firefox_setup.exe

Fileangels

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application firefox_setup.exe, “Premium Installer ” by Fileangels has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Adknowledge Fusion installer. The installer is marketed through download protals and search ads as the free Mozilla Firefox web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Premium Installer   (signed by Fileangels)

Product:
Premium Installer

Description:
Premium Installer

Version:
2.4.8.1

MD5:
e0d8a3ef5d6af19b082092e0eadd8c24

SHA-1:
dd0eb9f852063cdc62a7c30cd0e77b43cf43eefe

SHA-256:
7bfbb3fa3c7a4f72c5b8f1b18a9d255e50323fca5783b298d8b75262d42b38be

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
9/26/2017 10:09:45 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Adknowledge.Fileangels.Bundler (M)
16.1.20.20

File size:
70.4 KB (72,048 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) Premium Installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\firefox_setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/13/2014 8:00:00 PM

Valid to:
7/14/2015 7:59:59 PM

Subject:
CN=Fileangels, O=Fileangels, STREET=4600 Madison Ave FL 10, L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1D54F646CB5A85211464AF0FDAB3D591

File PE Metadata
Compilation timestamp:
10/27/2014 10:00:21 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
768:bR4D8au9T/3hT5FcJnISpUAe9t6zdI54cOaK9ZU9cBJeo8Q1:bR4D8au9eJnISphc66ON9tBJUM

Entry address:
0x468B

Entry point:
E8, 48, 05, 00, 00, E9, 36, FD, FF, FF, CC, FF, 25, 24, 61, 40, 00, FF, 25, 28, 61, 40, 00, CC, CC, 68, FD, 46, 40, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 1C, B0, 40, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, FF, 55, 8B, EC, FF, 75, 14, FF, 75, 10, FF, 75, 0C...
 
[+]

Entropy:
5.6561

Code size:
17.5 KB (17,920 bytes)

The file firefox_setup.exe has been seen being distributed by the following URL.

Remove firefox_setup.exe - Powered by Reason Core Security