home

cnet_firefox setup 6_0_exe.exe

CNET Download.com Installer

CBS Interactive, Inc.

The application cnet_firefox setup 6_0_exe.exe by CBS Interactive has been detected as a potentially unwanted program by 16 anti-malware scanners. The program is a setup application that uses the DownloadCom Spot Install installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The installer is marketed through download protals and search ads as the free Mozilla Firefox web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
CBS Interactive  (signed by CBS Interactive, Inc.)

Product:
CNET Download.com Installer

Version:
1.2.3.0

MD5:
47e056d7be64d0e06b2269d51f6dec3f

SHA-1:
e41fcb28fa2e58da18de0e7e44a410a5942c8ef5

SHA-256:
41f37aa4459088c82c5368f22eccc7e23c9b4893cb1e657ada54e1a3ba968c19

Scanner detections:
16 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 10:32:19 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adtool.InstallCore.Gen.2
7.1.1

Avira AntiVirus
ADWARE/InstallCore.Gen
7.11.214.92

Bitdefender
Gen:Variant.Application.InstallCore.4
1.0.20.455

Clam AntiVirus
Adware.Downloader-207
0.98/19449

Dr.Web
Adware.InstallCore.2
9.0.1.091

ESET NOD32
Win32/InstallCore (variant)
9.6629

Fortinet FortiGate
Adware/InstallCore.D
4/1/2015

F-Prot
W32/InstallCore.I.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Application.InstallCore.4
11.2015-01-04_4

G Data
Win32.Trojan.Agent.AM83Y7
15.4.24

herdProtect (fuzzy)
variant of cnet_installfreerarextractfrog_exe.exe (PUP)
2015.7.6.0

Reason Heuristics
Bundler.PPI.Installer.CBS
15.4.1.0

Rising Antivirus
Suspicious
23.00.65.15330

SUPERAntiSpyware
PUP.CNETInstaller
9963

Trend Micro House Call
TROJ_GEN.F47V0109
7.2.91

Vba32 AntiVirus
WebToolbar.InstallCore
3.12.24.3

File size:
443.5 KB (454,120 bytes)

Product version:
1.2.3.0

Copyright:
CBS Interactive

File type:
Executable application (Win32 EXE)

Bundler/Installer:
DownloadCom Spot Install

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\cnet_firefox setup 6_0_exe.exe

Digital Signature
Signed by:
CBS Interactive, Inc.

Authority:
DigiCert Inc

Valid from:
7/8/2011 8:00:00 PM

Valid to:
7/12/2013 8:00:00 AM

Subject:
CN="CBS Interactive, Inc.", O="CBS Interactive, Inc.", L=San Francisco, S=California, C=US

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0203D2F5E7ABE93E2FC72BD3381C32C0

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:5A+SBz0oAt5c/572jwhhwVgS0YYljRKSVAQSeTrJQOcsPWWqXMsZ1RdHnW++PgqS:SBzKc/5721VghlVP1TlQEW5XvzjJqed

Entry address:
0xFE560

Entry point:
60, BE, 00, 00, 4A, 00, 8D, BE, 00, 10, F6, FF, C7, 87, 10, B7, 0B, 00, 7E, 0B, 1C, 4D, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Entropy:
7.8594

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
380 KB (389,120 bytes)

Remove cnet_firefox setup 6_0_exe.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.