» 29b97316-594c-4314-ab02-01677560dfea-4.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

29b97316-594c-4314-ab02-01677560dfea-4.exe

Firedive Downloader V9.0

installdaddy

The application 29b97316-594c-4314-ab02-01677560dfea-4.exe, “Firedive Downloader V9.0 exe” has been detected as adware by 22 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Firedive Downloader V9.0 by InstallDaddy Services Ltd. which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

Publisher:

installdaddy

Product:

Firedive Downloader V9.0

Description:

Firedive Downloader V9.0 exe

Version:

1000.1000.1000.1000

MD5:

1beacb93edb5ebee77de56654a3939bb

SHA-1:

8e9719c8e196c542d9b9f30bcacfe2e046ae0408

SHA-256:

55f04ac992d638231fd8e4b4b0f0aea8b9c18b1bc1d7c05fa7757badfe7e982a

Scanner detections:

22 / 68

Status:

Adware

Explanation:

InstallDaddy bunldes adware such as toolbars and unwanted browser extensions.

Analysis date:

4/18/2024 11:03:26 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.940592

927

Avira AntiVirus

Adware/CrossRider.A.1452

7.11.152.38

avast!

Win32:Malware-gen

2014.9-140723

AVG

Generic5

2015.0.3405

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.14723

Bitdefender

Adware.Generic.940592

1.0.20.1020

Emsisoft Anti-Malware

Adware.Generic.940592

8.14.07.23.09

ESET NOD32

Win32/Toolbar.CrossRider.AD (variant)

8.9870

Fortinet FortiGate

Riskware/Toolbar_CrossRider

7/23/2014

F-Secure

Adware.Generic.940592

11.2014-23-07_4

G Data

Adware.Generic.940592

14.7.24

K7 AntiVirus

Trojan

13.178.12257

Malwarebytes

PUP.Optional.FirediveDownloader.A

v2014.07.23.09

McAfee

Artemis!1BEACB93EDB5

5600.7061

MicroWorld eScan

Adware.Generic.940592

15.0.0.612

Panda Antivirus

Trj/CI.A

14.07.23.09

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

PUP.installdaddy.g

14.7.23.9

Sophos

Generic PUA IO

4.98

Trend Micro House Call

TROJ_GEN.R047C0OE714

7.2.204

Trend Micro

TROJ_GEN.R047C0OE714

10.465.23

VIPRE Antivirus

Crossrider

29760

File size:

778 KB (796,672 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Firedive Downloader V9.0.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\firedive downloader v9.0\29b97316-594c-4314-ab02-01677560dfea-4.exe

File PE Metadata

Compilation timestamp:

4/7/2014 8:08:35 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:nFawFThWbDOCStT+5iVpTJ3DI+x8Z3MEAsV75m2HRN+ZgSh/wqdw1pT0B:FawFt+u1FpJ3DI+x8ZFg2xoNh/8Te

Entry address:

0x8257F

Entry point:

E8, 44, EC, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41... 
[+]

Code size:

635 KB (650,240 bytes)

Scheduled Task

Task name:

29b97316-594c-4314-ab02-01677560dfea-4

Trigger:

Logon (Runs on logon)

Action:

29b97316-594c-4314-ab02-01677560dfea-4.exe \zblvjxp \heucr='firedive downloader v9.0' \lwcye=

The file 29b97316-594c-4314-ab02-01677560dfea-4.exe has been discovered within the following program.

Firedive Downloader V9.0 by InstallDaddy Services Ltd.

This is a potentially unwanted program (PUP) that bundles various additional offers during setup, typically ad-supported (adware) in functionality.

82% remove it

Remove 29b97316-594c-4314-ab02-01677560dfea-4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.