acdsee-video-studio-58840-dp.exe

Hof

Mode Beta (Fried Cookie Ltd)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application acdsee-video-studio-58840-dp.exe, “Hof Setup ” by Mode Beta (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Mode Beta (Fried Cookie Ltd)  (signed and verified)

Product:
Hof

Description:
Hof Setup

MD5:
86384d5a7d718fd52e77255249b2af5a

SHA-1:
9fce30fbbb27c8846160043edfed6ae14d574225

SHA-256:
1d4d671b6a25326e3a5b13b9e3f99ae835ec7c06483cb5e1f7f6f0f055250aa0

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 4:48:36 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.FC.Installer (M)
16.6.20.3

File size:
965.6 KB (988,752 bytes)

Product version:
2.7

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 2:37:06 PM

Valid to:
7/7/2016 6:06:18 PM

Subject:
CN=Mode Beta (Fried Cookie Ltd), O=Mode Beta (Fried Cookie Ltd), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112172B4C29D53526C8AFAEF1C4F6265E881

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:oJi+t786bZa4IfLxWBrPIaPoOghcuplRS:ooM786boTqrHoj2urRS

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file acdsee-video-studio-58840-dp.exe has been seen being distributed by the following 16 URLs.

http://www.signbodycycle.com/WVl6OTRQVGhQT1RCd2MzSm9WRUpvV1V4QlNXUlBSMGxxTWpkYUpUSkNVelphTlc5aVZqUlNlak0xZVNVeVJsVlpZVVk0SlRORUptTTlWR05LYm5veFZHTWxNa0ppTTNGMVNUQnZkVTFtV0NVeVJtOWlZekk1VWtKWmNtUk1PVlF3ZUVod1oxUTJSbTF6TW14TmVqbGhVV3BtY1ZRMU9HcHVOVzFYVHpOUk1rRk1ZVVZsZW1wd1FXMVpNVFY0VFZwNFJHRXpRMFp3YmxBM05VZExNbkZZWWxWVGVqSWxNa0p1U1VabFN6TlhZMGhXZEVadlRHcG5ibXByVmxwU05UbHpRbTVOUkZKR00yODVUREU0VEhSc1dYQkNRekZuSlRORUpUTkVKbVU5TUNabVlXeHNZbUZqYTE5MWNtdzlhSFIwY0NVellTVXlaaVV5Wm1Sc0xtRmpaSE41YzNSbGJYTXVZMjl0SlRKbVlXTmtjMlZsTFhacFpHVnZMWE4wZFdScGJ5VXlabVZ1SlRKbVlXTmtjMlZsTFhacFpHVnZMWE4wZFdScGJ5NWxlR1VtWkc5M2JteHZZV1JCY3oxQlEwUlRaV1V0Vm1sa1pXOHRVM1IxWkdsdkxUVTRPRFF3TFdSd0xtVjRaUT09

http://www.cycleapplicationshosting.com/WVl6OTRQVzBsTWtKa2FXaHNhU1V5UWpRMWFFVnRRVVZhZW1OdE1uWnVTSGw0Y1RWNFJWZzJaWEJKSlRKQ1VXcFJXa2hsYmswbE0wUW1ZejFoWjNGd1kxTllaekpETUNVeVJtc2xNa0p2YjFrM2FtSnBjMFZzWTIxWFdFWlZTbWRoYlRCWVdYUlBTV3huV1VNeVNYRXlOREZPWldVMFVrOTBaalJVWjNFMk5GbFFVMjEyY1d0UlEzRllRVWxCVnpSb2NtTkdWbmwwYmtZM1VXUXpUa3hrT1hCRGFYZG1hRE41ZURKNVJWRjNVMEpSTjJaM1dHbDVNREk1VUdaaWVUZG5kVzl5YzFOT1FqaGFhVTFZV0c5bWRteHdSR0ozSlRORUpUTkVKbVU5TUNabVlXeHNZbUZqYTE5MWNtdzlhSFIwY0NVellTVXlaaVV5Wm1Sc0xtRmpaSE41YzNSbGJYTXVZMjl0SlRKbVlXTmtjMlZsTFhacFpHVnZMWE4wZFdScGJ5VXlabVZ1SlRKbVlXTmtjMlZsTFhacFpHVnZMWE4wZFdScGJ5NWxlR1VtWkc5M2JteHZZV1JCY3oxQlEwUlRaV1V0Vm1sa1pXOHRVM1IxWkdsdkxUVTRPRFF3TFdSd0xtVjRaUT09

http://www.currentdlhosting.com/WVl6OTRQV3BKZUd0U09XTjFZbVZGYUhOTllra2xNa0pxTkdSR0pUSkNiR2M0Um1oRFl6Rm5OV1JqZWtoQ1V6SnVUM0p2SlRORUptTTlVeVV5UWxnMVpraHBSMmhXU2psdGNuWkZUR0V5ZUc1cFZEZHZaVVZDY0daVmIzQnJWa3BsUlhsbk0zbE1XbTVyU1dKWFJXMVVVVU5IYVZRM09WaHhOa05DYlcwNE1TVXlRbk00VVVOMVRIcDJVVGxsYm1kSE5HRjBKVEpDYm1Kb1FqTTBla1JYYWtGMGJHdHVhMDFxVW1sSFRYaEllbnBDTlVwSU5VTm5XaVV5UW5FbE1rWlZZVU4yZVZOMWFHczFaVXgzYWxKRlYxZE5iRTVyUkVwVlFTVXpSQ1V6UkNabFBUQW1abUZzYkdKaFkydGZkWEpzUFdoMGRIQWxNMkVsTW1ZbE1tWmtiQzVoWTJSemVYTjBaVzF6TG1OdmJTVXlabUZqWkhObFpTMTJhV1JsYnkxemRIVmthVzhsTW1abGJpVXlabUZqWkhObFpTMTJhV1JsYnkxemRIVmthVzh1WlhobEptUnZkMjVzYjJGa1FYTTlRVU5FVTJWbExWWnBaR1Z2TFZOMGRXUnBieTAxT0RnME1DMWtjQzVsZUdVPQ==

http://www.headbitsapps.com/WVl6OTRQVk5SUXlVeVFuWTJOSFJPYW5odkpUSkdiRmQ1T0hoVFNEUlZURXB3VFU5WVYxRnRRVUp0TlhvbE1rWlBOV2c1VFUwbE0wUW1ZejE2TVVWcFl5VXlRbUZQVkdGVFZGUlRVRXh2SlRKQ1FtUlphalZUY1ZWbVowdHNPVkpuVFd4MWNubHBkWEJ2TkdSWE5XcFpOSGRaYUhoU01EaENibGhCZW1oTlZGcHpKVEpHYzJaSWNqaHdiWEEzZUc1ME4yNU5aMEZrWkZWNWFXcDFhR0UyUjNWTFJ6bDRjMkZMZUhwNUpUSkNKVEpDVlVaQlZ6Tk9VbVZ5U2pKeWEySkxkSEJ2WVhOcVlqTnVhVE4yZEU5SVVqQndVSEZFTjNaRVF6bFJKVE5FSlRORUptVTlNQ1ptWVd4c1ltRmphMTkxY213OWFIUjBjQ1V6WVNVeVppVXlabVJzTG1GalpITjVjM1JsYlhNdVkyOXRKVEptWVdOa2MyVmxMWFpwWkdWdkxYTjBkV1JwYnlVeVptVnVKVEptWVdOa2MyVmxMWFpwWkdWdkxYTjBkV1JwYnk1bGVHVW1aRzkzYm14dllXUkJjejFCUTBSVFpXVXRWbWxrWlc4dFUzUjFaR2x2TFRVNE9EUXdMV1J3TG1WNFpRPT0=

http://www.dlsendcentral.com/WVl6OTRQVTF4V0d4YVowNTFVSFEwUVc5WGRYWnRXVXN5ZFZwNVltd3pjWGhaYlUxR1YyMHpWMDlhTVRSd2NUUWxNMFFtWXoxdlRFbEtXblJ5Tm5kQ1dXWmtaa04wZFZoQ09YZEZiV3QxYUcxbmMwbEVPVGhPVWxaUmMxaDBUV3B4TlRWYWEzTWxNa1kxY0VaU1R6TlVNU1V5Um0xeE1EWkRNVVZ0YWpCMGMzVTVUV3h1TUZGb09YZENWMVExTkU1cVluUldkREp5TlZWUllXeERjamxXZEhoUlRsTkVkbTFLUm00bE1rWlJOM0oxY3pKbVdpVXlRbVo2ZEhaWWVISk9NblJGYjFaTVpYSTRVa1o1VnlVeVFqTlFKVEpHYjNjbE0wUWxNMFFtWlQwd0ptWmhiR3hpWVdOclgzVnliRDFvZEhSd0pUTmhKVEptSlRKbVpHd3VZV05rYzNsemRHVnRjeTVqYjIwbE1tWmhZMlJ6WldVdGRtbGtaVzh0YzNSMVpHbHZKVEptWlc0bE1tWmhZMlJ6WldVdGRtbGtaVzh0YzNSMVpHbHZMbVY0WlNaa2IzZHViRzloWkVGelBVRkRSRk5sWlMxV2FXUmxieTFUZEhWa2FXOHROVGc0TkRBdFpIQXVaWGhs

http://www.vaultschuckleapplication.com/WVl6OTRQVFE0UW1Kb01WSnpSbVEyUkVaUGFFaHpWaVV5Um14bVRFNUlhbkl6U1VkNFIwcHhjbFZQZEc4NVMwd3hieVV6UkNaalBWRnVkMjVLYTI1V1drdDRSVGhHY0Uxb09TVXlRbTEyYTFVbE1rSkVUVkJZUlZwWlFYTkVTRTVSVVRBNGRqVkZVVkZHYlRrMGVXeEJVRUZWWWtnMlZtRnlWMUZqZDJ4VFMwOUpZa3RoWmxVMGExWnpjbFlsTWtKTmNHVTBNa05pYlZNelFsbElRM0YyV1V0QlExRkdOR0pCUTNBd1ZFRnFTMFJJVDIxTU9XRmxOV3RtTUdsd2NIUldjMEZqV1ZONE1uUTRWa3BNVjNCSlJuUTVaeVV6UkNVelJDWmxQVEFtWm1Gc2JHSmhZMnRmZFhKc1BXaDBkSEFsTTJFbE1tWWxNbVprYkM1aFkyUnplWE4wWlcxekxtTnZiU1V5Wm1GalpITmxaUzEyYVdSbGJ5MXpkSFZrYVc4bE1tWmxiaVV5Wm1GalpITmxaUzEyYVdSbGJ5MXpkSFZrYVc4dVpYaGxKbVJ2ZDI1c2IyRmtRWE05UVVORVUyVmxMVlpwWkdWdkxWTjBkV1JwYnkwMU9EZzBNQzFrY0M1bGVHVT0=

Remove acdsee-video-studio-58840-dp.exe - Powered by Reason Core Security