» firefox_setup.exe
Overview
Analysis
File Details
Downloads (1)

firefox_setup.exe

DownloadManager.exe

Optimum Installer

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application firefox_setup.exe, “Firefox Setup ” by Optimum Installer has been detected as adware by 35 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. With this installer, users are expecting to download the free Mozilla Firefox web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.

File name:

firefox_setup.exe

Publisher:

DownloadManager (signed by Optimum Installer)

Product:

DownloadManager.exe

Description:

Firefox Setup

Version:

3.1.5

MD5:

779a1ff325e5e6cc577e3da43fdc106a

SHA-1:

2ff5025f4bbc2eac787fa737b46123e9a0a327ae

SHA-256:

d7f187aa198c4ff2af2604799a715956f0b7f13e6222bf544b992b2b19defbdd

Scanner detections:

35 / 68

Status:

Adware

Explanation:

This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/30/2024 8:03:24 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

MemScan:Trojan.Generic.8819250

588

Agnitum Outpost

Adware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.IBryte

15.06.26

Avira AntiVirus

ADWARE/Adware.Gen7

7.11.150.242

avast!

Win32:Installer-J [PUP]

2014.9-150626

AVG

Adware Generic5

2016.0.3066

Bitdefender

Application.Generic.514087

1.0.20.885

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

WIN.Adware.Ibryte-104

0.98/213

Comodo Security

ApplicUnwnt.Win32.AdWare.iBryte.H

18308

Dr.Web

Adware.Downware.1022

9.0.1.0177

Emsisoft Anti-Malware

MemScan:Trojan.Generic.8819250

8.15.06.26.01

ESET NOD32

Win32/Adware.iBryte.G application

9.7.0.302.0

Fortinet FortiGate

Riskware/IBryte

6/26/2015

F-Prot

W32/Ibryte.C.gen

v6.4.6.5.141

F-Secure

MemScan:Trojan.Generic.8819250

11.2015-26-06_6

G Data

Application.Generic.514087

15.6.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.178.12155

Kaspersky

not-a-virus:AdWare.Win32.Agent

14.0.0.1827

Malwarebytes

PUP.Optional.IBryte

v2015.06.26.01

McAfee

Program.Adware-FOO

5600.6722

MicroWorld eScan

Application.Generic.514087

16.0.0.531

NANO AntiVirus

Trojan.Win32.Downware.cstcrs

0.28.0.59921

Norman

MemScan:Trojan.Generic.8819250

11.20150626

nProtect

Trojan-Clicker/W32.iBryte.703272

14.11.06.01

Qihoo 360 Security

Malware.QVM10.Gen

1.0.0.1015

Quick Heal

PUA.Optimumins.Gen

6.15.14.00

Reason Heuristics

PUP.Adknowledge.OptimumInstaller.Installer (M)

15.6.26.9

Rising Antivirus

PE:Adware.iBryte!6.FB5

23.00.65.15624

Sophos

PUA 'iBryte Optimum Installer'

5.14

Trend Micro House Call

HV_OPTIMUM_CG0934BE.RDXN

7.2.177

Vba32 AntiVirus

SScope.Adware.OptimusInstaller.26607

3.12.26.0

VIPRE Antivirus

Threat.4778314

29418

Zillya! Antivirus

Adware.Agent.Win32.8091

2.0.0.1797

File size:

740.3 KB (758,056 bytes)

Product version:

3.1.5

Original file name:

Setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion

Language:

English (United States)

Common path:

C:\users\{user}\downloads\firefox_setup.exe

Digital Signature

Signed by:

Optimum Installer

Authority:

VeriSign, Inc.

Valid from:

10/11/2012 1:00:00 AM

Valid to:

11/7/2013 11:59:59 PM

Subject:

CN=Optimum Installer, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Optimum Installer, L=Kansas City, S=Missouri, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7C5F27B776ADBBB7943F700066A490BF

File PE Metadata

Compilation timestamp:

3/12/2013 6:28:27 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:H0lH7Uxir7AM0+21gnS/sN2xTkcIAA/ajBRC/Gp4/yVv:H0lbUxy7AM0+21gdN22cIAAeBG3/w

Entry address:

0x518DD

Entry point:

E8, 0B, E2, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 84, E2, 00, 00, 83, C4, 14, 5D, C3, FF, 35, CC, 3D, 4A, 00, E8, 0E, 4F, 00, 00, 59, 85, C0, 74, 02, FF, D0, 6A, 19, E8, 3B, A7, 00, 00, 6A, 01, 6A, 00, E8, 83, E5, 00, 00, 83, C4, 0C, E9, 64, E4, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 66, 8B, 08, 40, 40, 66, 85, C9, 75, F6, 2B, 45, 08, D1, F8, 48, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 55, 08, 53, 56, 57, 33, FF, 3B, D7, 74, 07, 8B, 5D, 0C, 3B... 
[+]

Entropy:

6.5376

Code size:

452 KB (462,848 bytes)

The file firefox_setup.exe has been seen being distributed by the following URL.

http://install2.ez-download.com/o/.../Firefox_setup.exe

Remove firefox_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.