home

mozilla firefox setup.exe

WeDownload, Ltd

The application mozilla firefox setup.exe by WeDownload has been detected as adware by 30 anti-malware scanners. The program is a setup application that uses the Midia Downloader installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. With this installer, users are expecting to download the free Mozilla Firefox web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
WeDownload, Ltd  (signed and verified)

MD5:
d76e60aa1631f47fd2a9220eaaa89537

SHA-1:
3096bc6b4a2db1641e054de3c7ca55367ad60852

SHA-256:
6ddba71461936db52f7945d2417f14a6262b85e39d799db39ebdc1775461f2bc

Scanner detections:
30 / 68

Status:
Adware

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/4/2024 10:43:20 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Application.Generic.1195373
6216384

Agnitum Outpost
PUA.Soft32Downloader
7.1.1

AhnLab V3 Security
Win-PUP/Soft32Downloader
2014.11.16

Avira AntiVirus
APPL/Downloader.Gen
7.11.164.8

avast!
Win32:Downloader-TOV [PUP]
2014.9-150408

AVG
Wedownload
2016.0.3145

Bitdefender
Dropped:Application.Generic.1195373
1.0.20.490

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Outbrowse-2
0.98/19185

Dr.Web
Adware.Downware.10564, Adware.Downware.8933
9.0.1.05190

Emsisoft Anti-Malware
Dropped:Application.Generic.1195373
9.0.0.4799

ESET NOD32
MSIL/Soft32Downloader (variant)
9.9618

F-Secure
Riskware.Dropped:Application.Generic.1195373
5.13.68

G Data
Win32.Application.Soft32Downloader
15.4.24

herdProtect (fuzzy)
variant of mozilla firefox setup(1).exe (Adware)
2015.7.11.23

K7 AntiVirus
Unwanted-Program
13.176.11613

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.2220

Malwarebytes
PUP.Optional.BundleInstaller.A
v2015.04.08.11

McAfee
Trojan.Artemis!4667B69EE748
5600.6801

MicroWorld eScan
Dropped:Application.Generic.1195373
16.0.0.294

NANO AntiVirus
Trojan.Win32.Soft32Downloader.diraiz
0.28.6.63362

Panda Antivirus
Trj/OCJ.D
15.04.08.11

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Reason Heuristics
PUP.Bundler.WeDownload
15.4.8.19

Rising Antivirus
PE:Trojan.Win32.Generic.1648943E!373855294
23.00.65.15406

SUPERAntiSpyware
Trojan.Agent/Gen-WeDownload
9947

Trend Micro House Call
TROJ_GE.FE622C44
7.2.98

Vba32 AntiVirus
Downloader.Agent
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
27896

Zillya! Antivirus
Downloader.Agent.Win32.198825
2.0.0.1857

File size:
591.9 KB (606,104 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Midia Downloader (using Nullsoft Install System)

Digital Signature
Signed by:
WeDownload, Ltd

Authority:
DigiCert Inc

Valid from:
2/5/2013 7:00:00 PM

Valid to:
2/11/2016 7:00:00 AM

Subject:
CN="WeDownload, Ltd", O="WeDownload, Ltd", L=Nicosia, C=CY

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0320C5B8F7CE6E92D3665598826A4480

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:2wMDD4+ltGEmH53K6dum0NREzJx9TABBVZ9qIApk/xWz74yP6cm:2tgSkVxufGdicIApc004m

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9168

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove mozilla firefox setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.