home

mozilla-firefox-todownload.exe

The executable mozilla-firefox-todownload.exe has been detected as malware by 1 anti-virus scanner. The file has been seen being downloaded from mozilla-firefox.todownload.com.
MD5:
881fc1e4b7b0fcc91a0582d8ce438a33

SHA-1:
cbf2e83bd26bfb3afaf21a40160791996a1a3c31

SHA-256:
742002b9e9670436a74f2ed81440fa612a4eca51435e12b61fe910bea5ba1f93

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/16/2024 7:23:56 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.5.28.7

File size:
1 MB (1,096,976 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\mozilla-firefox-todownload.exe

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:31nZePuTJyGoDz1xMUzoz9m76jx4GRU87wmww58IgXm4:zePODUZWkGdL372w5/Q

Entry address:
0xCB930

Entry point:
55, 8B, EC, 83, C4, F0, B8, 70, FB, 40, 00, E8, FD, D4, FF, FF, 57, 55, 83, C4, F4, 89, 4C, 24, 04, 89, 14, 24, 8B, D0, 8B, EA, 81, E5, 00, F0, FF, FF, 03, 14, 24, 81, C2, FF, 0F, 00, 00, 81, E2, 00, F0, FF, FF, 89, 54, 24, 08, 8B, 44, 24, 04, 89, 28, 8B, 44, 24, 08, 2B, C5, 8B, 54, 24, 04, 89, 42, 04, 8B, 35, E4, 35, 47, 00, EB, 3C, 8B, 5E, 08, 8B, 7E, 0C, 03, FB, 3B, EB, 76, 02, 8B, DD, 3B, 7C, 24, 08, 76, 04, 8B, 7C, 24, 08, 3B, FB, 76, 1E, 6A, 04, 68, 00, 10, 00, 00, 2B, FB, 57, 53, E8, 26, FC, FF, FF...
 
[+]

Entropy:
6.9541

Developed / compiled with:
Microsoft Visual C++

Code size:
829.5 KB (849,408 bytes)

The file mozilla-firefox-todownload.exe has been seen being distributed by the following URL.

http://mozilla-firefox.todownload.com/get/file/.../835359?gclid=CIeUkrqourECFQQJRQodDEoAjA&s=pBLeSoFtHCa6I52jqcRFyQ&t=1364131040&ext=.exe

Remove mozilla-firefox-todownload.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.