home

mozilla-firefox-beta-35-0-b4-32-bits.exe

Dove Delivery (Fried Cookie Ltd.)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application mozilla-firefox-beta-35-0-b4-32-bits.exe by Dove Delivery (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The installer is marketed through download protals and search ads as the free Mozilla Firefox web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Dove Delivery (Fried Cookie Ltd.)  (signed and verified)

MD5:
81da998563f806d89d6c8d7c1c605ca0

SHA-1:
835a32ec7b01085b595c99106be741fb9445156d

SHA-256:
4442dc3b87e0d97b4a5195d35afadf359dc64af439c7d75f11361692f160977f

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/16/2024 12:38:06 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.FC (M)
17.2.28.10

File size:
698.5 KB (715,296 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\mozilla-firefox-beta-35-0-b4-32-bits.exe

Digital Signature
Signed by:
Dove Delivery (Fried Cookie Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
10/27/2014 10:19:47 AM

Valid to:
10/23/2015 12:56:22 PM

Subject:
CN=Dove Delivery (Fried Cookie Ltd.), O=Dove Delivery (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112137EAE0964D7E3FEF23473D2D8D216639

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file mozilla-firefox-beta-35-0-b4-32-bits.exe has been seen being distributed by the following URL.

http://d.baixakifiles2.com/?ic_user_id=9289&data=9u8rvyql/P5StXYfW1NALpFGi4JNnmxwVUzTMM8WWoUzXJkleC2i7LKlcoYHdQDPz0EF9NVfdEHIBAEQ28WT/F LA0CCB3jSrjSgVbyXXOH6Td MDeYeMnsdU9amWIFOJ4ndrBu0dsSjnzgQB WAtWCWx0vLRJ4sR4F1w4lrzXqdXtlQrXTV S8/utaqMIdRQWOnbCyyHDD0dX1SVyJUEUskyz6AdavArNfiGPI3VMqRgBkCVnHsye13lfZcO vshg/JeqqiO09nG3Fp4fKrVYbytGDnFaWx9s6TigyeqLJg3J1jHhCn2mAC7DWj8g2U4cZ6AvzCNrCW6VpznEtFbEG se8vIulVFntGyFK4RFOusHudv9N RcuTKo5Zoz2mjj4LaFMUc XrRnwS6DvdxMAT3iAqyUQrMuH7vYwSwEjOgdtx3/WofSboM ohO9vN/4yGs6UQ6s5v2fe8vVH0E 0QA a/abPU6Q8002Fv4QdwyOrvBBtchWGDZ57IHd8iNMV2IqI7iTsste7Sr8 3doTcjO/QSVn7kRsCcHZTARcMMt/4uzXfGPUohcoxKfnlwkTannxuUOzrNUoZlpsXVn oSYw/tPrqKYYrEOXwzEVv/fIZrPhUcWLqRCBUNsRDpNZcyqAo4jMrhYHo3PguAVSItReNv/2BnHK/vyOpCfPx0o5 xDwRn1mZLvwBgbbRFhVUKdgdezZBoydGDFYbaJKmSFyFZjaxLkj g eDAuaw36gBX7MuW7ogpW3MSdi/wY59QZIv&key=hGKeHdExhI86LCkEPArjMqPewr4NwFjZIEVeEUt3y1KlTCez04TKIz17tjGK a/.../BHMr1cYWne5Jzdqnt1BtOVAkC

Remove mozilla-firefox-beta-35-0-b4-32-bits.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.