» 189195422.exe
Overview
Analysis
File Details

189195422.exe

SpeedyConnector (Fried Cookie Ltd)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application 189195422.exe by SpeedyConnector (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

189195422.exe

Publisher:

SpeedyConnector (Fried Cookie Ltd) (signed and verified)

MD5:

8aef1fd0243446295943e5e1bf8d6ce2

SHA-1:

d9b2a38c5c93ab8dc7b6d9deec2a8f56b026826a

SHA-256:

6092b6b3da01c2f0b158028f78e7be133f77a8f8e4007dcf7d612e6b9d53ba39

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

11/16/2024 5:21:00 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.Installer (M)

16.2.4.20

File size:

307 KB (314,328 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore

Common path:

C:\users\{user}\appdata\local\189195422.exe

Digital Signature

Signed by:

SpeedyConnector (Fried Cookie Ltd)

Authority:

GlobalSign nv-sa

Valid from:

12/17/2015 2:02:44 PM

Valid to:

5/20/2016 5:13:14 PM

Subject:

CN=SpeedyConnector (Fried Cookie Ltd), O=SpeedyConnector (Fried Cookie Ltd), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121D5D9ED2E82ED7D744108121C4DCBB9AE

File PE Metadata

Compilation timestamp:

2/4/2016 2:53:20 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

6144:y64jVPo3b1CB+5PeRrRf/NF62pIDKdZi9cfohVN/arxQAHPjQFaw:cVPorAieRrRHNFPpIDKdZShjaPr2aw

Entry address:

0x3FCB0

Entry point:

6A, 60, 68, B0, 71, 44, 00, E8, 30, 15, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 88, 16, 00, 00, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 28, 70, 44, 00, 8B, 4E, 10, 89, 0D, 38, 9C, 44, 00, 8B, 46, 04, A3, 44, 9C, 44, 00, 8B, 56, 08, 89, 15, 48, 9C, 44, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 3C, 9C, 44, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 3C, 9C, 44, 00, C1, E0, 08, 03, C2, A3, 40, 9C, 44, 00, 33, F6, 56, 8B, 3D, 1C, 70, 44, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03... 
[+]

Entropy:

7.6822

Developed / compiled with:

Microsoft Visual C++ v7.0

Code size:

280 KB (286,720 bytes)

Remove 189195422.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.