» mozilla firefox setup.exe
Overview
Analysis
File Details
Downloads (1)

mozilla firefox setup.exe

WeDownload, Ltd

The application mozilla firefox setup.exe by WeDownload has been detected as adware by 33 anti-malware scanners. The program is a setup application that uses the Midia Downloader installer. The installer is marketed through download protals and search ads as the free Mozilla Firefox web browser but will also install additional software offers which include adware, PUPs and browser toolbars. The file has been seen being downloaded from mozilla-firefox.todownload.com.

File name:

Publisher:

WeDownload, Ltd (signed and verified)

Version:

1.0.0.0

MD5:

1159a5615b0b8f169222dc5e4f9194c1

SHA-1:

a39900c09dbd1481b6e873603cc00506c07b60c6

SHA-256:

9d47ee6b2b7b01ff10ce1b57dc9401453faac59b66da368537b93319b3bc8f33

Scanner detections:

33 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/24/2024 10:55:21 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Graftor.121372

5517384

Agnitum Outpost

PUA.Soft32Downloader

7.1.1

AhnLab V3 Security

Trojan/Win32.Gen

2015.05.20

Avira AntiVirus

APPL/Soft32Down.diq

8.3.1.6

avast!

Win32:Downloader-TOV [PUP]

150414-0

AVG

Adware Generic5.AVTZ

2014.0.4311

Bitdefender

Gen:Variant.Adware.Graftor.121372

1.0.20.695

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Agent-6696

0.98/20486

Comodo Security

Application.Win32.Agent.S

22179

Dr.Web

Adware.Downware.10564

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.121372

10.0.0.5366

ESET NOD32

Win32/Soft32Downloader.D potentially unwanted application

7.0.302.0

Fortinet FortiGate

Adware/Softdownmgr

5/19/2015

F-Prot

W32/Soft32Download.C.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Graftor

11.2015-19-05_3

G Data

Gen:Variant.Adware.Graftor.121372

15.5.25

K7 AntiVirus

Unwanted-Program

13.204.15963

Kaspersky

not-a-virus:HEUR:AdWare.Win32.Generic

14.0.0.2016

Malwarebytes

PUP.Optional.Soft32.A

v2015.05.19.08

McAfee

Program.Downloader-FMA

17.6.569.0

MicroWorld eScan

Gen:Variant.Adware.Graftor.121372

16.0.0.417

NANO AntiVirus

Trojan.Win32.Siggen.dekkrk

0.30.24.1357

Norman

Gen:Variant.Adware.Graftor.121372

03.12.2014 13:20:04

nProtect

Trojan-Clicker/W32.DownloadWare.1160856

15.05.19.01

Qihoo 360 Security

Trojan.Generic

1.0.0.1015

Quick Heal

PUA.DownloadWare.DC5

5.15.14.00

Reason Heuristics

PUP.WeDownload.Bundler

15.5.19.16

Rising Antivirus

PE:PUF.Soft32Downloader!1.9C52

23.00.65.15517

Total Defense

Win32/SillyDl.VdYdGM

37.1.62.1

Vba32 AntiVirus

Signed-AdWare.WeDownload

3.12.26.4

VIPRE Antivirus

Threat.4783370

39486

Zillya! Antivirus

Downloader.Soft32Download.Win32.1

2.0.0.2183

File size:

1.1 MB (1,160,856 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Midia Downloader

Language:

English (United States)

Common path:

C:\users\{user}\downloads\mozilla firefox setup.exe

Digital Signature

Signed by:

WeDownload, Ltd

Authority:

DigiCert Inc

Valid from:

2/5/2013 5:00:00 PM

Valid to:

2/11/2016 5:00:00 AM

Subject:

CN="WeDownload, Ltd", O="WeDownload, Ltd", L=Nicosia, C=CY

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0320C5B8F7CE6E92D3665598826A4480

File PE Metadata

Compilation timestamp:

7/11/2013 2:04:24 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:EFVRc+TS2Mt1nFae2kRgNvs8RpPbeZeEVcNRsMDmMt4:ETRlTSrgN3rKZNOXsMDPt

Entry address:

0x37B960

Entry point:

60, BE, 00, A0, 67, 00, 8D, BE, 00, 70, D8, FF, C7, 87, 34, 9C, 2C, 00, 36, 68, 14, 46, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46... 
[+]

Entropy:

7.8982

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

1 MB (1,060,864 bytes)

The file mozilla firefox setup.exe has been seen being distributed by the following URL.

http://mozilla-firefox.todownload.com/get/file/id/.../?lp=adwords&tg=us&kw=Mozilla firefox&mt=b&ad=25224559398&pl=&ds=s&gclid=CLz9mKm5qrgCFaI7MgodCncARg

Remove mozilla firefox setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.