home

zipopenersetup.exe

Fried Cookie Ltd

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application zipopenersetup.exe by Fried Cookie has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Fried Cookie Ltd  (signed and verified)

MD5:
7445b20301da9d902be5d9d58c6ef130

SHA-1:
7a2aea11c3aea7b15256a4b52abb51533f95b4ee

SHA-256:
7f5a85bd053d08c58a56a5b3d6fc4bdec7319056e061f74e617f414b27a43b80

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/19/2024 11:28:26 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.153054
838

Agnitum Outpost
PUA.InstallCore
7.1.1

AhnLab V3 Security
PUP/Win32.DownloadManager
2014.10.20

Avira AntiVirus
Adware/InstallCore.A.385
7.11.179.162

AVG
Adware InstallCore.JD
2014.0.4040

Bitdefender
Gen:Variant.Graftor.153054
1.0.20.1460

Dr.Web
Trojan.MulDrop5.10078
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Graftor.153054
14.10.19

ESET NOD32
Win32/InstallCore.KC potentially unwanted application
7.0.302.0

F-Secure
Gen:Variant.Graftor.153054
11.2014-19-10_1

G Data
Gen:Variant.Graftor.153054
14.10.24

K7 AntiVirus
Unwanted-Program
13.184.13727

MicroWorld eScan
Gen:Variant.Graftor.153054
15.0.0.876

NANO AntiVirus
Trojan.Win32.Kryptik.cwezfs
0.28.2.62671

Reason Heuristics
PUP.Installer.FriedCookie.O
14.10.19.17

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.141017

Sophos
Install Core Click run software
4.98

VIPRE Antivirus
Threat.4786018
33706

Zillya! Antivirus
Backdoor.PePatch.Win32.41946
2.0.0.1959

File size:
645.5 KB (660,976 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Digital Signature
Signed by:
Fried Cookie Ltd

Authority:
Thawte, Inc.

Valid from:
5/2/2012 8:00:00 PM

Valid to:
5/3/2014 7:59:59 PM

Subject:
CN=Fried Cookie Ltd, O=Fried Cookie Ltd, L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
3739B9B5702964D0DD4429F69D6595EC

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:sc2eE58ra2cU35Zg8Ulp6zFFg7boxGT726FLAtsVB0KkA4cAj:so/ZK7bSGT7PFLAiVBft4H

Entry address:
0x8440

Entry point:
55, 8B, EC, 83, C4, EC, 33, C0, 89, 45, F0, 89, 45, EC, B8, 08, 84, 40, 00, E8, 48, C8, FF, FF, 33, C0, 55, 68, BD, 84, 40, 00, 64, FF, 30, 64, 89, 20, E8, 51, A2, FF, FF, 85, C0, 7E, 33, 8D, 55, F0, B8, 09, 00, 00, 00, E8, A0, A2, FF, FF, 8B, 45, F0, 50, B8, 64, 00, 00, 00, E8, EA, A2, FF, FF, 8D, 55, EC, E8, 42, D5, FF, FF, 8B, 55, EC, 58, E8, 5D, B0, FF, FF, 75, 05, E8, B2, FE, FF, FF, 33, C0, 5A, 59, 59, 64, 89, 10, 68, C4, 84, 40, 00, 8D, 45, EC, BA, 02, 00, 00, 00, E8, 78, AD, FF, FF, C3, E9, 0E, A8...
 
[+]

Entropy:
7.8489

Developed / compiled with:
Microsoft Visual C++

Code size:
29.5 KB (30,208 bytes)

Remove zipopenersetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.