mozilla firefox.exe

Mozilla Firefox

Download Manager

This is part of the Air Installer, a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application mozilla firefox.exe, “Mozilla Firefox ” by Download Manager has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the AirInstaller Download Manager installer. With this installer, users are expecting to download the free Mozilla Firefox web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
DownloadManagercerts   (signed by Download Manager)

Product:
Mozilla Firefox

Description:
Mozilla Firefox

Version:
2.0.63.0

MD5:
0c5a6d94676bbeea4b6c8a534beb10d9

SHA-1:
0cc0ea6f1e808b5f45a23db9e2a09539632810ac

SHA-256:
3a20a3213b4ed6892079a0066a52d52b1ce7a9276613ea6dc2b67191e1519b2c

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/26/2024 8:46:24 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Air Software.Download.Bundler (M)
16.6.5.18

File size:
910.3 KB (932,192 bytes)

Product version:
2.0.63.0

Copyright:
(c) DownloadManagercerts

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
AirInstaller Download Manager

Language:
English (United States)

Common path:
C:\users\{user}\downloads\mozilla firefox.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/10/2014 1:00:00 AM

Valid to:
7/12/2017 12:59:59 AM

Subject:
CN=Download Manager, O=Download Manager, L=Victoria, S=British Columbia, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6771A39C2739AF7082C1C8D8234BB168

File PE Metadata
Compilation timestamp:
8/27/2014 11:22:44 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:uM25uamKeyBa4dVUWu+ILJGJyzF2EKHAG5UZihDVy3v:uYamKeydVtI4MzF85/x4

Entry address:
0x29F530

Entry point:
60, BE, 00, D0, 5C, 00, 8D, BE, 00, 40, E3, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.8751

Packer / compiler:
UPX 2.90LZMA

Code size:
844 KB (864,256 bytes)

The file mozilla firefox.exe has been seen being distributed by the following URL.

Remove mozilla firefox.exe - Powered by Reason Core Security