home

firefox_dsetup.exe

Firefox

Firseria

The setup program uses the Firseria/Solimba AppInstaller (DownloadMR) which is a monetization download manager that bundles additional adware offers, typically by wrapping legitimate applications. The application firefox_dsetup.exe by Firseria has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The installer is marketed through download protals and search ads as the free Mozilla Firefox web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Firseria  (signed and verified)

Product:
Firefox

Description:
Firefox setup

Version:
1.0.11.0

MD5:
7f0ec6201fb6ba8374251b808d376a06

SHA-1:
b81d40ab237762624e177d540da43a58b88d2c99

SHA-256:
9e76c7daaf156fb9c66525df9e7df887d01884fb05efa26cd7e3b9b854996b93

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/25/2024 4:52:24 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Solimba.Gen
7.11.145.56

avast!
Win32:PUP-gen [PUP]
2014.9-140425

AVG
MalSign.Solimba
2015.0.3494

Dr.Web
Adware.Toolbar.237
9.0.1.0115

Malwarebytes
PUP.Optional.Rapiddown
v2014.04.25.02

Reason Heuristics
PUP.Installer.Firseria.O
14.8.7.17

Sophos
Solimba Installer
4.98

Trend Micro House Call
ADW_RAPIDDOWN
7.2.115

Trend Micro
ADW_RAPIDDOWN
10.465.25

VIPRE Antivirus
DownloadMR
28592

File size:
358.3 KB (366,872 bytes)

Copyright:
AppInstaller 2014 (141140736)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\firefox_dsetup.exe

Digital Signature
Signed by:
Firseria

Authority:
GlobalSign nv-sa

Valid from:
11/11/2013 10:34:44 AM

Valid to:
11/12/2014 10:34:44 AM

Subject:
E=support@solimba.com, CN=Firseria, O=Firseria, L=Badalona, S=Barcelona, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112130C3B28D7C9C29B8B07321EF3F8A1462

File PE Metadata
Compilation timestamp:
2/19/2012 10:01:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
6144:HsaocyLCJM8414zav7uQU1JXkOstOe6cfG5Hs3CPf0z8eYf7zr4Iqw85uTfC:HtobOMBKavyzkjtQcu5M3CP8z8eYzztm

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.8432  (probably packed)

Code size:
34.5 KB (35,328 bytes)

The file firefox_dsetup.exe has been seen being distributed by the following URL.

http://dl.downloadohdooshieyei.com/g/.../firefox_dsetup.exe

Remove firefox_dsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.