mozilla_firefox.exe

Noce

Dov gil Management Ltd.

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application mozilla_firefox.exe, “Noce Setup ” by Dov gil Management has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The installer is marketed through download protals and search ads as the free Mozilla Firefox web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Dov gil Management Ltd.  (signed and verified)

Product:
Noce

Description:
Noce Setup

MD5:
7365a7b534a9def0a6e928f0060c7f45

SHA-1:
b6e570d008dafa5de658b4690441432edf3911f3

SHA-256:
6223a8435b22acebd269c1016d61a74f7874310439865653362aec67b2b4774d

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/14/2024 3:02:16 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
17.3.15.11

File size:
1.1 MB (1,181,504 bytes)

Product version:
3.2.1

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\mozilla_firefox.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
2/25/2016 11:55:19 AM

Valid to:
2/25/2017 11:55:19 AM

Subject:
CN=Dov gil Management Ltd., O=Dov gil Management Ltd., L=Petah Tikva, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112122DD56D12EE23B1F04CC8EDD5FC6C88B

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xAA98

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
40.5 KB (41,472 bytes)

The file mozilla_firefox.exe has been seen being distributed by the following URL.

http://www.bytepresentbyte.com/PvPlEekp4t4sSJKMqqrI5sbh2Fd0yOMRc5gvr6mLanabmL6UrL1_KDHDwXBUAhMSEmTXqjbL4GB4aX 5WnmQ6KyzQzIyAvbzF4i7KbHdSyUeQYQid 7Mmc4vEqx3pFghlOFeffvIoO0RHzWqdh9u_rr9Ybu_TZ4TQZj7NPhcNC5Dv pzitud1rEkxZKYSiXxV1tMwjPA4zhe0kXRY0nT7crTri8Cq5FCSCVaqAL4aMJPJts2UEP_klH74TPQawfYrnjfXClITCrBgL1QwO_ZS3XUfyH0rWBhEVAtlpCcVkiKkGO3pxTX3xbO5Es 5L7VCXBQgFwCavO7E2lgkV4wiYsEW9WSvXM4mfD2zuK0rOTyGY1J5JvqT5rsZaKaLYlZo99DpiHkOKUSX2rq9jv_spEBoU7ViObcvnW6yNSKUMbWO4oEyIeI0_aNnqRfgJfUny4zIrzWGjEkDHVEGJbC7lA4n6IEI_p9 meVLQZsZ_aA8CptuHttVc8q0lwjYY5I1GoGBOTbav18uu1fa41i1nY8SuFJyA==-G4YAAGR3fp9zPuVY4nqWtFhtFAa5OHDYLRtI7wnHOQZ1w8GwKeWSZzPwNnbPQkM3sBxyrz_yVWMrf9XSkvqvml8s_o3e8TsY5fZgui3ADfkh0SJ7xot8IRQ=-e

Remove mozilla_firefox.exe - Powered by Reason Core Security