mozilla_firefox_20.exe

Generic Internet

Ringier Axel Springer Polska Sp z o.o.

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application mozilla_firefox_20.exe, “Generic Internet Setup ” by Ringier Axel Springer Polska Sp z o.o has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. With this installer, users are expecting to download the free Mozilla Firefox web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Program Web   (signed by Ringier Axel Springer Polska Sp z o.o.)

Product:
Generic Internet

Description:
Generic Internet Setup

MD5:
59b66061f53d1ce4754e04a33f2307f5

SHA-1:
9ef3bc749d041351aabf3ea6c53adc3b8fbddd1d

SHA-256:
ba2dff20b06da24a6a659fbc9b9d48d6e4fa5335ea1e25b9a07cfaa36841100d

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
10/24/2020 3:56:42 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
16.11.13.15

File size:
962.7 KB (985,776 bytes)

Product version:
4.1

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\mozilla_firefox_20.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/17/2015 5:05:16 PM

Valid to:
4/20/2016 12:59:59 PM

Subject:
CN=Ringier Axel Springer Polska Sp z o.o., O=Ringier Axel Springer Polska Sp z o.o., L=Warszawa, C=PL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112124E7511A3CC4B3EC5ECEA81705B2D037

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:/XMpbjai5w3gnt1oFoSefqkP1DBX3cyDVk+xuACgkfUa:/XMA3s1nZ19XjpLxvChMa

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

Remove mozilla_firefox_20.exe - Powered by Reason Core Security