home

mozilla-firefox.exe

Lubogehe

UpdateStar GmbH

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application mozilla-firefox.exe, “Lubogehe Setup ” by UpdateStar GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The installer is marketed through download protals and search ads as the free Mozilla Firefox web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Sed   (signed by UpdateStar GmbH)

Product:
Lubogehe

Description:
Lubogehe Setup

Version:
3.2.1.6

MD5:
3bcb82c06aa00aaa621db858f1ee4ddd

SHA-1:
0a28f0b46e3b79ca7eafc76def886400a19b176f

SHA-256:
dfffbfaa2cecd3d99c06dc149ce466d5da368f31743248a8176bc9c33c40d4d6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/26/2024 7:56:44 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
16.8.6.23

File size:
1 MB (1,072,768 bytes)

Product version:
2.2

Copyright:
program

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\mozilla-firefox.exe

Digital Signature
Signed by:
UpdateStar GmbH

Authority:
GlobalSign nv-sa

Valid from:
1/25/2016 11:35:00 AM

Valid to:
3/23/2017 3:24:09 PM

Subject:
CN=UpdateStar GmbH, O=UpdateStar GmbH, L=Berlin, S=Berlin, C=DE

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C7585A2F5B2218EC6B36D472BA6496D8

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:wgr2Vg/5m8HTNds87sRAS16y6VQknNpu/bqCvvDfqB4UmutHNSR:wgyG/5myTNds8w/6y0YGCvvDMdtu

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file mozilla-firefox.exe has been seen being distributed by the following URL.

http://www.bestcleanshare.com/c?x= xYKsAp9pp3YQ4RAtHq9xiusqdq/oGp2ZP/u8ihwLgs=&c=WpK /6vCvzvd0NeXBPAPOnu V1OwpuLpD4A7MdV6/4vPAEokfm8map58XuDN9qwl0//HJJrjhu8cb7Y2bH/vTZKiHb44uyHym3VtfelluDJ6GP3oQg/m7MBJCMMArBhn&downloadAs=mozilla-firefox.exe&fallback_url=https://download-installer.cdn.mozilla.net/pub/firefox/releases/38.0/win32/.../Firefox Setup 38.0.exe

Remove mozilla-firefox.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.