169172757.exe

SpeedyConnector (Fried Cookie Ltd)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application 169172757.exe by SpeedyConnector (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
SpeedyConnector (Fried Cookie Ltd)  (signed and verified)

MD5:
056b08781b2bc1f708165e83b35c5b1a

SHA-1:
4fcec16687d6eda4af516823361f2b2e5aaf6de0

SHA-256:
3440ea4aee08ece4823d35480c22538012bb66bf10fa0422a00c2e94fe8cd654

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/16/2024 5:57:40 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.FC (M)
16.12.21.14

File size:
195 KB (199,640 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Common path:
C:\users\{user}\appdata\local\169172757.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/17/2015 12:02:44 PM

Valid to:
5/20/2016 1:13:14 PM

Subject:
CN=SpeedyConnector (Fried Cookie Ltd), O=SpeedyConnector (Fried Cookie Ltd), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121D5D9ED2E82ED7D744108121C4DCBB9AE

File PE Metadata
Compilation timestamp:
1/31/2016 11:04:58 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

Entry address:
0x2479C

Entry point:
6A, 60, 68, 78, B1, 42, 00, E8, 30, 15, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 7C, 16, 00, 00, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 2C, B0, 42, 00, 8B, 4E, 10, 89, 0D, 38, DC, 42, 00, 8B, 46, 04, A3, 44, DC, 42, 00, 8B, 56, 08, 89, 15, 48, DC, 42, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 3C, DC, 42, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 3C, DC, 42, 00, C1, E0, 08, 03, C2, A3, 40, DC, 42, 00, 33, F6, 56, 8B, 3D, 20, B0, 42, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
168 KB (172,032 bytes)

Remove 169172757.exe - Powered by Reason Core Security