home

mozilla-thunderbird.exe

Mozilla-thunderbird.

Download Assistant

This is part of the Air Installer, a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application mozilla-thunderbird.exe, “Mozilla-thunderbird. ” by Download Assistant has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the AirInstaller Download Manager installer. The installer is marketed through download protals and search ads as Mozilla Thunderbird but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Download Assistant   (signed by Download Assistant)

Product:
Mozilla-thunderbird.

Description:
Mozilla-thunderbird.

Version:
3.0.0.13

MD5:
75b056de4ac9fb15c4c5ae88ba99461a

SHA-1:
41c30c1ac853c73458c68a2af8b607f3094f17a2

SHA-256:
a22766c2364664b213bddfaa4b8e039a989089f7fd281d27d2c25c5d1923561d

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Bundles the Conduit Toolbar and/or Conduit Search Protect.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/16/2024 8:44:15 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Downloader.Gen
7.11.216.52

avast!
Win32:Malware-gen
150129-1

AVG
Generic
2016.0.3173

Dr.Web
Adware.Conduit.244
9.0.1.05190

ESET NOD32
Win32/DownloadAssistant.A potentially unwanted application
7.0.302.0

herdProtect (fuzzy)
variant of realplayer setup.exe (Adware)
2015.6.17.21

IKARUS anti.virus
PUA.DownloadAssistant
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.200.15232

Malwarebytes
PUP.Optional.DownloadAssistant
v2015.03.11.01

Panda Antivirus
Generic Suspicious
15.03.11.01

Reason Heuristics
PUP.Bundler.Air Software
15.3.11.13

Sophos
PUA 'AirInstaller'
5.11

VIPRE Antivirus
Threat.4782985
37788

File size:
867.9 KB (888,680 bytes)

Product version:
3.0.0.13

Copyright:
(c) Download Assistant

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
AirInstaller Download Manager

Language:
English (United States)

Common path:
C:\users\{user}\downloads\mozilla-thunderbird.exe

Digital Signature
Signed by:
Download Assistant

Authority:
VeriSign, Inc.

Valid from:
8/13/2014 1:00:00 AM

Valid to:
8/13/2016 12:59:59 AM

Subject:
CN=Download Assistant, O=Download Assistant, L=Victoria, S=British Columbia, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6BC405E8AC962C676F54816BCC4D4311

File PE Metadata
Compilation timestamp:
9/18/2014 11:10:09 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:J/61EbipgiXMqz0HBSvwke4MLx1sr+QuEAeK35pz:J/61ECgiDzNvwkbOx1lQuEw

Entry address:
0x49C7F

Entry point:
E8, 6E, 07, 01, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 60, F4, 49, 00, 00, 74, 05, E9, D1, 07, 01, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6...
 
[+]

Entropy:
7.1978

Code size:
451 KB (461,824 bytes)

The file mozilla-thunderbird.exe has been seen being distributed by the following URL.

http://download.program-assist.com/v2/click/18a7551f/?d=http://www.installer-assist.com/download/thunderbird.exe&key=55ed610be06ca51f68f2c4017dbba83bbb4b22f77316d7204e5516c0cf8c992e&sid=uk-Mozilla-thunderbird.&uid=uk-Mozilla-thunderbird.&affiliate_image=http://download-assist.com/admin/.../Mozilla Thunderbird_i.png&product_image=http://download-assist.com/admin/.../Mozilla Thunderbird_p.png&n=Mozilla-thunderbird.&filename=Mozilla-thunderbird

Remove mozilla-thunderbird.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.