home

mozilla-firefox-250-32-bits.exe

ISBRInstaller

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application mozilla-firefox-250-32-bits.exe by ISBRInstaller has been detected as adware by 22 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. With this installer, users are expecting to download the free Mozilla Firefox web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
ISBRInstaller  (signed and verified)

MD5:
6bc8a9bf6d8e4e06952ac9b2cab2e3f3

SHA-1:
2dd5ca6a5ad0ddb9625f946e41b0c2044c9813cc

SHA-256:
db05fbd1b186784c27e420b768428ab90730d8e4188600daa89b333b4dc072a9

Scanner detections:
22 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/19/2024 7:56:51 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
APPL/InstallCore.AL
7.11.115.36

AVG
InstallC
2016.0.3208

Bkav FE
W32.Clodb0d.Trojan
1.3.0.4562

Comodo Security
Application.Win32.Agent.AS
17316

Dr.Web
Trojan.Packed.24524
9.0.1.035

ESET NOD32
Win32/InstallCore.DO (variant)
9.9084

Fortinet FortiGate
Riskware/InstallCore
2/4/2015

F-Prot
W32/InstallCore.R3.gen
v6.4.7.1.166

G Data
Win32.Application.InstallCore.CJ
15.2.24

K7 AntiVirus
Trojan
13.174.10588

Malwarebytes
PUP.Optional.InstallCore
v2015.02.04.06

McAfee
Artemis!C17F09DF234E
5600.6864

NANO AntiVirus
Riskware.Win32.InstallCore.dfgmjw
0.28.6.63850

Qihoo 360 Security
HEUR/Malware.QVM20.Gen
1.0.0.1015

Reason Heuristics
PUP.ironSource
15.2.4.18

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.15202

Sophos
Install Core Click run software
4.97

SUPERAntiSpyware
PUP.InstallCore/Variant
10073

Trend Micro House Call
TROJ_GEN.F47V1029
7.2.35

Vba32 AntiVirus
Downware.InstallCore
3.12.24.3

VIPRE Antivirus
InstallCore.b
23626

File size:
657.8 KB (673,608 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\mozilla-firefox-250-32-bits.exe

Digital Signature
Signed by:
ISBRInstaller

Authority:
COMODO CA Limited

Valid from:
7/16/2013 9:00:00 PM

Valid to:
7/17/2014 8:59:59 PM

Subject:
CN=ISBRInstaller, O=ISBRInstaller, STREET=Ronthschilde 63, L=Tel Aviv, S=Tel Aviv, PostalCode=6527319, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
158EF632B1D9C77CF5AAB6A9367E7FCE

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:TSyMJfsGLCD3jpE3wvIhnpvISQgq4VcD2TmjWeAesdaGrLM4eOXnf2HKLP1:2yMJfsr3jpC5qIZiWeorMSXnfuu

Entry address:
0x98CC

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36 KB (36,864 bytes)

The file mozilla-firefox-250-32-bits.exe has been seen being distributed by the following URL.

http://esd.baixaki.com.br/programas/20518/.../mozilla-firefox-250-32-bits.exe

Remove mozilla-firefox-250-32-bits.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.