home

action-33680-dp.exe

Getub

Mode Beta (Fried Cookie Ltd)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The file action-33680-dp.exe, “Getub Setup ” by Mode Beta (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Mode Beta (Fried Cookie Ltd)  (signed and verified)

Product:
Getub

Description:
Getub Setup

MD5:
1e051ff4e7847b1a452214a63951270f

SHA-1:
b747da57d244cdf59ae51123c378000e7d8f238e

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/16/2024 1:25:02 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.FC.Installer (M)
16.3.5.4

File size:
1.1 MB (1,103,152 bytes)

Product version:
2.0

Copyright:
Application

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\action-33680-dp.exe.uktoywy.partial

Digital Signature
Signed by:
Mode Beta (Fried Cookie Ltd)

Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 2:37:06 PM

Valid to:
7/7/2016 6:06:18 PM

Subject:
CN=Mode Beta (Fried Cookie Ltd), O=Mode Beta (Fried Cookie Ltd), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112172B4C29D53526C8AFAEF1C4F6265E881

The file action-33680-dp.exe has been seen being distributed by the following 2 URLs.

http://www.conceptsmetatag.com/c?x=iC8Es1t0ny/IN/DzfxPgKHopVJsbowE9YInTD8UrMcE=&c=vA8tNj/M6NHyMrigHfGWGZRhkbr3I8SDkRQ0n7bvKp8xPa7eOQtBCrzBgr8JVwxP69Nk6XBbM2QiniX4IvGMzIose0UUMa5InvDkvFvurkoJvXvORA8/ZQ6o0V9AEpXQ&fallback_url=https://mirillis.com/.../action_1_30_0_setup.exe&downloadAs=Action-33680-dp.exe

http://www.townfilesdownload.com/c?x=NEdCe4Dpw8nI6b/ LMI/tWpphFI5 1Meydq89qurvWU=&c=X06Rk5gHUGr2KGIO5hnjVBe3B dUaqXg8F6UPoxzViEIXhcdwxszGN DiFYY7rjRzm0KxcZ9bMagJ9oyC3DFdXFI6QWFRbnkJE2cJSJd23p75rPeEmbg3/3Re NtdHmV&fallback_url=https://mirillis.com/.../action_1_30_0_setup.exe&downloadAs=Action-33680-dp.exe

Remove action-33680-dp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.