» 29b97316-594c-4314-ab02-01677560dfea-5.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

29b97316-594c-4314-ab02-01677560dfea-5.exe

Firedive Downloader V9.0

installdaddy

The application 29b97316-594c-4314-ab02-01677560dfea-5.exe, “Firedive Downloader V9.0 exe” has been detected as adware by 21 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Firedive Downloader V9.0 by InstallDaddy Services Ltd. which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

Publisher:

installdaddy

Product:

Firedive Downloader V9.0

Description:

Firedive Downloader V9.0 exe

Version:

1000.1000.1000.1000

MD5:

c0185ef47b0b1528dca40adf840fbb91

SHA-1:

06957a1fd3a984eb2355a2f5620e623c2ada4f9c

SHA-256:

ed783d4f7773f319202d88a78757ffd15442261816509594e81ba543350097f5

Scanner detections:

21 / 68

Status:

Adware

Explanation:

InstallDaddy bunldes adware such as toolbars and unwanted browser extensions.

Analysis date:

4/26/2024 7:10:22 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11248825

927

Avira AntiVirus

Adware/CrossRider.AE

7.11.150.126

avast!

Win32:Malware-gen

2014.9-140723

AVG

Generic5

2015.0.3405

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.14723

Bitdefender

Trojan.Generic.11248825

1.0.20.1020

Emsisoft Anti-Malware

Trojan.Generic.11248825

8.14.07.23.09

ESET NOD32

Win32/Toolbar.CrossRider.AC (variant)

8.9822

Fortinet FortiGate

Riskware/Toolbar_CrossRider

7/23/2014

F-Secure

Trojan.Generic.11248825

11.2014-23-07_4

G Data

Trojan.Generic.11248825

14.7.24

K7 AntiVirus

Trojan

13.177.12128

Malwarebytes

PUP.Optional.FirediveDownloader.A

v2014.07.23.09

McAfee

Artemis!C0185EF47B0B

5600.7061

MicroWorld eScan

Trojan.Generic.11248825

15.0.0.612

nProtect

Trojan.Generic.11248825

14.05.19.01

Reason Heuristics

PUP.installdaddy.g

14.7.23.9

Sophos

Generic PUA AG

4.98

Trend Micro House Call

TROJ_GEN.R047C0OE714

7.2.204

Trend Micro

TROJ_GEN.R047C0OE714

10.465.23

VIPRE Antivirus

Crossrider

29406

File size:

314 KB (321,536 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Firedive Downloader V9.0.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\firedive downloader v9.0\29b97316-594c-4314-ab02-01677560dfea-5.exe

File PE Metadata

Compilation timestamp:

4/7/2014 8:08:15 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:Np/qS33Sk+3AJ/JSKjmp3mWYUOQpz874Movor4pXp5OpOPMoeytHpTBfU8+5fneT:v/qS33SkqAJ/qcgVMgk4gg/HpTBlUx

Entry address:

0x27561

Entry point:

E8, 91, 98, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 90, B6, 44, 00, E8, 59, 25, 00, 00, E8, D9, 16, 00, 00, 0F, B7, F0, 6A, 02, E8, 24, 98, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, EB, 55, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

233 KB (238,592 bytes)

Scheduled Task

Task name:

29b97316-594c-4314-ab02-01677560dfea-5

Trigger:

Logon (Runs on logon)

Action:

29b97316-594c-4314-ab02-01677560dfea-5.exe \gzvotw \heucr='firedive downloader v9.0' \ppskbo=

The file 29b97316-594c-4314-ab02-01677560dfea-5.exe has been discovered within the following program.

Firedive Downloader V9.0 by InstallDaddy Services Ltd.

This is a potentially unwanted program (PUP) that bundles various additional offers during setup, typically ad-supported (adware) in functionality.

82% remove it

Remove 29b97316-594c-4314-ab02-01677560dfea-5.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.