home

56a09dd39edc9ac18f91dab7fde966ad90b49d08

Firefox

Download Helper

This is part of the Air Installer, a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file 56a09dd39edc9ac18f91dab7fde966ad90b49d08 by Download Helper has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the AirInstaller Download Manager installer.
Publisher:
Download Helper  (signed and verified)

Product:
Firefox

Version:
3.0.0.74

MD5:
cccdf774a1eecc3662fa988d367ad259

SHA-1:
1ede6f90e2b4488122785773916c27c5d5078257

SHA-256:
8a96352366ccde110cc8b49e96136d0c6c55ce66dc586557947dd73f75f183f5

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
6/1/2024 3:18:48 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
17.3.7.2

File size:
788.3 KB (807,256 bytes)

Product version:
3.0.0.74

Copyright:
(c) Download Helper

Original file name:
Firefox_35.0.1_setup.exe

Bundler/Installer:
AirInstaller Download Manager

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\apple computer\mobilesync\backup\4a8a686b1c28da562a2ce02c88e79fe7a8a78f0d\56a09dd39edc9ac18f91dab7fde966ad90b49d08

Digital Signature
Signed by:
Download Helper

Authority:
VeriSign, Inc.

Valid from:
11/27/2014 7:00:00 PM

Valid to:
11/28/2015 6:59:59 PM

Subject:
CN=Download Helper, O=Download Helper, L=Victoria, S=British Columbia, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4263E777B200F4E7A16FDB1764B87576

File PE Metadata
Compilation timestamp:
2/2/2015 12:10:11 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x4D5CF

Entry point:
E8, 4E, 1A, 01, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 40, 4F, 4A, 00, 00, 74, 05, E9, B1, 1A, 01, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6...
 
[+]

Entropy:
7.1183

Remove 56a09dd39edc9ac18f91dab7fde966ad90b49d08 - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.