home

5d0e8c42-bc4c-8b16-e314-1d2bb611540d_1d1bce205b64dec

Kak

Delivery Superb (Fried Cookie Ltd.)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The file 5d0e8c42-bc4c-8b16-e314-1d2bb611540d_1d1bce205b64dec, “Kak Setup ” by Delivery Superb (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Delivery Superb (Fried Cookie Ltd.)  (signed and verified)

Product:
Kak

Description:
Kak Setup

Version:
5.2.3.2

MD5:
e8d6951279da9eea9c5b79f817c62a22

SHA-1:
8ef497562a6960aaf2d019d659feeff892a68c95

SHA-256:
0f1d82899b7bc1d9422ba95dc8cb76811a18483e3c44764274d46392e942bf8f

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/13/2024 4:24:08 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.FC.Installer (M)
16.6.2.7

File size:
999.1 KB (1,023,096 bytes)

Product version:
3.5

Copyright:
Web Application

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\ProgramData\microsoft\windows defender\scans\filesstash\5d0e8c42-bc4c-8b16-e314-1d2bb611540d_1d1bce205b64dec

Digital Signature
Signed by:
Delivery Superb (Fried Cookie Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
12/17/2015 5:59:53 AM

Valid to:
6/22/2016 9:54:14 AM

Subject:
CN=Delivery Superb (Fried Cookie Ltd.), O=Delivery Superb (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11211DDE033C8F24FD358ED7B6271AD4DE2B

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:1GvKNIEUG6aLVIO8DWCWnppSucVEpiET0oule0J1orM:1GuH6axIOUWnKulp9Toc0J1l

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9279

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file 5d0e8c42-bc4c-8b16-e314-1d2bb611540d_1d1bce205b64dec has been seen being distributed by the following 12 URLs.

http://www.downloadclearbest.com/c?x=Jkz9ftpWQg6xWTvbAVa0F4ahGU7KsUTRT 9MnraK81c=&c=D/d2zDt8B BCWt/VBMXYEP SQZPZ7GnfMqzsg7 8u2SNQQf2sPgGOqDIYm2uls CREvPznJrrYPMfO1zozXsny4yq/rkPDyASdMqMdHUy/f820tmSTVqylHih2b3doDQ/YTO/GrBxitMPZddCBRJ7HwILvLap5XvMkecRf /5mOCOU76 8INyqeyTZ50uhGv&e=0&downloadAs=Five-Nights-at-Freddys.exe&fallback_url=http://softdownload3.com/s4m/.../five-nights-at-freddys.exe

http://www.downloadclearbest.com/c?x=0HJlT/PB8WdBV1JPYviLdjudVNtjJqGQcRXFwAuowws=&c=OU A8LbPEcgJVDNgB1AveRvydx41KT1avJCWYUabI0jv9h2UkpBfvhJZPnDf64GfKz8bqtLwqKotHQGhs4d0 PXnNsoKuMHGwlAHgk22qvL0EDn72lN1OjlFviaJcdsgCb2vLZZiMBD7wYCFPPctegD9OqJ8r4RLzF5fIeBulrA=&e=0&downloadAs=Five-Nights-at-Freddys.exe&fallback_url=http://softdownload3.com/s4m/.../five-nights-at-freddys.exe

http://www.downloadclearbest.com/c?x=z1sPmXVt pPfxymdY74JQjEZXfzO1iiKAeaLzjVu2z8=&c=DeKNEdv5UIKlrvh6/JpMZxsQNJsMQfCXswZnYtLJhmF/KlmGRkx5V7jBVZMA71yEGLRzAWuwUuLcqeXpZgZZ87Gyn4aHQEtYM3L6qSdyij0EQGpeX8dQsayRZnNUdeMSm20ns4oE/C7BeZkUnThrLmunYrBMMOGwbJ/EBp0jM4F21/HRP98HS7SuyDbkQRq0&e=0&downloadAs=Five-Nights-at-Freddys.exe&fallback_url=http://softdownload3.com/s4m/.../five-nights-at-freddys.exe

http://www.downloadclearbest.com/c?x=1o3UdUd4ygOwJIDOC3JYOcvoZLdx6A1/XWGxStK4S/A=&c=pOKnGp5HUO06lJZTdPBj2QkCcRG9f93BfEz rC KfzrX/yZqkl8ALEOAcZEQgH73VbtAYN29wYaGvu6AlSyMexCJZEpjM3oEkd3iug4g SyoU2etxfgD 0VbUtCDhVWqLvHkS8kICd1OLUjjVReDqpimwC4IWqjcjCZfx4CAwCQ=&e=0&downloadAs=Five-Nights-at-Freddys.exe&fallback_url=http://softdownload3.com/s4m/.../five-nights-at-freddys.exe

http://www.downloadclearbest.com/c?x=kEc3454eCuuCvMLNuPgHENwChTDpqBBQXDFiY5 aYtA=&c=dOS6RGJpX/zrQWAJexUpA96yVfye 2S 1U58JEfLUHlZM7D8WwnslKZRsIR7fQ cJknzRrW18eImLNm6HDvEOMMFSJsHSGBESvmqq1vRZuKbaHZmfy1qMYNMlGMXRbvKUTtJtqGkSMzYOahxkhrXksbrHSnbklw76xSKAx3J7GUoU1uqBx OC16DKY8jEXl9&e=0&downloadAs=Five-Nights-at-Freddys.exe&fallback_url=http://softdownload3.com/s4m/.../five-nights-at-freddys.exe

http://www.downloadclearbest.com/c?x=P1EKj/51ikBeBzq6Gm5ZgEpK/vUMoS1qNg43 3XQ7Gs=&c=8YLGtC5gVVa9O2ySFYIQ ljJLl4pB8lFOYktaK1bd2pWeId1TFdsc/hz0mJt8QMYIck4WvgXmlOuLZhzr4Yx6CtqqT3//vMq1f0ghWqbxzt7r8TGsCKhCzvfw6JwW4y0h15nYaGsVHDg2x9sXJScbpao h1yTYBc8rHAUnK94yY=&e=0&downloadAs=Five-Nights-at-Freddys.exe&fallback_url=http://softdownload3.com/s4m/.../five-nights-at-freddys.exe

http://www.downloadclearbest.com/c?x=a7pQpA6vj6dveVDzz4XVfo5VxL4m7Du2oceD3zPdswo=&c=f4wZNMpSuIflEmBs2Y3n/szBNPtClYMzvw6vtE9rFNG9dB7Gzue2lxa80AotBkUYkvwSQRweNX4m50K4u7DXAOh3trwjAhGTTqKsuDu4ySXqAK7doFO4ncHT59uhfIo32cga74vdYytTLnqSVQEGGRsTv5a/i9mYCtwOk24pccYOnViyQzvUUS2STJIMF56k&e=0&downloadAs=Five-Nights-at-Freddys.exe&fallback_url=http://softdownload3.com/s4m/.../five-nights-at-freddys.exe

http://www.downloadclearbest.com/c?x=Gc1hJcRFmcAa2hY/v10Shff/vwwugxHlkzdYdIx9KBY=&c=sZ8sQWu3SzFNF5qCv8Q9I2g6egZKLfEmywiQ5KLcJlRacQH9N31h21jLHnUGwRa4paGdQq8guORLq/lqNkIVN6aUhvTrNlK3PPZzIdYTMfmAOORLOKR7ZDiyxqWWa5n1Gc4sYZQH2r n1KixRtiTx3xv6M7L7ZNj/iRX7R5XfkY=&e=0&downloadAs=Five-Nights-at-Freddys.exe&fallback_url=http://softdownload3.com/s4m/.../five-nights-at-freddys.exe

http://www.downloadclearbest.com/c?x=FsrUTyxIHEjlO5u4JyXWu5spZ2bPhPXUDbGm/pp6nV0=&c=X3pZ2EBcucZrprYDqYe8d3euN/K6q7qGXpiYW0RSsANofwESG/Vfgq5EHT67xA VHR0ten3tDvfDCq33Y34MiXQhieyVaV dl VnEeZelGMJaKKKFrZlJFwXLl2oiz0HlP/HnpP61YUOvFfi9sWLkiMwCv9C7OKhjcZWi0epEJo=&e=0&downloadAs=Five-Nights-at-Freddys.exe&fallback_url=http://softdownload3.com/s4m/.../five-nights-at-freddys.exe

http://www.downloadclearbest.com/c?x=1d2rjOH/QwZQqlSFNGoTzuNxGCbv/oLdK1H4 IaSKeg=&c=R MCPtEPIGWO5BU4mkliMpD3oKgMnzHCRstMnx6HX8vdEUYn3Sh94SOAJ4CaobuXJdzQacIoLXPuvpv17yaFnLPi7Ee7Fk0NI2JlNhewkUapRCXTSa99EWzqqUDZexK8OJa4FoVviRa8g V2rrYhzdHVu6VEMvohhvWMyYt7fuo=&e=0&downloadAs=Five-Nights-at-Freddys.exe&fallback_url=http://softdownload3.com/s4m/.../five-nights-at-freddys.exe

http://www.downloadclearbest.com/c?x=4uWZZsUxZoDzG3pSrkyyM7Vf3x55CTOJI/bVF9Gy4Ig=&c= 8wSxlqz74NSEuCwmitoF8A0gBxCqrgw0YpkWxFsY/Pq6JhRQZKZEYRbrCz/8fpCkmUbhmyz5CumC7SXn/MVPES4q4VvKSAeQr7JT1/JoaP pjPoXywZm8kSuYe1rMIyUdgvEDE C/6ZXJ8eJdqQZl2my/XIWUrVAwGUVYT23764gXktHbqnvb0GhBSr4r4R&e=0&downloadAs=Five-Nights-at-Freddys.exe&fallback_url=http://softdownload3.com/s4m/.../five-nights-at-freddys.exe

http://www.downloadclearbest.com/c?x=c5SCUOwdnTFR1AS2mWe/gqTvoGVtYfZ569bxm1U03cU=&c=JNa5JKdDfOBw9eD80rGk4gypIzIJPZ4fmWxQFsq6sLzrEHV4Ca5wOVeidLpahpM5AOPnrzkUiUmM/zu 50WgHHJosLAIBUXwYDokiYAdt ivZ0D1A2dM9jU52mjc6pwpvv20VyRgjOlyXXSNdmdsY 33k6lUkHWfGabypfli2UI=&e=0&downloadAs=Five-Nights-at-Freddys.exe&fallback_url=http://softdownload3.com/s4m/.../five-nights-at-freddys.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.