Where did you install Firefox from? Help Mozilla uncover 3rd party websites that offer problematic Firefox installation by taking part in our campaign. There will be swag, and you'll be featured in our blog if you manage to report at least 10 valid reports!

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

Learn More

why does this hybrid analysis "detects" two viruses in the installer?

  • 6 个回答
  • 3 人有此问题
  • 4 次查看
  • 最后回复者为 andnik

more options

The hybrid analysis here https://www.hybrid-analysis.com/sample/19749847da2a7145770c71910a90e870724d39b2bdb4efbb7bedd917f7a05926?environmentId=100

says that the installer contains "The analysis extracted a file that was identified as malicious details 1/10 Antivirus vendors marked dropped file "plugin-container.exe" as malicious (classified as "Trojan.Heur" with 10% detection rate) 1/10 Antivirus vendors marked dropped file "System.dll" as malicious (classified as "Adware.Domage.Neobar.BF" with 10% detection rate)"

I really don't trust the results of that site but I am wondering why it says that. Other languages installers and they have different results.

https://www.hybrid-analysis.com/sample/0fc2c18c0242e09c2cd3cbe0eb3bc7d5009ebfb4efbe5a8e2ea2edba14c90a36?environmentId=120 https://www.hybrid-analysis.com/sample/1c4bbdd279263c6ca7501930149a58341b4cac933ebcc329756810a4090f7235?environmentId=120 https://www.hybrid-analysis.com/sample/930bb9bd06c6eb6416ef458f0286d1e2a49a0a61c66355e565c098b2f381b587?environmentId=120 https://www.hybrid-analysis.com/sample/7a7823bfedbebde7eaf9ffbbb4ce5b97475184134e1cca70a48ef131d1516871?environmentId=120 https://www.hybrid-analysis.com/sample/c96c212db817a4df881ea55513d3045c2e9de9ae4fccc2ec6f3b37cd058d2612?environmentId=120 https://www.hybrid-analysis.com/sample/6fa4e30da6778137cf1f44cc6e644e5cb960624ddd5ac5a183b7ac40f33c4511?environmentId=120 https://www.hybrid-analysis.com/sample/e0c83d4a2266b43db51e67572d803159665e7d0f3908ed6c97c04b8efac82b94?environmentId=120 https://www.hybrid-analysis.com/sample/8b5e6ea5324a34fecd29b72c6dbe9b3e4038ae51edf4f6436704d363c0d39c0e?environmentId=120

The hybrid analysis here https://www.hybrid-analysis.com/sample/19749847da2a7145770c71910a90e870724d39b2bdb4efbb7bedd917f7a05926?environmentId=100 says that the installer contains "The analysis extracted a file that was identified as malicious details 1/10 Antivirus vendors marked dropped file "plugin-container.exe" as malicious (classified as "Trojan.Heur" with 10% detection rate) 1/10 Antivirus vendors marked dropped file "System.dll" as malicious (classified as "Adware.Domage.Neobar.BF" with 10% detection rate)" I really don't trust the results of that site but I am wondering why it says that. Other languages installers and they have different results. https://www.hybrid-analysis.com/sample/0fc2c18c0242e09c2cd3cbe0eb3bc7d5009ebfb4efbe5a8e2ea2edba14c90a36?environmentId=120 https://www.hybrid-analysis.com/sample/1c4bbdd279263c6ca7501930149a58341b4cac933ebcc329756810a4090f7235?environmentId=120 https://www.hybrid-analysis.com/sample/930bb9bd06c6eb6416ef458f0286d1e2a49a0a61c66355e565c098b2f381b587?environmentId=120 https://www.hybrid-analysis.com/sample/7a7823bfedbebde7eaf9ffbbb4ce5b97475184134e1cca70a48ef131d1516871?environmentId=120 https://www.hybrid-analysis.com/sample/c96c212db817a4df881ea55513d3045c2e9de9ae4fccc2ec6f3b37cd058d2612?environmentId=120 https://www.hybrid-analysis.com/sample/6fa4e30da6778137cf1f44cc6e644e5cb960624ddd5ac5a183b7ac40f33c4511?environmentId=120 https://www.hybrid-analysis.com/sample/e0c83d4a2266b43db51e67572d803159665e7d0f3908ed6c97c04b8efac82b94?environmentId=120 https://www.hybrid-analysis.com/sample/8b5e6ea5324a34fecd29b72c6dbe9b3e4038ae51edf4f6436704d363c0d39c0e?environmentId=120

由andnik于修改

所有回复 (6)

more options

Did you get the full installer from Download Firefox For All languages And Systems {web link}

more options

I don't think plugin-container.exe is malicious. When I cross-check its sha256 hash over here:

https://metadefender.opswat.com/results#!/file/ed1b108e69144bd82e5d80b642300fe4bef14d15ebf82ac6464bd471ea2c2d99/hash/overview

It has one "Heur[istic]" detection and 36 clean.

System.dll is associated with "maintenanceservice_installer.exe". When I cross-check its sha256 hash over here:

https://metadefender.opswat.com/results#!/file/bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb/hash/overview

It has 1 "Adware" detection and 36 clean.

I'm not worried enough to look into it further.

more options

FredMcD είπε

Did you get the full installer from Download Firefox For All languages And Systems {web link}

Yes, I actually put the link in the upload file section.

more options

jscher2000 είπε

I don't think plugin-container.exe is malicious. When I cross-check its sha256 hash over here: https://metadefender.opswat.com/results#!/file/ed1b108e69144bd82e5d80b642300fe4bef14d15ebf82ac6464bd471ea2c2d99/hash/overview It has one "Heur[istic]" detection and 36 clean. System.dll is associated with "maintenanceservice_installer.exe". When I cross-check its sha256 hash over here: https://metadefender.opswat.com/results#!/file/bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb/hash/overview It has 1 "Adware" detection and 36 clean. I'm not worried enough to look into it further.

I know, and I really wonder why they say that about firefox which is free and safe.

more options

Is Hybrid analysis a Mozilla program? If the installer is from the Mozilla site I would be wary of other tester software saying something that isn't there as well giving you a false positive and it by itself could be the culprit as well.

more options

WestEnd είπε

Is Hybrid analysis a Mozilla program? If the installer is from the Mozilla site I would be wary of other tester software saying something that isn't there as well giving you a false positive and it by itself could be the culprit as well.

Hybrid analysis is a site similar to virustotal.com Yes the installer is from the Mozilla site