home

five-nights-at-freddys.exe

Software Installer

Super IS (Fried Cookie Ltd.)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application five-nights-at-freddys.exe, “Software Installer Setup ” by Super IS (Fried Cookie) has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Installer Web   (signed by Super IS (Fried Cookie Ltd.))

Product:
Software Installer

Description:
Software Installer Setup

Version:
5.7.4.2

MD5:
a1d71af6f289082d35aeb1c3bff5a01e

SHA-1:
72b412d73420055884d89497cbcef18ac71da85d

SHA-256:
a459fb40593183ed55f8ac0c9944700594162129efbdea5cec8dd0862bf5cdca

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/16/2025 2:29:48 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
PUA/InstallCore.YH.103
8.3.1.6

AVG
Generic
2016.0.2946

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.151025

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.InstallCore.AKZ
22370

Dr.Web
Trojan.InstallCore.306
9.0.1.0298

ESET NOD32
Win32/InstallCore.ZC potentially unwanted (variant)
9.11748

Fortinet FortiGate
Riskware/InstallCore
10/25/2015

G Data
Win32.Application.InstallCore.DI
15.10.25

K7 AntiVirus
Adware
13.204.16151

Malwarebytes
PUP.Optional.InstallCore.A
v2015.10.25.07

McAfee
Artemis!A1D71AF6F289
5600.6602

Panda Antivirus
PUP/Multitoolbar
15.10.25.07

Reason Heuristics
PUP.InstallCore.Installer.Installer (M)
15.10.25.7

Trend Micro House Call
Suspicious_GEN.F47V0426
7.2.298

VIPRE Antivirus
InstallCore
40910

File size:
761.8 KB (780,072 bytes)

Product version:
3.5.6

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\five-nights-at-freddys.exe

Digital Signature
Signed by:
Super IS (Fried Cookie Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
2/24/2015 6:18:02 AM

Valid to:
2/25/2016 6:18:02 AM

Subject:
CN=Super IS (Fried Cookie Ltd.), O=Super IS (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11214DE6F2EEA7F8C2E03D14DF119B5958DA

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:9iMa/yKLkgyQeItIIRHNFchdWKgsZGFpzGa/g8d6chSUbOGpCucU1jGlnyEtwrWL:9iM6yy1RtF2dW0ZGyEg8d664KCucU10j

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8897

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file five-nights-at-freddys.exe has been seen being distributed by the following URL.

http://cdn.softdlrepository.com/c?x=XhyfNOzbXrPqFRJhYMIcNzzS64zfqEgiOshj4KNaoq4=&c=870o6SjBexPo1GGyK1kwX0g6qnanCmw2ENZvv61arZEevE6FQrwvg94g89Gh FqyehItxq46dN7U8UCTGA8sdW0VkyxpXpnPQwH0E9plsew=&fallback_url=http://softdownload3.com/s4m/.../five-nights-at-freddys.exe&downloadAs=Five-Nights-at-Freddys.exe

Remove five-nights-at-freddys.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.