home

baixar-musicas-gratis-3-8-0-32-bits.exe

Swift Funnel (Fried Cookie Ltd.)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application baixar-musicas-gratis-3-8-0-32-bits.exe by Swift Funnel (Fried Cookie) has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from d.baixakifiles2.com and multiple other hosts.
Publisher:
Swift Funnel (Fried Cookie Ltd.)  (signed and verified)

MD5:
e7207388be3cd2a3ed7a474fbe1a44ff

SHA-1:
b4d50500486908e9e9d8cb06420fd7bd8fafd536

SHA-256:
53128b0d5fdcf490b297ed18e07bce43ad1c74f4dc9de02854e671eba0e791ff

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/27/2024 2:02:11 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/InstallCore.Gen7
7.11.186.230

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.141128

Comodo Security
ApplicUnwnt
20121

ESET NOD32
Win32/InstallCore.RO (variant)
8.10742

Fortinet FortiGate
Riskware/InstallCore
11/28/2014

K7 AntiVirus
Trojan
13.185.14057

Malwarebytes
PUP.Optional.FriedCookie
v2014.11.28.07

McAfee
Artemis!E7207388BE3C
5600.6932

Qihoo 360 Security
Win32/Virus.Adware.94c
1.0.0.1015

Sophos
Generic PUA LE
4.98

Trend Micro House Call
Suspicious_GEN.F47V1114
7.2.332

VIPRE Antivirus
InstallCore
34894

File size:
698.9 KB (715,672 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\baixar-musicas-gratis-3-8-0-32-bits.exe

Digital Signature
Signed by:
Swift Funnel (Fried Cookie Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
11/4/2014 3:05:02 PM

Valid to:
11/5/2015 3:05:02 PM

Subject:
CN=Swift Funnel (Fried Cookie Ltd.), O=Swift Funnel (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11219222B1C3CFE5BB71BCB5117BC2A44FC6

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:HT2aBIZBhDJLKc7NlZ2llDPkRZ1PZZrspGqNUHUBxvrQkgEm/XFjwHXwAbd2yZR0:HT2YIlw2yDMRdZrxqNyUB5rQkklwHvbK

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file baixar-musicas-gratis-3-8-0-32-bits.exe has been seen being distributed by the following 4 URLs.

http://d.baixakifiles2.com/?ic_user_id=254&data=AioEuGbo3XoOVXZkixRbgyZgANf1u 6BbyUjgguqJQ2f4ySHb yuOV o0bjkveSIXwTlaKOsp6Fx0x pH0LlHozXNKZKud1g5LxUZCRzYqBguwFD Sj0k10Jj8oJF0ThyD6ig2 4XaETCsjMnj Yeu8/r5j/P3Mo3XoOQ6f3GYihAZUp2f1DfWuUPGDl64qZrif88Mc9PtXa xK3jblABJ8d96rkzsZ SD3DEL9hwLX4iPxmLTdHfF88YxDYn6W3GELn5AhR6H9Z un944AhVtXvgHv8PRtmBlh1Y0t5Fqejt36feGYIrTwqirBdbNpTl PYF3NbDXpSPPRVTJDiJBRjxVMVlOklpMUb E3Rk sb9IbMiPdvt4mywtBDSzzZO0m12WOLtkZTuPJnDSxgnv/AzVkTgFhZKcrPv4d6nVkT5Y6fe9prLQpKlXunpJCRTcj/cDdjjkWGiljEu4 5vOZBJ68eKrZHHeqEvDCMcQ8ntA PmPrP8YBy9RhZq8/MUrdb ApYB03EpAaELQvSWemT20RnZQG3YG7TdGCqH4Hex2p3Gm KFNcK7/l1rTdJjK4yktCXFlWLNQxR3wlGwjxXWKbVd4vgePFeFYt/lf2mvuxqZvdFB4/Z 8jqINXszKyPPUn2Par7q65FZmElCHg4G0qbq3 jfwqjQHgLlvM3RVh8FszXtaEDYYmlNNgktY8W52 /rDiv0CXvt/kbS53ryKtsgMrjBgtVUMLnrTyxxhtBgT1keISZ8R/C6LNRtVDiMYCFJNRG7x/.../JH Sw4uAWibpPIYE876n7rkcMGAvqm68X6DyzHK7di9UDT1rtcq2fSsTV8Ce3W5ZCFlQ4R1RUZJK9nquh8P4IVGRxdk bV Ax3y00IZCBet2neyAVQxiazSJhJgh3Bq5yK693V28kTVkH2vg

http://d.baixakifiles2.com/?ic_user_id=254&data=P0fl/ L7Ozr62fj qh0/6hc2U6DCXtyvYjmCpEsy435W/Tlu15lBn 13lTNq6oVJ5aEq4/FRQA5euI8Um1fGyR0gkjLzF2IT7zfbYk/LuWLsHKA4FpRnqRTT2tNB6BwLnTAwiaezhbDzIdNfqNjO9OU2ilcS/Xg3gzlD2b1LZ0sCgRW5XUlL2Pqm7GMGYr35YED zZY4GYq2Wb6VGfvaGyX/ZkCvFeseMsZplgql/b41AXxApsI4r23Ha haTbu3zDsL2SoMYuB3ld F/bK4Cr8T5rOBQ0sW5G26K2k0M4oXoikhfNzI0vFm0Ke0006acxNXffNcDu7q6SRsiNWoBAVEmIQYbrksHS91DXn7rHlnEmKtiK6lyd dhpffjGoR5 AEtkle1pfpx1mNCM/Fac0Ur98IuvLHZUPNXT4DT2G6I78oMUSpBOd2l2x/hP9gnlfzZDMPLj3kQk64I4GzJHseQYCdp0pvUedR840KBDEAH1BhRiga8oUJlgINmBCmPxwV9qM9VovME r2sA91qMQ8b1YyGHhjBL1G3SIabONi5thKHzB8MB1M7pAP0Q6ZxvWYDrjTHQd/bhPxFJSWXWqanPa3Ol0sA0msqq6vvKonRgPRJycvuvvvZTp1RUDOiEua63c2j3h0lu4azSJ 9Yg9mV0gJTMxmpA2ewI/yJwi7B8CYT2wkzBQclJrZ0Tg8R48FFAD/.../IXZsg4ObR0xLDCHS6EK0HV5f58gGfT5HxlJFBZEMK5IQYSK6v7bMO3bSZyG0HohAB4Xnvsk1i3R0e88zxxkIgdPPJ6SMXt2Jbnoc1XSBOWXpy01FmmIbO

http://d.baixakifiles2.com/?ic_user_id=254&data=zd6LK4Tspk6bnhlTnQYoYvjXOTaAlfPHcgZ9pb 7RA7r2O0B4g8pEDL3IvYR/6adhQDOdBDPpMOlzPTrZ6neQqTWc/z9ULsB7jzs/9vwFdnMYDa/LiKi7sv44OJiBKToh4WhOOOy6Th3bwtH71lL8DLgVr4d9 4NY7aFdU/dEltHWeqJCCA5QvwnxLApuxfqtNcv52JVb2YicrM7rpKtOHf6IP1tH/xangiGqXgbdot JFpELNl0EupO91huWXp2LAVLGYv J1NigEV38mVorYDudqPFnKI0WaX7cltgUXJfcxKC60wsfryl4JDeSsL9WmYeuS0t5hD9 SwAm8SFW5GJ0zDtbQm2FkfDBfCdNOGW82UxXwz7FOf8K3QxWC/KomUG136aAljOs7Wv4up0zNPlrpG0CpHEUGOaYDPi8tNiygS6YSdqzc3XCcE/45fAkwao4yesXRRhwEo4Ps5zNCqOCDt6bb5wMBT mD11A2/mN/Ue1ZMH5d8YMBWFouDQMa0Y9pvYHssNmRTtUyDo3xSZTaLHjayBLvCMgBQ7z1WhhMrkzKmRY1lhUi6h4oqG45QgiUaUr0GVVLQ82T55QWJE6LPFyh YuQqsagTvFZQ0k0YVWubFl5UBqKLXjWA KPWR26wFmZacO3YfO/ oBy0y98vn4kY4xinFIcoBkZpbCmNZjPPZXyItP3NbiMeaUXkIRtoXBEAqiX5ylyw01qe4s9Foh9NPx0cQUnKbcPy4PVwOhqXP jkoxNblKGt4drrrZ7zkuKfpy2RGA3yFtQ==&key=PbkMxyvSowDzQQzMMxHt4eEcb1bS0yi8dHT5RMjKdhq04g4PqT r/2RL5AIdCiEQfVbuc3ihrk3o2NPpd/Nn237rsRoHhh8f3AsiECXpfgR8Bqk2BmjVkB3MhwRQe00uKq4/.../6QEA7Rgw1bD8C

http://d.baixakifiles41.com/?ic_user_id=254&data=fWMW0LM5u/joJOiJyXokvZ3 lUHLgp89cd JAwRrc0d6LE3dXI6SAsABYnyasoQUVMZ44X9CIdwU4fBz/fQzihMKRGvYZTdsQTR/Z4L08N2PoYRJfmKrRS6nqtC8bHNlFhmp8NWEfT1KDJVuoHp6zQF933egk0uDILOepExhzhKYJ04mgWRF9n70ZjDeuczvtm8Oia03ZO9uItoU5QCvCpBMn1jdCVcBjgnt3WkBhM4oI2MAII54bH7x 6uhh9je/4flf159cS00/sGKu9sZ3RQMPGyLcbkJTk/VSvMI0 VS3qKcgeUH fOFUHNEDKjKiT/N58Lf d2rZzKF35JIrDPI5Jw0ndmFZFNKoC4pGFfwQtuXqK17sg1XgCo1LhD9QQv7vOXDGmD9XXbBiDygm8bcL/26AEvzRAkY/zVC4uxpoRmgxOiVGfq9whDFmS0hdP5TeHZ1H2jFS/MGk5Wf2JRyKkTZxdg6bCoXA30uGTCMW4N92By0nfsuDdszTNYaZBcKoiuw9kW1g0JHW5PnJnn8L1GOtvwz yFUpiqQmQpOHv/rqHtYbEkOZL/K/LxkQL3HzvLqg0YUdBzDxtDuPKCy9J3mW7FxpGmwa IIyqXUVOOQjviZEAKmZ2nO9p7xXQCasiXQS8CY3g0W/.../oerEL2cy ccEhlIHDGTnF9e1cO02CK3LeymSG isdECoOnxvb7j7tNAIQ7WY8RkE wrILFw==&key=aa0CGl9TWq3KZ19QVI0kDJo54wtvAHcN0IacjE2Uud3Z8yE9mrd6opZmfLTo3DzEu7g38P4uPEfPlTjaMrzKktU0NwdHfxs0mNfslV4pBStKfJvXuSQ1RtLC0o1jvAA30PbcJPasdQfwKpFbgQ6pjKcJsE

Remove baixar-musicas-gratis-3-8-0-32-bits.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.