home

friedcookie_video_player.exe

Fried Cookie Ltd

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application friedcookie_video_player.exe by Fried Cookie has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from 123.briian.com and multiple other hosts.
Publisher:
Fried Cookie Ltd  (signed and verified)

MD5:
f1cd00a2a5c037cb00a6414e38c8e1de

SHA-1:
6f38933237803b0465c65c7482b89cc0c6575e5c

SHA-256:
b5671a8f7b72bdf1ed593167fec039f1a9cb99e8e867d2d999c75dec5628bbbf

Scanner detections:
5 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
5/16/2024 5:19:43 PM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Adware.Bundleware.FriedCookie.Y
2013.7.17.20

Dr.Web
Adware.Downware.1838
9.0.1.0363

Reason Heuristics
PUP.Optional.FriedCookie.Y
14.2.26.9

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

VIPRE Antivirus
InstallCore
27988

File size:
660.3 KB (676,144 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Common path:
C:\users\{user}\downloads\friedcookie_video_player.exe

Digital Signature
Signed by:
Fried Cookie Ltd

Authority:
Thawte

Valid from:
5/2/2012 8:00:00 PM

Valid to:
5/3/2014 7:59:59 PM

Subject:
CN=Fried Cookie Ltd, O=Fried Cookie Ltd, L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
3739B9B5702964D0DD4429F69D6595EC

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:8CFh0Pzpd8Z7G32MJIQlrkhUFOG1U52RbijDEo5D9pyN6JaRWPeM6zZ8d:8Cj0lCZqFlRFOGi5sbiEo5HJaRweM6ed

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.7502  (probably packed)

Code size:
23.5 KB (24,064 bytes)

The file friedcookie_video_player.exe has been seen being distributed by the following 3 URLs.

http://123.briian.com/forum.php?mod=attachment&aid=MTg0MnxmYzc2MTYyYnwxNDY4MDczNDc1fDB8NjI3

http://s3.amazonaws.com/FriedCookie-new/.../FriedCookie_Video_Player.exe

http://friedcookie.com/.../video-player

Remove friedcookie_video_player.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.