» zipsetup.exe
Overview
Analysis
File Details

zipsetup.exe

Fried Cookie Ltd

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application zipsetup.exe by Fried Cookie has been detected as adware by 28 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

zipsetup.exe

Publisher:

Fried Cookie Ltd (signed and verified)

MD5:

1d35616a2764726ad734c65d0fc95eac

SHA-1:

b9772c026d56db6f3e643315dce8b6ae6ce1b28a

SHA-256:

d8ad6a6f837ff0cc085feeb89fc1f9629a2cfd329be1d24ec58186494f6559a7

Scanner detections:

28 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/24/2024 6:58:02 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1750167

856

Agnitum Outpost

PUA.InstallCore

7.1.1

Avira AntiVirus

Adware/InstallCore.A.1113

7.11.164.30

Baidu Antivirus

Adware.Win32.InstallCore

4.0.3.14102

Bitdefender

Trojan.GenericKD.1750167

1.0.20.1375

Comodo Security

UnclassifiedMalware

18982

Dr.Web

Trojan.Packed.24524

9.0.1.0275

Emsisoft Anti-Malware

Trojan.GenericKD.1750167

8.14.10.02.04

ESET NOD32

Win32/InstallCore.IK (variant)

8.10157

Fortinet FortiGate

Riskware/InstallCore

10/2/2014

F-Prot

W32/InstallCore.AC.gen

v6.4.7.1.166

F-Secure

Trojan.GenericKD.1750167

11.2014-02-10_5

G Data

Trojan.GenericKD.1750167

14.10.24

IKARUS anti.virus

PUA.MultiInstaller

t3scan.1.6.1.0

K7 AntiVirus

Adware

13.183.13333

McAfee

Artemis!1D35616A2764

5600.6990

MicroWorld eScan

Trojan.GenericKD.1750167

15.0.0.825

NANO AntiVirus

Trojan.Win32.InstallCore.dcjdtb

0.28.2.60990

Norman

FakeNSIS.A

11.20141002

nProtect

Trojan.GenericKD.1750167

14.07.25.01

Qihoo 360 Security

Win32/Virus.Adware.f22

1.0.0.1015

Reason Heuristics

PUP.Installer.FriedCookie.I

14.10.2.4

Sophos

Install Core Click run software

4.98

SUPERAntiSpyware

PUP.InstallCore/Variant

10325

Trend Micro House Call

TROJ_GEN.R0CBB01GH14

7.2.275

Vba32 AntiVirus

Downware.InstallCore

3.12.26.3

VIPRE Antivirus

InstallCore

31626

Zillya! Antivirus

Backdoor.PePatch.Win32.38336

2.0.0.1911

File size:

652.3 KB (667,952 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Common path:

C:\users\{user}\downloads\zipsetup.exe

Digital Signature

Signed by:

Fried Cookie Ltd

Authority:

Thawte, Inc.

Valid from:

5/3/2012 9:00:00 AM

Valid to:

5/4/2014 8:59:59 AM

Subject:

CN=Fried Cookie Ltd, O=Fried Cookie Ltd, L=Tel Aviv, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

3739B9B5702964D0DD4429F69D6595EC

File PE Metadata

Compilation timestamp:

6/20/1992 7:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:KQFavPHr+DTzLOqClG9aehyjppNvZXD+zZvuqUGU:KQFGPLOSquG9aehopTvxEZvuqUZ

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Entropy:

7.8356

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

Remove zipsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.