home

mozilla_firefox.exe

DownloadAstro Downloader

Bully Unity LTD

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application mozilla_firefox.exe by Bully Unity has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The installer is marketed through download protals and search ads as the free Mozilla Firefox web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
DownloadAstro  (signed by Bully Unity LTD)

Product:
DownloadAstro Downloader

Version:
1.0.5.a0.1_34216

MD5:
a4539684062946ac7eb447c440cd942d

SHA-1:
288c80da9c6af576a5f9d2f212a8ca72f7664b79

SHA-256:
84c3d86cc12d84763dc7d5af00573cdeee90960c4c7f758d6e4920e74d3c70aa

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/19/2024 8:42:56 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/InstallCore.Gen4
7.11.213.12

AVG
Generic
2016.0.3183

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.1532

Comodo Security
Application.Win32.InstallCore.DQZ
21260

Dr.Web
Trojan.InstallCore.51
9.0.1.05190

ESET NOD32
Win32/InstallCore.WC potentially unwanted (variant)
9.11252

K7 AntiVirus
Trojan
13.1915120

Qihoo 360 Security
Win32/Virus.Adware.eef
1.0.0.1015

Reason Heuristics
PUP.installCore
15.3.2.0

VIPRE Antivirus
Threat.4150696
37788

File size:
736.5 KB (754,216 bytes)

Product version:
1.0.5.a0.1_34216

Copyright:
DownloadAstro

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\mozilla_firefox.exe

Digital Signature
Signed by:
Bully Unity LTD

Authority:
DigiCert Inc

Valid from:
12/18/2014 5:30:00 AM

Valid to:
12/23/2015 5:30:00 PM

Subject:
CN=Bully Unity LTD, O=Bully Unity LTD, L=Jerusalem, C=IL

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0561C0FEA93F47093CCED2BA6A4400F1

File PE Metadata
Compilation timestamp:
6/20/1992 3:52:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:Ao4vph7gZq8z2tcLrQlOhNApwAkuFKx/oD3pNiCzRTsTD3QsWLdYmYE2Qwep:Apvfiq8z2CL5SyAkuFKx/oD3p8QdsTUP

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8177

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

Remove mozilla_firefox.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.