home

installer_directx.exe

Copu

FunnelOpti (Alpha Criteria Ltd.)

The application installer_directx.exe, “Copu Setup ” by FunnelOpti (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.sendchucklebulk.com and multiple other hosts.
Publisher:
FunnelOpti (Alpha Criteria Ltd.)  (signed and verified)

Product:
Copu

Description:
Copu Setup

MD5:
d471b2dc8d9975ee4940318cbcd5884b

SHA-1:
8ede8b72e674f6c034ca16ba7d9d15402f9cb647

SHA-256:
9437e39e6def46df63dff659f5674fbe94400ca84ea2863458a28599f3dd7203

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/14/2024 4:37:12 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC.Installer (M)
16.7.5.11

File size:
927.7 KB (949,936 bytes)

Product version:
4.5.8

Copyright:
File Fast

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\installer_directx.exe

Digital Signature
Signed by:
FunnelOpti (Alpha Criteria Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 1:41:21 PM

Valid to:
8/26/2016 5:34:53 PM

Subject:
CN=FunnelOpti (Alpha Criteria Ltd.), O=FunnelOpti (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C57D0836DF0829F54F07ADA2D08AAFCB

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:nFuLEFRcOWRn1jrFJcejw7N4yaoPF0xZjseek1t7mFs6tke:Fu9OWRnDJcYotosne2V

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file installer_directx.exe has been seen being distributed by the following 3 URLs.

http://www.sendchucklebulk.com/9WB_YMJ8Q7b8RoV7JDXMt2URdbnQ4k6aSCpf_25TB0pY86GSRPq1INbs157by0kqfODV7B4vzjKOYKwa7NAbays12laY3h_tirSjhJW ig8BqbrD_HbDUBnPhoQ2_mpUkIVmkrYAN3qtYLEwVq1dGK7HQlGC3fYkuyrdN0WKbjdJi7_F0bKMzgzC27vNvWjRcj1h0Joe-Gx0DAGTRrbYpbJpA6L1sPdZXQaWITlzzS AFHwCjyx6jF2U0sd20ae6zuVZWs3cpQw5Ofspk4wdH11b9vCSDng dAQY_W1GyqOnEVyVdamqMgiqJ5i_HVA33wjJsiwxkw3ZsbUfx_hnh_fVFM_Xe_cv1QVNTVWT9wRiu3e_tXn5qlAq7Z7AKhJT7E5b1fRFWRnFi5xcLOYlE6rjC8hDz1PWS3BOaWtHQDBAPc68a2aylIgu1962KUgNoOGdKNgT0W6hFL840y5HovgLym wEkhcR5QzIfbaXmycgl2pe qjLnhODDgF5ndpgqAGQBGS3ExeDOAFkP6FAMgRkNkZAUku9xECStlut6vts3xyZ_rrkAkhyYgDIUZpGcmsGkj0gE70drFMLJPGb6FbRrbsu kNubNVCBgTrop9M0W6mgb1Uo4RfMv83WSDpzNlV1UEH2ZG9TISVIK0TJXy5PvQ1cACSlvWxKpRFlL6kSpTHaZNoKkhzA6N odsoDhvFVCCdSmo22uGmKcSNY6xRoecFKaCuoC_gAxm6My4hk81JWaq_4qqL5hZpgWgB

http://directx.es/down.php

http://www.sendchucklebulk.com/RhPprrXLJG_hKil70IBOkny3RAHQIWDLxAUqfSpJrABCQoQh6KzvWAAuzYK4dphaIbGb0_d28GMqp7JztScNId c141ISgUJf8wIuc_yUK5YRkN9 6aj5Sztfi5 0PE7y03mecwwaqDoy0I1tmD3hYnQoCBIEp71gRrkr6djSvJZ3dmqTrbsWUz0m88Kq2CSo_pHF5Jy-Gx0DAGRRp9 lfCjVqjP43LxDCHEdwIFzrgQmOACMLhtuzzK6WCaA3ubatJq9SxlycPJTJhs_2bu2uk5z0pt531lg8NKKklmPB74q6VJbYxRUSTSv7GPV33vCQtdyySmZFMaJ4t1HhPeXF8PUQ_cvlwdDj1WRXQtjuHZ_tnv5aVAq7B7BLhBS7k84zrcnnYzixM09BzmJZHoS0jkj5qk4J_lZGnpBQzNA3M3damWTkYqM6O3a6ii1gIZTpmVDQL H2vTijJMcie4nIL_JDiDlyShnQL5mW915AHKpp_kaddmzYtJeQF7GNpiqB0gBstuJi0GcALKfUCAVAjIbIyClpZ5jIEXbqVZfr9m2nmS6lzmXQIoTPYAcpWkkpyYgdQVkoreDZWyBFH4TRRNFmxXo97m1VjMZEKxAPxmjzUwDe6lOCb9k_m yRDKZs6tqgg6yPXuZCCtBWidq HJ5GGtgD6Qc62NdaIsofUmVaI_TJtFUkKYORv2I6aLcXZRLgXQqqdlo 5umEDePsUSVXhekgLqA3oAPZOjWuIRMNitlqfGKqy5aW6QFogM=

Remove installer_directx.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.