home

adobe-reader-xi-21590-dp.exe

dobreprogramy Downloader

Mode Beta (Fried Cookie Ltd)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application adobe-reader-xi-21590-dp.exe by Mode Beta (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. With this installer, users are expecting to download Adobe's free Reader but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Mode Beta (Fried Cookie Ltd)  (signed and verified)

Product:
dobreprogramy Downloader

Version:
4.0.5.53065

MD5:
ce3e2acea601607ad499160b80a35e2d

SHA-1:
ba94b540b8db1e314d6ac2283c5a7e033d138868

SHA-256:
2dc250504812f1c3aad6bd91b3a4b54b06d54cd905293dae45ee121684e1f13b

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/16/2024 9:56:05 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.FC.Installer (M)
16.3.4.9

File size:
1.2 MB (1,231,824 bytes)

Product version:
4.0.5.53065

Original file name:
ClickOnceSetup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\adobe-reader-xi-21590-dp.exe

Digital Signature
Signed by:
Mode Beta (Fried Cookie Ltd)

Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 2:37:06 PM

Valid to:
7/7/2016 6:06:18 PM

Subject:
CN=Mode Beta (Fried Cookie Ltd), O=Mode Beta (Fried Cookie Ltd), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112172B4C29D53526C8AFAEF1C4F6265E881

File PE Metadata
Compilation timestamp:
2/22/2016 12:24:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:qqK0qcyRTBEihoVBOY1htvID4rNX677Qayw398cCgr/WurszRITgH:qq9PLtvID4rN++PzRIT+

Entry address:
0x124F3E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.1 MB (1,191,936 bytes)

The file adobe-reader-xi-21590-dp.exe has been seen being distributed by the following 2 URLs.

http://www.farmbinarieshost.com/c?x=LouGWb6/kZUERW99kBkMTjyCpwxof6Un3UtF9qnvBec=&c=XWGfeoh rI2MGb9ugdWmPy7Sw6oaa301vTNzolIWKDOEwVrB/Ctkl3aQ463xeP038 bmlLGi35O7cEQSXwxJAXw50YK1Kjw5ktI1sdhYuY15egT03qh pDC //e5yp/c&fallback_url=http://ftp.adobe.com/pub/adobe/reader/win/11.x/11.0.00/.../AdbeRdr11000_pl_PL.exe&downloadAs=Adobe-Reader-XI-21590-dp.exe

http://www.farmbinarieshost.com/c?x= l5TWzK9v7DY37//InDf6Z uNWFqFldNfkUNqLtf7Ys=&c=HISQXMaKNAcHAZFuiaixev4HG3EJIPHXkmWcQc0cSHlCehX4AqMLhAlN2nyqdQzVVotxNw8wFDQS8wGls70eFlAnBDnkLby7nQDy2fIKqVEBILX6mIpw/edHpGpyck Z&fallback_url=http://ftp.adobe.com/pub/adobe/reader/win/11.x/11.0.00/.../AdbeRdr11000_pl_PL.exe&downloadAs=Adobe-Reader-XI-21590-dp.exe

Remove adobe-reader-xi-21590-dp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.