home

mozilla thunderbird setup.exe

WeDownload, Ltd

The application mozilla thunderbird setup.exe by WeDownload has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the Midia Downloader installer. With this installer, users are expecting to download Mozilla Thunderbird but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware. The file has been seen being downloaded from mozilla-thunderbird.todownload.com.
Publisher:
WeDownload, Ltd  (signed and verified)

MD5:
2039341619fafe1d482678b00b7a3458

SHA-1:
00cbc0e936baefb7c9f64ccaa83cc5b8d4582ef5

SHA-256:
a9926788c82817cc80ea3062419e2bd7b906c5f06841e540a694ff96f3674abb

Scanner detections:
10 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/29/2024 3:38:41 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Downloader-TOV [PUP]
140617-1

AVG
Wedownload
2015.0.3422

Dr.Web
Adware.Downware.5554
9.0.1.05190

ESET NOD32
MSIL/Soft32Downloader.C potentially unwanted application
7.0.302.0

G Data
Win32.Application.Soft32Downloader
14.7.24

McAfee
Artemis!CDBDC37C209A
5600.7078

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Reason Heuristics
PUP.Installer.WeDownload.Z
14.8.7.20

Trend Micro House Call
Suspici.18E75054
7.2.186

VIPRE Antivirus
Threat.4150696
29708

File size:
617.3 KB (632,136 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Midia Downloader (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\mozilla thunderbird setup.exe

Digital Signature
Signed by:
WeDownload, Ltd

Authority:
DigiCert Inc

Valid from:
2/5/2013 4:00:00 PM

Valid to:
2/11/2016 4:00:00 AM

Subject:
CN="WeDownload, Ltd", O="WeDownload, Ltd", L=Nicosia, C=CY

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0320C5B8F7CE6E92D3665598826A4480

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:lwMDD4jMmsyUokFdg8GYCLiNTA5qzHhNW4XmkSvn46P9sms:ltgjgbFdg2T3zDTXmkSvBPSm

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9238

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file mozilla thunderbird setup.exe has been seen being distributed by the following URL.

http://mozilla-thunderbird.todownload.com/get/file/.../1224555?lp=adwords&tg=us&kw=Windows essentials 2014&mt=p&ad=43415943918&pl=&ds=s&gclid=CjgKEAjw286dBRDmwbLi8KP71GQSJAAOk4sjBrvt7EVYd_Jlp1tToKiSlEuSaRWwYOrFt_ivknxk6vD_BwE

Remove mozilla thunderbird setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.