home

the wedownload manager-firefoxinstaller.exe

The weDownload Manager

weDownload

The application the wedownload manager-firefoxinstaller.exe, “The weDownload Manager exe” has been detected as adware by 7 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. The Firefox Installer is part of the Crossrider toolbar platform and is designed to install the Crossrider plugin within Mozilla Firefox. It will also manage the Firefox SQLite connectivity. While running, it connects to the Internet address stats.srvstatsdata.com on port 80 using the HTTP protocol.
Publisher:
weDownload

Product:
The weDownload Manager

Description:
The weDownload Manager exe

Version:
1000.1000.1000.1000

MD5:
a053206fefbfbf57f66326d7597a9591

SHA-1:
780902952fc4db3d6a5321273c4bd849a8635633

SHA-256:
dc1a9556edfe3aae1003b88eeecaafb7ea5116dcfb7b0e520a2ff24064d3c295

Scanner detections:
7 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. It will download and install the extension for Firefox.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
4/25/2024 4:24:56 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Lyrics
4.0.3.14221

ESET NOD32
Win32/Toolbar.CrossRider (variant)
8.9430

herdProtect (fuzzy)
variant of wifi protector addon-firefoxinstaller.exe (Adware)
2014.1.27.4

Malwarebytes
PUP.Optional.1ClickMovieDownloader.A
v2014.01.27.04

Reason Heuristics
PUP.Crossrider.Task.weDownload.h
14.2.21.22

Trend Micro House Call
TROJ_GEN.R00UH05B514
7.2.52

VIPRE Antivirus
Crossrider
25456

File size:
866 KB (886,784 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
The weDownload Manager.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\the wedownload manager\the wedownload manager-firefoxinstaller.exe

File PE Metadata
Compilation timestamp:
12/29/2013 12:38:13 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:UQ+ddcWHHXWJnEra/bSxxESSQpx4wA+0t6Tl5qW04RS9epbcMvTWAdw9OpTp0S:UQWauSE+/bSxxEL4vxiepYMbyCT

Entry address:
0x92260

Entry point:
E8, 99, EF, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 57, 8B, 7B, 08, 33, 3D, F8, 81, 4D, 00, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8B, 07, 8D, 73, 10, 83, F8, FE, 74, 0D, 8B, 4F, 04, 03, CE, 33, 0C, 30, E8, 53, A1, FF, FF, 8B, 4F, 0C, 8B, 47, 08, 03, CE, 33, 0C, 30, E8, 43, A1, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, D0, 00, 00, 00, 89, 45, E8, 8B, 45, 10, 89, 45, EC, 8D, 45, E8, 89, 43, FC, 8B, 43, 0C, 89, 45, F8, 83, F8, FE, 0F, 84, EE, 00...
 
[+]

Entropy:
6.5437

Code size:
710 KB (727,040 bytes)

Scheduled Task
Task name:
The weDownload Manager-firefoxinstaller

Trigger:
Logon (Runs on logon)

Action:
the wedownload manager-firefoxinstaller.exe \installxpi \agentregpath='the wedownload manager'


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to update.srvstatsdata.com  (69.16.175.42:80)

 
http://update.srvstatsdata.com/installer_updates/006536/update.json

TCP (HTTP):
Connects to stats.srvstatsdata.com  (176.32.99.41:80)

TCP (HTTP):
Connects to app-static.crossrider.com  (69.16.175.10:80)

Remove the wedownload manager-firefoxinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.