» firefox.exe
Overview
Analysis
File Details
Downloads (1)

firefox.exe

The application firefox.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from downloader.ez-download.com.

File name:

firefox.exe

MD5:

7c2c01c03935f77975cb9d2a6f0d0ff0

SHA-1:

620dcc34146c64af2105f6efd51e0aadd2cd8187

SHA-256:

acf9d7e8b26d76a18378b25a0099b0ab859f21de5f1c99f1eec852b5ba57e89d

Scanner detections:

16 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

4/26/2024 2:13:59 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.OutBrowse

7.1.1

AhnLab V3 Security

PUP/Win32.OutBrowse

2015.03.03

Avira AntiVirus

PUA/Outbrowse.Gen

7.11.213.42

Dr.Web

Threat.Undefined

9.0.1.05190

ESET NOD32

Win32/OutBrowse.J potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/OutBrowse

3/2/2015

F-Prot

W32/Outbrowse.B.gen

v6.4.7.1.166

G Data

Win32.Application.OutBrowse

15.3.25

Kaspersky

not-a-virus:Downloader.NSIS.OutBrowse

15.0.0.543

McAfee

Program.Adware-OutBrowse

16.8.708.2

NANO AntiVirus

Trojan.Win32.Generic.cthmwf

0.30.0.296

nProtect

Trojan/W32.Agent.104325

15.03.02.01

Trend Micro House Call

TROJ_GEN.R08NC0PBQ15

7.2.61

Trend Micro

TROJ_GEN.R08NC0PBQ15

10.465.02

Vba32 AntiVirus

Downloader.NSIS.OutBrowse.o

3.12.26.3

VIPRE Antivirus

Threat.4150696

37788

File size:

101.9 KB (104,325 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\Documents and Settings\{user}\My documents\downloads\firefox.exe

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:EgXdZt9P6D3XJ+CWZ5Ky/9XO3jR0eWSzUu/0W9:Ee34t2UQ9OzRgW/cq

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.6689

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file firefox.exe has been seen being distributed by the following URL.

http://downloader.ez-download.com/download.php?id=23a0a912fd4ad218814beb3f5bd715001d751573&z=8&p=eyJweSI6ImV6IiwicnMiOiJnb29nbGUiLCJydCI6InNlYXJjaCIsImMiOiJ1cyIsIm8iOiJ3aW54cCIsImIiOiJjaDMyIiwidV9pZCI6ImV6XzUyZjc5NDUyOTgxZjQ1LjU0MjkxMjY1IiwicGFfaWQiOiI4Iiwic3RfaWQiOiIwIiwic3BfaWQiOiIwMDAwLTAwMDAiLCJ0cyI6MTM5MTk1NzA3NCwia3ciOiJmaXJlZm94IGJyb3dzZXIiLCJjdSI6ImZpcmVmb3ggYnJvd3NlciIsImNhIjpudWxsfQ==

Remove firefox.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.