by the following URL.

http://d.baixakifiles2.com/?ic_user_id=254&data=409CZ8be/cL8xzs09rOs8ww8QdhYiyQ8fpFQ 4kOfRsqVCD DwjDSrzebRfRqicg4i3OZJFeEJUD67ZgFUBsKuJt1NzfEC6myXasL18yLr/b3AhrYHp8CEFsXI9BR6PArDpW0opYx3z6Z2ksstSyd74mdrVfn4wKisuEfquaLA1V70n0k3rH3135j2qhMSh99iJrZzCbmLdUc XCoCs3 Ul4h0wXBSW CSshwz9 qbRJbxnNlzJldsbv4n9YagJgk7SZmPB o1FByzpxZ ihssD9Wer1 Lp9nTY2HgLRBUJHkFD15i3HF0cidhtSVBOE0bb1QV86MgMnOJAf8ghxXiJEOFj IjrOde2Xy/C3xTXHl1lf4r5Z7RaBOQq505pad5KcMArqpUP8Hx08TFbWL3MYKI2KQeXCrKq7O Cqk7qcjAaB9yxMybYzvwJv2JI4FBoDevl0/MRwOEzIMbIolwqnjPL8Nb/d3mgx/PO/oaHzOkujeBz5pMYChBQHroJL00Iwgqy2FzlIc/0f9NRrE7B738myma3GzHHGsZvU7UXYeTPwXWgFN5 jWC cHtrZW9GDXKVXKu26fEu7wFE3Sqi0FipAJgOnRnN6pIpx0BN0Y1jue44nZNVCEKs4tXqM0if45oJYKe 7BRMgIbjlCuSkoAhRYL9724Bnbp6 dKX6d7jQgcInNr0mkamr67Ftthrednn0vHqn77ln urc jCrkJ1L6EwSzTjgldeMOUhvCGOYp SyhUcHEKnGfEKZHwsxBhW0&key=Khz5DLWBi1MOOYxweD5vRSs6FH4K0qWVQvBmsCxzS3uNnOAJ5Q8gCqN3AR0o4s4QGr1Hovu7BgL9F7PxsA/.../02PjxW9vIyJmthya20VKFdHeZ1wXQKs1mMKcsfDu4

Remove mozilla-firefox-beta-34-0-b6-32-bits.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.