home

7f4a669d1eecd224698285b505b14cf0.exe

Fried Cookie Ltd

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application 7f4a669d1eecd224698285b505b14cf0.exe by Fried Cookie has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from s3.amazonaws.com and multiple other hosts.
Publisher:
Fried Cookie Ltd  (signed and verified)

MD5:
7f4a669d1eecd224698285b505b14cf0

SHA-1:
19124417ff1a7318c315f51533f1fed01e075237

SHA-256:
63ee21d21da2b41dda663dfd2fe5e76bfee8d1fbdca7d2f9e59cc41df23a35a6

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/19/2024 10:16:31 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.53174
1028

Agnitum Outpost
Trojan.Kryptik
7.1.1

Bitdefender
Gen:Variant.Strictor.53174
1.0.20.515

Bkav FE
W32.Clod3c5.Trojan
1.3.0.4959

Comodo Security
ApplicUnwnt.Win32.InstallCore.c
18086

Emsisoft Anti-Malware
Gen:Variant.Strictor.53174
8.14.04.13.04

ESET NOD32
Win32/InstallCore.BH (variant)
8.9666

F-Prot
W32/InstallCore.G4.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Strictor.53174
11.2014-13-04_1

G Data
Gen:Variant.Strictor.53174
14.4.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.176.11737

MicroWorld eScan
Gen:Variant.Strictor.53174
15.0.0.309

Reason Heuristics
PUP.FriedCookie.a
14.4.13.4

Vba32 AntiVirus
Downware.InstallCore
3.12.26.0

VIPRE Antivirus
InstallCore
28194

File size:
597 KB (611,320 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Common path:
C:\users\{user}\downloads\7f4a669d1eecd224698285b505b14cf0.exe

Digital Signature
Signed by:
Fried Cookie Ltd

Authority:
Thawte, Inc.

Valid from:
5/2/2012 8:00:00 PM

Valid to:
5/3/2014 7:59:59 PM

Subject:
CN=Fried Cookie Ltd, O=Fried Cookie Ltd, L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
3739B9B5702964D0DD4429F69D6595EC

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:hj3UDDstopYrBAvAmySLX2XXmtXThyMbwBhwKMfnTzna3uu:lKAKpYlWVySemtozwKiTzna3uu

Entry address:
0x12A860

Entry point:
60, BE, 00, 00, 4A, 00, 8D, BE, 00, 10, F6, FF, C7, 87, 10, 47, 0E, 00, F1, 4A, 72, 58, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Entropy:
7.8907

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
556 KB (569,344 bytes)

The file 7f4a669d1eecd224698285b505b14cf0.exe has been seen being distributed by the following 3 URLs.

http://s3.amazonaws.com/FriedCookie-new/.../RingtoneMakerSetup.exe

http://ringtone-maker.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAOLABCJUHMcXeByXKvHXUR6qKdc0V0C1jtNrWBmTxvP/UolmEvXHLIVFifZSICgDk2ZO/DanwqhyTUloT7qjEPFS4EFl3/.../Fu4sBGd0=

http://friedcookie.com/.../ringtone-maker

Remove 7f4a669d1eecd224698285b505b14cf0.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.