allplayer-13217-dp.exe

Bab

Mode Beta (Fried Cookie Ltd)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application allplayer-13217-dp.exe, “Bab Setup ” by Mode Beta (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Mode Beta (Fried Cookie Ltd)  (signed and verified)

Product:
Bab

Description:
Bab Setup

Version:
1.6.2.1

MD5:
9db303b2498de0450fa86b4a664be934

SHA-1:
a95154906de6657f4c7e5af9922e30cbaf4486fa

SHA-256:
0090ba2cd0593244af9718117f30912729a13cba223afd6c26beae7abfb4ce53

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/26/2024 2:29:40 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.FC.Installer (M)
16.5.4.16

File size:
951.2 KB (974,072 bytes)

Product version:
1.5.2

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\allplayer-13217-dp.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 2:37:06 PM

Valid to:
7/7/2016 6:06:18 PM

Subject:
CN=Mode Beta (Fried Cookie Ltd), O=Mode Beta (Fried Cookie Ltd), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112172B4C29D53526C8AFAEF1C4F6265E881

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:Pvp7y5I5PpEla6JVWwIar2hfWz21GkqfQT7L7/bpoQOGZ/u:Hx8culbVzIaKhc2gkqfQTz99Z/u

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file allplayer-13217-dp.exe has been seen being distributed by the following 50 URLs.

http://www.vaultsgrabstock.com/WVl6OTRQV0ZzUzNKeGIxaGhSSHBuY1djd1IzVkNURzA0U25wamFuZFRiMXAxWVZJMVVIQlFaRFExZURZeFFVMGxNMFFtWXoxUGRsZ2xNa1pLVlU0eE9EUnFURTE0UWtwNlJ6VTNPVVpJWkRCSWFTVXlSbVZQY2pRMlFqQWxNa0pXTXlVeVJtY3hUM28zVkhrMllrWTJjSFoxVjBkRFIyNXBUVEJrY1VNMEpUSkNTbXhqUmxKNk0wdHBNRXMwTTA5T1NWTkpUek5MV0dwcllrbFRha1I1VUZSNFdUWklWRGw1V1Uwd1dtRnVWbVJEZG10VWFWZzRNVkIxVUVsMmFqa2xNa1p4VmlVeVJsaGllR1l3ZWtONmJHZGtRbkZHU1ZaMFp5VXpSQ1V6UkNabFBUQW1abUZzYkdKaFkydGZkWEpzUFdoMGRIQWxNMkVsTW1ZbE1tWjNkM2N1WVd4c2NHeGhlV1Z5TG05eVp5VXlaa1J2ZDI1c2IyRmtKVEptUVV4TVVHeGhlV1Z5VUV3dVpYaGxKbVJ2ZDI1c2IyRmtRWE05UVV4TVVHeGhlV1Z5TFRFek1qRTNMV1J3TG1WNFpRPT0=

http://www.dlchuckledl.com/c?x=BN3E84oX5bo6ro165hOEG6y9crjHyeqC aU4OupvXwg=&c=i5l9oLgr6oM9tudfyPdtTsmYOKri85k sCkHZEvbhfxjp1hhtsDTJZLvPXDaKb8lcnS3WUZCLZ9agee uGwlHlDzzMlMm8ab4uxT91aWOsjO68MOPbZ038juRwVeCSF rYzg8a /lNNEXFdhBrHOkEZDfGmooTYbfajnP23E2NKDG6LQ3R4D69mgLEeWbgmp&e=0&fallback_url=http://www.allplayer.org/.../ALLPlayerPL.exe&downloadAs=ALLPlayer-13217-dp.exe

http://www.nowapplicationsranch.com/WVl6OTRQVzVoUW5OalpHZG1iV1pOSlRKQ1lsbGlNRTFEYTI1VmRTVXlRbmg0ZDNab05GRnNPR3hSZFhGYU1tZDZTa0pWSlRORUptTTlWbVpLUlZSRWIwbzFjRThsTWtZMmRrMUlaMjB4VUdRMWFVWm9TVVIwYkVKS1NqWkVaRFpPYkdSWVFWWnNWelZMYlhGNGIxUlViV0pUUTJkbU1HSTBVMU5pWlhOeE5XaFVZVnAwY2xwU1lVSldZa3BCSlRKQ1dtMVhTMWxOV0VFNVFrbFFZekp0UVZZM2RuWlJSV1pxU1d0emREUlpiVVF4ZG5sWE0wUWxNa0oyZW5wV1YzQmpSRWxEU21JemJqRklOMGc1WjFZemNEWlhKVEpDZVdjbE0wUWxNMFFtWlQwd0ptWmhiR3hpWVdOclgzVnliRDFvZEhSd0pUTmhKVEptSlRKbWQzZDNMbUZzYkhCc1lYbGxjaTV2Y21jbE1tWkViM2R1Ykc5aFpDVXlaa0ZNVEZCc1lYbGxjbEJNTG1WNFpTWmtiM2R1Ykc5aFpFRnpQVUZNVEZCc1lYbGxjaTB4TXpJeE55MWtjQzVsZUdVPQ==

http://www.bundlebesthost.com/WVl6OTRQVE40VkUwMVlrVTROMVl5WTFnbE1rWkpURk5EUjNkSVFVMTJaQ1V5UmxwTVNqRnNVMmc1V21aTGMwbGlUM013SlRORUptTTlWbnBKT1hwWVNHOUVka04wVlZScldVNU5TRGMzZVdObmVXdGFaV3RWUVdSS01EVm5NakZQV0dKV1VqQnlNMVpHYzBWdlEwTTBWa3RvTTFGM1NsQjNRMkp4YjA1ME0yUlpSR2MwU0ZsUVdFRjBkaVV5UWtoU2JYUlBWMjVLWlU4NFkzSTRWa05CT1c1SmMwWmFXREJZSlRKR1VsaHVOa1JSYVc1c2JrSk5lamQ2ZWxaQk9WbDJjSEZDTTAxVWVtRTBNRmRrUVZOVFlXSkRkeVV6UkNVelJDWmxQVEFtWm1Gc2JHSmhZMnRmZFhKc1BXaDBkSEFsTTJFbE1tWWxNbVozZDNjdVlXeHNjR3hoZVdWeUxtOXlaeVV5WmtSdmQyNXNiMkZrSlRKbVFVeE1VR3hoZVdWeVVFd3VaWGhsSm1SdmQyNXNiMkZrUVhNOVFVeE1VR3hoZVdWeUxURXpNakUzTFdSd0xtVjRaUT09

http://www.dlchuckledl.com/c?x=DkO0Vl0aPfH2hJAygTQDM8hnXQa1 kn6yvjzrzFKhhg=&c=U9YvZwes8xyp0sBO zTyfHUr92Arvw3s3OchF0Z21Em4SCtQgWlmuDVig2I915KTBICt ixXHgAWf130xj0avrYyeYWx5TVkI1DBI4XA3ZSh4W2HCx HAUmnp7ugPlWdnnXaEDYBKk9V0PDbvqFwa0KoRVDcSSFveMjolgo6AWk=&e=0&fallback_url=http://www.allplayer.org/.../ALLPlayerPL.exe&downloadAs=ALLPlayer-13217-dp.exe

http://www.tourcontentdownloads.com/WVl6OTRQVWx1TlhGMk4zSlJOakExT0dkRmEwSlRWbmxWU2xBM2NIUkxSRkZUSlRKR0pUSkdkRTB4VEVwVmJUbGxjMmN3SlRORUptTTlUakJzTXpCWWRFYzNOSGQyTUhkNGRtMVFPVmsxTTFSdlUycEJObXcwVFdKS01IazFhRk4zYkRWWVVXZG5NRW8zZGxGaGVubHRiM0ZtWVUxeGEyeFRRalZ6UW5aamNGWlRjR05ZVm1Kd1NrbGtXVmN4WWtKaVdIRkViMnM1VGs1RVNtSkZXWFozZGpSSE5WbzNZMHhCUWpOWlZtTTRVa3RtUzJkbVdUWk9NbFpuUTBoeWNtOUZUa0pNTlhKTE9FcGlWaVV5Um10alMxRWxNMFFsTTBRbVpUMHdKbVpoYkd4aVlXTnJYM1Z5YkQxb2RIUndKVE5oSlRKbUpUSm1kM2QzTG1Gc2JIQnNZWGxsY2k1dmNtY2xNbVpFYjNkdWJHOWhaQ1V5WmtGTVRGQnNZWGxsY2xCTUxtVjRaU1prYjNkdWJHOWhaRUZ6UFVGTVRGQnNZWGxsY2kweE16SXhOeTFrY0M1bGVHVT0=

http://www.packagesoftwaretowers.com/WVl6OTRQVEJ6VFZkTU1DVXlRbWhqTTJKTldVWldURk5aTjNZbE1rWmxabkZvT0hBM1FqSlJWMVo0WjI5NU5EUk9kbk56SlRORUptTTlUemRyV1doa2VITm5PWEpNUjBkbFowRnhORTlqY3lVeVJrWkxaVkUzWm1SRWVrNDVSQ1V5Um5jMWQweEdaWGwwV0hadWMzcGxjV3B4WVRGbmFrdDFRamxoVVhvNFQweHZhMUI2VEdaU1dsRnFKVEpHU1V0Nk5uSjNNVVZKVTJrbE1rWkRNRFpIVUc4bE1rWk9WWEZ4YmpWRWRrVjZTbFJpU0hKS1lXWkRaRk5tVlhSQmFVNGxNa1p6UTBoTGJUVTNkRUp1UkZabmJIVlJUV05FY2tveVJGcEJKVE5FSlRORUptVTlNQ1ptWVd4c1ltRmphMTkxY213OWFIUjBjQ1V6WVNVeVppVXlabmQzZHk1aGJHeHdiR0Y1WlhJdWIzSm5KVEptUkc5M2JteHZZV1FsTW1aQlRFeFFiR0Y1WlhKUVRDNWxlR1VtWkc5M2JteHZZV1JCY3oxQlRFeFFiR0Y1WlhJdE1UTXlNVGN0WkhBdVpYaGw=

http://www.bundletourtown.com/WVl6OTRQVmxxWnpaeUpUSkdla2xFYkhGelpXOXFjbGN4YlVablNtczJOME5SWjNkNVoxb3lOMU54VVRJM01USm5heVV6UkNaalBYbEJabkV5WjAwNVVVUm9OV2h1WjBFM1dYTmlhMDhsTWtKcmJFbzFNbWxUYjIxWlJYWjNjemxXWmtkV1FVSlNSalJwVW5WUEpUSkdkaVV5UWt4TWFuRm5TbTlxVWxvd1IyeElTVzE0VlVKWGVUSWxNa0pVSlRKR056bEpSVGhYTWlVeVFtVlZhMjR3VVUxaVJsZDNVWGhYVVZOa2VqbExkRlZ1YVhjMFdtZHViRlZFTTJOamRHcHlPV0kxYnlVeVFtMWxaMGswUzI1YU9UaEVVVkZEYVRkalNrcG5KVE5FSlRORUptVTlNQ1ptWVd4c1ltRmphMTkxY213OWFIUjBjQ1V6WVNVeVppVXlabmQzZHk1aGJHeHdiR0Y1WlhJdWIzSm5KVEptUkc5M2JteHZZV1FsTW1aQlRFeFFiR0Y1WlhKUVRDNWxlR1VtWkc5M2JteHZZV1JCY3oxQlRFeFFiR0Y1WlhJdE1UTXlNVGN0WkhBdVpYaGw=

http://www.bundletourtown.com/WVl6OTRQWEJLUVRoMWVtMXZWM00zTlRSMGVVcExVRW93U1dkalpGRjVVR0UyVTJrbE1rSkRVbk00VUhZeU5XTjZaeVV6UkNaalBVZGxUbVk1U2xnM1drNUdURUp5V1U1V2JGWlBPVzkyUkdzNVVqTnpaRGczVEdGWFdUQjJWMHhGT1V0NVppVXlSbk5YWVVGNWFVWkhibU5hZWtGQ2FEZG1TbmhwUjJKS0pUSkdWVkY2VDBseFpsTmlSRzVGYlhCNE1teFVZelZhV1UwNVNVNTZUVTlvZURCck5DVXlRa1p0ZDFWM1pIQmtNRGx0WTFwS2NGQnplVFJvTUd4Nk1URnpWSEpqTVRCcFR5VXlSa0pMTWtVNFNVMVBaM3AzSlRORUpUTkVKbVU5TUNabVlXeHNZbUZqYTE5MWNtdzlhSFIwY0NVellTVXlaaVV5Wm5kM2R5NWhiR3h3YkdGNVpYSXViM0puSlRKbVJHOTNibXh2WVdRbE1tWkJURXhRYkdGNVpYSlFUQzVsZUdVbVpHOTNibXh2WVdSQmN6MUJURXhRYkdGNVpYSXRNVE15TVRjdFpIQXVaWGhs

Latest 30 of 54 download URLs

Remove allplayer-13217-dp.exe - Powered by Reason Core Security