Hello! Just a short post before I call it a day. I found yet another file that bundled a bunch of unwanted programs, and the file was signed by App Setup (Fried Cookie Ltd.).
It’s possible to view additional information about the embedded certificate by right-clicking on the file, choosing properties and then clicking on the Digital Signatures tab. According to the certificate we can see that App Setup (Fried Cookie Ltd.) is located in Tel Aviv, Israel and that the certificate is issued by GlobalSign CodeSigning CA – G2.
The problem here is that if mozilla_firefox.exe really was a setup file for Mozilla Firefox, it would be digitally signed by Mozilla Corporation and not by some unknown company. Here’s how the real Mozilla Firefox download looks like in the UAC dialog. Note that the verified publisher is Mozilla Corporation.
Adware/InstallCore.A.530, InstallCore (fs), a variant of Win32/InstallCore.SX and InstallCore (fs) are some detection names according to VirusTotal:
Did you also find a App Setup (Fried Cookie Ltd.) file?
Thanks for reading.