home

installer_firefox_english.exe

Statscom

This is the Tightrope WebInstall which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application installer_firefox_english.exe by Statscom has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the Tightrope WebInstall installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. With this installer, users are expecting to download the free Mozilla Firefox web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Statscom  (signed and verified)

MD5:
49cc69fda37dfeb266a92975610626a8

SHA-1:
09b9ede131ffbf0b87180dc7cf767d28bf29c794

SHA-256:
a00739503b72a5968d68ce9c45e6380f6b25ac445d971bc8d84da8b8d9663d87

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/27/2024 11:58:30 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Downware
2014.12.03

Avira AntiVirus
ADWARE/Adware.Gen
7.11.30.172

AVG
Generic
2015.0.3344

Dr.Web
Adware.Downware.2220
9.0.1.0264

ESET NOD32
Win32/DownloadAdmin (variant)
8.10816

F-Secure
Adware:W32/WebInstallBundle
11.2014-21-09_1

IKARUS anti.virus
Trojan.Dropper
t3scan.1.8.3.0

Malwarebytes
PUP.Optional.DownloadAdmin
v2014.09.21.12

NANO AntiVirus
Riskware.Win32.Downware.djahkt
0.28.6.63850

Norman
InstallCore.WQEC
11.20141203

Reason Heuristics
PUP.Statscom.Z
14.9.30.13

VIPRE Antivirus
Threat.4783369
35224

File size:
823.6 KB (843,360 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Tightrope WebInstall (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\installer_firefox_english.exe

Digital Signature
Signed by:
Statscom

Authority:
VeriSign, Inc.

Valid from:
7/22/2014 1:00:00 AM

Valid to:
7/22/2017 12:59:59 AM

Subject:
CN=Statscom, O=Statscom, L=SAN FRANCISCO, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
168FC1E941808849273C2F629E69FF2D

File PE Metadata
Compilation timestamp:
7/15/2014 5:29:31 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:UxpJfslZtuaVd9lpmhwQbift489IVGD4xJFl6Xqb5Kbmkg8SUw:op9sVuaVdvgVbmgGDijyikg5h

Entry address:
0x3345

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, B0, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, C0, 70, 40, 00, 53, FF, 15, 88, 72, 40, 00, 6A, 08, A3, B8, 3C, 42, 00, E8, 2E, 25, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, 3B, 42, 00, 8D, 44, 24, 38, 50, 53, 68, 43, 74, 40, 00, FF, 15, 64, 71, 40, 00, 68, 38, 74, 40, 00, 68, C0, 33, 42, 00, E8, 1F, 24, 00, 00, FF, 15, BC, 70, 40, 00, 50, BF, 00, 90, 42, 00, 57, E8, 0D, 24, 00, 00...
 
[+]

Entropy:
7.4911

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file installer_firefox_english.exe has been seen being distributed by the following URL.

http://firefox.descargar.es/.../down.php?p=UK-7SEARCH&kw=mozilla firefox

Remove installer_firefox_english.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.