home

mozilla-firefox-todownload.exe

The application mozilla-firefox-todownload.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from mozilla-firefox.todownload.com.
MD5:
a5474e80456edc0ef2a956aee5a3b822

SHA-1:
122070c9d6d3b99816aea4deca3ccb41f9efaa46

SHA-256:
fc5b53b5334a4d4cdf15297172623b9eaa2c24438261de5a707a16889ca5b90b

Scanner detections:
19 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/23/2024 11:30:26 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
APPL/Downloader.Gen6
8.3.2.4

AVG
Adware InstallCore.FJ
2015.0.4460

Clam AntiVirus
Win.Adware.Installcore-99
0.98/21079

Comodo Security
Application.Win32.ClickRun.A
23634

Dr.Web
Adware.InstallCore.72
9.0.1.05190

ESET NOD32
Win32/InstallCore.AU potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/InstallCore
11/21/2015

F-Prot
W32/InstallCore.P.gen
4.6.5.141

IKARUS anti.virus
PUA.InstallCore
t3scan.1.9.5.0

K7 AntiVirus
Unwanted-Program
13.212.17928

Malwarebytes
Adware.ToDownload
v2015.11.21.11

NANO AntiVirus
Trojan.Win32.InstallCore.brpqbw
0.30.26.4751

Panda Antivirus
PUP/MultiToolbar.A
15.11.21.11

Sophos
PUA 'Install Core Click run software'
5.20

SUPERAntiSpyware
Adware.InstallCore
9493

Vba32 AntiVirus
BScope.Malware-Cryptor.InstallCore.2691
3.12.26.4

VIPRE Antivirus
Threat.4754767
45208

Zillya! Antivirus
Adware.InstallCore.Win32.647
2.0.0.2524

File size:
1 MB (1,087,384 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\mozilla-firefox-todownload.exe

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:dPGuuahje5+yT81hmjWfbl9GrF7RF2ohZmOOBXEPnUEM9:VGu59eUp7mSfbl9GB7Gobq0PU

Entry address:
0xCAD60

Entry point:
55, 8B, EC, 83, C4, F0, B8, 04, AA, 40, 00, E8, DF, CC, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 11, 40, 00, 04, 00, 00, 00, 00, 00, 00, 00, 10, 37, 40, 00, 1C, 37, 40, 00, 20, 37, 40, 00, 24, 37, 40, 00, 18, 37, 40, 00, 78, 34, 40, 00, 94, 34, 40, 00, D0, 34, 40, 00, 07, 54, 4F, 62, 6A, 65, 63, 74, 0C, 11, 40, 00, 07, 07, 54, 4F, 62, 6A, 65, 63, 74, 00, 11, 40, 00, 00, 00, 00, 00, 00, 00, 06, 53, 79, 73, 74, 65, 6D, 00...
 
[+]

Entropy:
6.9549

Developed / compiled with:
Microsoft Visual C++

Code size:
828 KB (847,872 bytes)

The file mozilla-firefox-todownload.exe has been seen being distributed by the following URL.

http://mozilla-firefox.todownload.com/get/file/.../838172?s=-i4tnxMNAZAOtHQIhCoBAA&t=1365110169&ext=.exe

Remove mozilla-firefox-todownload.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.