» skype-6-22-81-104-32-bits.exe
Overview
Analysis
File Details
Downloads (7)

skype-6-22-81-104-32-bits.exe

Swift Funnel (Fried Cookie Ltd.)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application skype-6-22-81-104-32-bits.exe by Swift Funnel (Fried Cookie) has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from d.baixakifiles2.com and multiple other hosts.

File name:

Publisher:

Swift Funnel (Fried Cookie Ltd.) (signed and verified)

MD5:

3919021acf71a8b48158a79e35efda9b

SHA-1:

c39e91ccba4505d8d7dd54720736f4081462d084

SHA-256:

07a9c5b8e82a48ad32b2b50f0193a7724f1b6df846c0e736c3d92e7317a1e512

Scanner detections:

11 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/26/2024 8:58:18 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/InstallCore.Gen7

7.11.186.230

Comodo Security

ApplicUnwnt

20121

ESET NOD32

Win32/InstallCore.RO (variant)

8.10742

Fortinet FortiGate

Riskware/InstallCore

11/22/2014

K7 AntiVirus

Trojan

13.185.14057

Malwarebytes

PUP.Optional.FriedCookie

v2014.11.22.03

McAfee

Artemis!3919021ACF71

5600.6938

Qihoo 360 Security

Win32/Virus.Adware.94c

1.0.0.1015

Sophos

Generic PUA MD

4.98

Trend Micro House Call

Suspicious_GEN.F47V1114

7.2.326

VIPRE Antivirus

InstallCore

34894

File size:

698.9 KB (715,672 bytes)

Product version:

1.5

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Common path:

C:\users\{user}\downloads\skype-6-22-81-104-32-bits.exe

Digital Signature

Signed by:

Swift Funnel (Fried Cookie Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

11/4/2014 5:05:02 PM

Valid to:

11/5/2015 5:05:02 PM

Subject:

CN=Swift Funnel (Fried Cookie Ltd.), O=Swift Funnel (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11219222B1C3CFE5BB71BCB5117BC2A44FC6

File PE Metadata

Compilation timestamp:

6/19/1992 11:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:bT2aBIZBhDJLKc7NlZ2llDPkRZ1PZZrspGqNUHUBxvrQkgEm/XFjwHXwAbd2yZR0:bT2YIlw2yDMRdZrxqNyUB5rQkklwHvbK

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file skype-6-22-81-104-32-bits.exe has been seen being distributed by the following 7 URLs.

http://d.baixakifiles2.com/?ic_user_id=254&data=hvpXzZ7Xu9j01OSgpmAFLule2RV12tPN4W49AKZXGw9LJD27N4ZpRb5JsJpg8eAoPlsTnJzQI/ODLo5kqw1XOhFTQ/a3McpswYBfO29YVlzVHSxcm8iYHZw4uKoNLIOXFeMKcVj0ngffQ6Qh378oo6cBaqBxeztPLtPpSls1mIK9QXULO8kqOqCRN0nEeAM003lKEl2VwPOxfbbsiqiANcMBhMkgndMrPpMuMSjCfOpHoxV7T1x/u/uNtj2/yG6ifcOFIk2Msi7ZPnxTS51tgVV/Non4HLLzyrB6hyeiCvonaQN74e3thlL Mmb/6akDVKuJlmSjxXgv WfNCK1C5wx9yvapVp1y/JiUaiJH4sctGfBn87V6GANBgFEdoXHfVO0zCctIXs3Mpm8fzbe0ppVoN5jebkQVtV19zuvWJ2dSCgaQoEPJlQc2DUADtHC35Pv2nv7TKIS5KhR30eDQaMBt5IpeLw92luuUgNIOvsrBMyP/D6E9OuFt1nOoFs/apIXOTVhjssHaVW /UwhN Afi /ZcW2pKvMI8jLGeUxdMGfaevgzcak9eL/8 tQPkqE2OeZYhmsCJanb18FdPBsaftAGi3sYBRl9jDw0m/GA2xJyTAg6Cg/DRbiJk3hXDJzYDM39/8AKnj185qLHvDwL39zKxWf2D9uw7JCI/EpOTOnJw/2XmkLEobBVHe1xNRARrC2FgPDo=&key=Jf/wWYVoYvaGxgoxvys0GeyzdwEEhgMNoSeMt dY7BBIAGlwRyARV387/.../N9zqYaRNi5riDkyZwm4xGgNJsxB1DDhQXTHUx eT5lCfINoWT0yT3KuiwO0AKshKEpq84WgEgOW3HH2lueHKGSFMJ2BflWZbGBlAqq7qW TB8KezF9awnv8iqbfGfgiG2KZpV3G7feJsRTQWL

http://d.baixakifiles2.com/?ic_user_id=254&data=zuMQk8iX/Cse0AQQlSmCrjsxb5UtryxdqnnGPXQSFXtdXGel597gKR9JucEkH7cZDAXkgaZVACfgXYBOjfoYrvthtInI13tHFJjaF3R8sV0bZ3IRnnkLGgPbKVF4DP4ierHwdsbtfNJ wbP6DNGoKjqLxCGDpLgYniPeC5avmj5wgdlKWEIon9Do0EWxBND49REJYyGMc ZQK0xoTfYCYBnguMyKqcAf2v dG4DdxRPBdudzuVFAPihkBODHjJhpE7wnjFxF8nG QtzR33vsMfhFktOoaI ei9QpaxofNPw9Psepx3uupepopazkldVgWr9aKq5AJbWPY xS38xEQN9x2dGv8OwAxhqTSoLxeiT1e/iLdMbw/ruylzCJCZxFOijP 0lazeB3C3WSrK1TaobzaLukOkRyFcfhxzK3Mf1ymeZI//eZlp sUdQ4JKtaqbCPtOYUg3uTsj6zmlzum2pTNuZ91tmq1xwUy5ShtaUj41JbJ1luhneM5SjoUe9CWRKtgmOWjq7ho ZTqA0SDAhx3sljuse3gnXbNLoVTfW/m92EaMeu/hS40OkMQU6TcZJHkhQV4dJO1pfUAnYSYb/VBUqfctmfkE9QL8JRXlpDNAd9xKJiKG3yVyv5IvjNx4Bazmjj2HsHVh2Fn3ZCQlevHt7wgoFGy8NF t74NsFXQNxbIr037fdATtpSfF9RuoKyrWL1KJg=&key=jObBARtv6CcmkvDnklgpJvMNSmjjuYgXS8EvHxFKqGb1WFQPP KMxYAvmck31tzRXdcCEb6xEBKPk5IVjRjgugSs/.../ia4 qjaQ7EGkXmPiyOsTVYQ4MeBATBA0BXB9OqKghaRVNpoFVHmAoIBGeQfw7pQMWCdlre6J

http://d.baixakifiles2.com/?ic_user_id=254&data=2JKO3fQlmzxjuaNitmn7gG16y2kH7l3CjowPFxd4xcnUtMZzA7ttbzGx2QyGQGrbJshvcgclAnmPNPf95O1R62q8AEWKaxfUfTtHiH1SMjj2P8TP33OBqkCLdtyJdE3K5K8M4K2gOK2FJeLRgG9zAmgFiRrfC6oUtdYp73VpaCUsuugAg5TUBPakehcBYDJrB69S61ge/RGLwuIEIw4UI7p0v3CPdwow9E7m7N1fgmN5YgCDcFKYxxqpC49aYnlfDbikfgUARdoqpxXRDwwXh4CI681rm8c8b2oZYuvCCkBM5NgSErtUqpCS/kNo60LlpPyhZCQXmqBPauP7501eLv8aoVfuYmLsnFSR1WTEWoH3IP5zduFR7HdUy2Jkj8KOr kgzo5ZnDwGLXZQHZyoAo jU6SJ554UWfzbq/XnhmAi7Sfbh/vcl Yy8su7OQslrobwM8ggZQQevIU1yUcgfM/rM8RZX1pNNhQ4/UyeJnGLE J3o6dFPMv11irTyGexqGL6 KhSp3N9E1WUp8VMKuL5EOW cupjam5S1HZp0EnkYXEcEPOJZuZwRTEz9GIqsGWbnLADcaGrkUSSGykLCMtu2H0VurHz1jv2eiNj0Gyl9GstfrNSsG2cNbJc2A KO/b/P8TtAPpRBvTXo/2dczI w4xAcEuxawm8A1I2mgj5KEh8pPolN7q k2tbW9Fkft AGnwVcwI=&key=hZa9uQIR6nUm qRgqHNBKfoaqqGmF/Y4oDptHiWfwTUwkuvLoH 05tRHv7mFpUOCREJNRfCuFG1ZVkp4wBG 1w53mIUzat4lcf/HVPTAIIRUjLX0/SfgTkzr5GsGGzjO7LrN9ybi pmcWm7oGGG6nMS/.../QxQgaPyua6vzAcomXrF5Ycva5djssEUoVu71AqaZfyg3ZfPWIVrQwAikmI2jHcsO7Qjk

http://d.baixakifiles2.com/?ic_user_id=254&data=CwD4tSQva54bqOkrMoxxX0CpHrmkWdYp7LYBiLQY9wsz5CISnKkHrwA1GklZ6DYe3WLH kmBQUudjZQfC9R/MW Kkx4YuM10I LMY6/wj2ClAUBbmXwk14LkFCIFh6pm7wdzWAdUINgwFsY1e2DwnHjhO0Om9zLEYJ2uanAPzCGKvcgGUrjuugRaWwrhMF9oYHgfs8V7hT6X3BRjaaaIUvC2kD Gh xWUIHZlpAWkXq 0iuwEvCjlGNos1LA1svD9h3ktwVsM6nSI4ERL/rpFjgLAI5P5Bg4qH4v3Va80ssswEIAU/UTkmTQ41x85Libv/HDRL1wG3HOKlcB2drheLIfJlGkZcj994wqOe9mmBEaapABd5cUqEodQuMqyUGTwzf9N/ /X1HuYhm5AsIkTkZlK0fIhC/sNzP RhZcfpL fiXT0vHvhXFnaCYDmCPAYv8UYclX1WOLOTNvjuhXpB3b1D4sQwVO2Di1N40JwAVD9CTSG4GA5FkiuGSb8HHOUGJJ3ujjW ZBIZGZs4CKVp iD8ge0ModxmGz5UmfrENP0Ks UzlTozTxcSi3JfOiFdRb6hRS9qxrA72sr/Uzvf5DJJ1fx/IXhfBRQK0O68QiSi16mVtl3v8xbAU7 fcvWq2XO7zBc3EHSrPVz3VDDW5GJbhegNyA haFYZhIRWsqjqh6Egs/aybORQIRYLAzFrerj27qK/8=&key=LRXmmPDbknB4gLo sAgEN2eDFRmGF5SWcVV3vRGzPpb266k4Dke8FU8xCsKunyYM3IosljAA8Rr4V3JR7JZvpyRHHNg/qYYZohSkqe5aiytBOeOjCXnjp9ym7rUpb2JIgrTdy5tjctA4pDjqRIBFe/ybrCsnxoGU EUhuP5ZdbekbdCf8huZugbZDB/.../

http://d.baixakifiles2.com/?ic_user_id=254&data=6 uyRuuezpT pu1ySYWU48b965HvFyrefdvVfxcsVTa0kjy3iFx9TKK5rZD6U/v073DO3Efso59t aGMtyr4FI25jF4c0HUhOMZfUCVpkDp1C0g3YqiTm2DX0yeuIj84m7W5AStX1pusIeGQSl0ecW1oarg8/jyCqP74O4iJgSZQElzHDzcljeQ3bztSxXG1vL3xbMWBHOAqu6yzA7/QD8qmMw33OGDwh8XmjA9cx1BWGEM/i6z2ihoz3elkkiW8grJyYdYvchq7pYwSM3 QgdV69sK3rbWUICV5tOPEuDwaeNGnjMU9PPcwuydqsQUrpDiVOFxs8y8IzHki31kFccE8tvXu qVox7bO9m09zLok713Y6BPymEltUCl3z8tFlpT9LuIBhVzE8D0cYjSZA pY2sbFNPaLb705h1TgjairNoih1b90JF4KKsVHUR7NvSWuQmhnKljs9/vgflfyCLNbj8OHqMhjK9vfIzXk1BvhU9NAIU2GBsZGkjNvPRJeRDoZhKBzkyjUzxs7HWxZSlKWzk3m0kT1DsFSNqXcre s0nQXK6u9hxBvLghFVfGauKtrHazwdqvbVYm7coKn5liFsOUxpJotziFmHseqh5GznGf5DQaYXrg xyndRzWHn8C0fuKL5EEndUvotG9qDSomgykzRYMdBhe1xkZhtu/uaoCbUV446alsNNZUmkQ1Ju33yyb4Xo=&key=DxLX9RJ2BhMiBpm4qDo0HeTYJRaoujl/xB/q8j uHhGHmnzECZI BX/LqXPlAv9mVUCmOpQQLLPaqYILmoQzDY230X1ijnGRvpk908la1imgU6vJbeJaOwPZlZZ/NBZ ZX7hThFs8Q7IcRBwjhF0wtIYxMuXZYkpAgoa3MK6O4vQHO8Df6GTmZEcLad5jm6NbrHp2eFF/.../ojrpRwkmxuGxVW6mWQMQTtwoDA

http://d.baixakifiles2.com/?ic_user_id=254&data=nGO 7k3S B QsS5TEnzfiAHXU4b2WVZ8OLMdriLR17npRupjmM5r4zKMeQHrNZB77m3lrvtCneI8etRLwbXICtcAQofFXYcv/Jbpc6SYA96t7fpMDBSWn0bbraR9B5TPLcQrp3raRjSNUMaoj NidzzcYB wJfDUakpfMv1jl2AnR9ufEQlA X9n2W9sGZ6bhWz6iWQKQ3A2O7nrAQPYy7u6aSH8T9N1WbvOGX5fSCQZlHiEE1aEPvrkqD/7QsoJiDrHy9B8pig27AgR6UOeP2vn3NGSZNMW9WqQ2mHZsZLEgFJ2E7ZKQI7H2iJH/qMLjMU9UYnCnRfJyfI6dMlQF5aDrV0nVai26/o1WYxz387wuSVDLUMnI1jL7JZnCsd36iCNE/N0ZLRcrTr6dJC/AurviFHb4t9pEQ/M Y4XxuSE/4OQazJsTjaQAOsvpc3/yCilWDqeKtwtvfjQNasl3/MflEhb1L6h/493ubvWtmXKh2P iqD8xeVqdtNix7sz4Ys2Owh8c4qU8O3Wev49BcpA5qLZZsoqcXC5gfm iLxX3b2KaLjAY5mu/zuPMUvEk15o6wLryWoeTSOXkRO4K0a0mjB0qzCuHQjCveL5Op1N6TG/UGPOrSwCYFG/PfqpdVFm1WbWKGC3czAkEGN32oksLbWX0UH77aFV07L55a1 dIvQkzt4dnqhDojlPGa2hFoSThRVkGw=&key=OPiNquIrzS1YrnGMIHlIuc4EPjANaqyrNDT2lfroT/.../VdXmRBSkQ8wEbl1r4Ei tjvzWpxcECSLT atQA2KnrkbPDeXZtHbgm25gUrQ3l7IuXJIwSCeD8 WOZSc674OQNhcDGpuE4uO t9wIBQt1yRJKZYkhzAIEYHabDVH2X9F0B1wuOLL65IwtwNPNc

http://d.baixakifiles2.com/?ic_user_id=254&data=GGeqBiBoK4 4qqeiwJZ/Rm5OOufwiTllYaCheAmK 80f3XppeGsmIoP7gLDFNkDa/gjvcdb3HmGZ 4SZxMJd5uCwirVMzRJgdG9YBAmjw9WRER6wxZ9Rkvs7H/i6S1KSV 8Qzi8ot5Tdy0kTdyY1p 5rHxb7pRKUNBuJo3aZNpqpRWRkBs4FZjCrwNYh/FvkKH6R/31QqyfDTTk7dkULvXSqxzxVIaATGxj6bnfOgqJ/pAAblNPyM9mvz3pCa2lzNroyG11AZ0D2pH6woC9nsfdXQiiTChAg1mSO93ZlF2Udw7wt1b2z3/Eo IkvPZKQDbve3Hn6JNlBasClG317H0WD1DvRhu3zP3x Igrg4czDNGAryEW9R2iC6aV6UVu42UFWh wrP4 f wtyoxDQyu4Ei5xEheJOlafxbKUtZn OUPwyJYvinQnztrCNa 18M7nNU0xVHonhQ3y18TnLEpMBBUy/xHC8d4yrQE2Dsi/2s0m/VEXhHnMugbA7weRA7C8nzCJZeAEIJkgpHkLGxR2AiPyW51ghhrfwnq7Sm8BO7CLgTFIKKuwAodFkN CVuMVyRk 9L5To6teaU8EFy uhGol6DJlSr6fl8nRF7LYv3c4/UDNQeQUnzJqczK1YW f1zNJ9Q5tEaBiVULARYionQI7tfPjoDBqJwzxIAlLK9GSlUwA q7ZC2cNbk4HXtIy RLIhBOo=&key=RqGvtb4rx3ecNrL1rEFhbAXSyTeIkXhpXzgXOPDjJ1rOH4p59QrcO8Sgtx/PgxtBP Ph0vnBd3lwxlusp6A8EXMEAKFqo7ddzQN5N9VQGCm6RFEMrU/.../6OFNpIfh 3LMLql7ZQmH xFmpfKndZYz0eHicydQv0R JnzsO48lOf

Remove skype-6-22-81-104-32-bits.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.