» c.exe
Overview
Analysis
File Details
Downloads (20)

c.exe

DarwenDLM Downloader

Superb Alpha (Fried Cookie Ltd.)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application c.exe by Superb Alpha (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

c.exe

Publisher:

Superb Alpha (Fried Cookie Ltd.) (signed and verified)

Product:

DarwenDLM Downloader

Version:

1.0.5.53112

MD5:

55629ff45c1e00ce48387663e287ef43

SHA-1:

45c34d93fb7e26b79aa61377e03e751e081c1483

SHA-256:

5c8fc03f430e4ce0e173b3415652186af0998e1ab3fcfdaac0ef3db39823723a

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/28/2024 2:32:05 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.Installer.Installer (M)

16.2.25.7

File size:

1.2 MB (1,233,368 bytes)

Product version:

1.0.5.53112

Original file name:

ClickOnceSetup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\c.exe

Digital Signature

Signed by:

Superb Alpha (Fried Cookie Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

12/17/2015 5:30:57 PM

Valid to:

6/22/2016 8:18:43 PM

Subject:

CN=Superb Alpha (Fried Cookie Ltd.), O=Superb Alpha (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11217F30BAAF40AF8D13BE6DB4153600593E

File PE Metadata

Compilation timestamp:

2/23/2016 4:51:43 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:t2KFgeCz+fqwhZBYfH7NLRsksYTqFTG+hsazNvFsms9Ox:trmHzDwhZAZLdCTGisazNvFsz9G

Entry address:

0x1254FE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.8321

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

1.1 MB (1,193,472 bytes)

The file c.exe has been seen being distributed by the following 20 URLs.

http://www.flashuniverseranch.com/c?x=aeAMjjT18Cl1CHheTX7e JugBgoJcqJsg7g3 G5Xiuw=&c=f4Nb4gmw40ILZorsX6bMaZETRQvLpIDXzsTGRWzv3Zq0JNjei48dh6Jk4YhNDC9tiSS0fbKrm2KTb/YBkzybuvI/wVyna7Y6gHXvuVlj2bwNgQiNA9m6t0KvbGtD yhr&downloadAs=Google Chrome Setup.exe&fallback_url=http://www.downloadfree4.com/landers/.../download.php

http://www.flashuniverseranch.com/c?x=CVx1uzkXXH/7BH3qlwes7IQQVvzEJcmYbPaVYEPg ng=&c=det h9/V8CKl R7z51nj DKL9VMaifk4j k/66RtidJb0q5CLkswi9CzVQcYnF6lOo7FRXMlavUZk Bil2smsBypq/swmBbSAoKk0Mu1e6UPQVWwPznJ58QLZWjWAJR&downloadAs=Google Chrome Setup.exe&fallback_url=http://www.downloadfree4.com/landers/.../download.php

http://www.flashuniverseranch.com/c?x=oHig0R9pkzJT RgMmDlWOw/LA MBV6yz GgjQAmuz9A=&c=bCHMU4U9DNn6U2Zji16e2Lau wQ63W3WX6gtejUf9ksdPMlVPSblkkAmSXduw13cgzHTO2umAMU8BMKieR8gl9GruVJzDRev31r6EeutIZxdSup/8dNdkhCmkC9DiMrG&downloadAs=Google Chrome Setup.exe&fallback_url=http://www.downloadfree4.com/landers/.../download.php

http://www.flashuniverseranch.com/c?x=HoUCGbDOlM jMqh5RRcijSqxS1a 4CNB4gsZUJzcZH8=&c=BoRVgaAXgh3iE9xh3N4eS80jAAlXuLBf17AuSTz3jPsGN0Lzy8GntFHsu1Sbkgq6IuuB OogsyEIQj1xGOWZac0R43sRO08aOCiymNX7IYI1jnP4SErO0pJNQww9Wwsw&downloadAs=Google Chrome Setup.exe&fallback_url=http://www.downloadfree4.com/landers/.../download.php

http://www.flashuniverseranch.com/c?x=D9lHvCXMw7Rw7WABR1lA5oNsWxudzMzslndpJSaOg2s=&c=K8z4 5iHwzn2AF5wyQ DASVd4l seKSa6FjnASy 71il2s7FY6MndK98aHpRZno4msxt79So3SRS8Hj/YEQrfEynKGqxbS8J93uke mOL9qDlwD8VtFKsrb0x8 6v3JT&downloadAs=Google Chrome Setup.exe&fallback_url=http://www.downloadfree4.com/landers/.../download.php

http://www.flashuniverseranch.com/c?x=0PY HpvvPohu1 fUwgH2HxGJAuJ/612Tryk5kgaSmC8=&c=8I2fFcRdefcGZxCEdCTEkIlwOpSb/vop519sFInhKX21nLlNUmrZ3zYMYvEK/DnObQAdN3QoiT6sKVGDYc4f3TXa cYKenrO33dG9M5gtviNlp5Imemwcf1m0UdSK4Ca&downloadAs=Google Chrome Setup.exe&fallback_url=http://www.downloadfree4.com/landers/.../download.php

http://www.flashuniverseranch.com/c?x=vvebqVGddAfniicv8YQtJDIkUZSsFyrweWT1Xm /lsM=&c=2nBXYJTqGuhw0rdCkjKFJAfjVdlSWnFR/GU9qp0wi1le1Kh8dHpa1H3Ri0lvuV5e39hrQVxqo2cEKww54c/nSI55mOQXzqBGAJGDxFMb6EfJ7GNT8cYr04ueAU 8SOmw&downloadAs=Google Chrome Setup.exe&fallback_url=http://www.downloadfree4.com/landers/.../download.php

http://www.flashuniverseranch.com/c?x=DeMuDTWgWKIYYTfhNYYNe4mUCoa7gmM/IaILNFpp/zI=&c=x9/FdWnztOifGGp BbM/n4eDjbMRjAEuU5d0FQJeQGBMv3tvUBrDNW/ioliKXWOIla/1n lTXP799QkhYbpumWeT8UTZz5EDxp5RIQkiBA2nvaqe9f n AUQMs4FUMRN&downloadAs=Google Chrome Setup.exe&fallback_url=http://www.downloadfree4.com/landers/.../download.php

http://www.flashuniverseranch.com/c?x=ykG2P8p6uvuz vZ93wYydFFmeyEKjBCiAunNr0skywo=&c=VotBqTSWZaqt9IpIG4S3ixgCPVXe2Tl8VPcMdXbSqaB2OEFeCrJ66/fW9RWOttGzU0/ZRNdwnR/hP72hum2dD/ZWbY SgnjoUkATrSNdwicjLtm4oDNgDEMh7acX/TPT&downloadAs=Google Chrome Setup.exe&fallback_url=http://www.downloadfree4.com/landers/.../download.php

http://www.flashuniverseranch.com/c?x=I6bX73nLmtLoQ4S0tIZqdwuhpedulcgkwqMl1k 8hBg=&c=HVrAe9OtndRcUhANjJfCGnOEEBjTXPVUDKmB9cA656DltF7xYujYFgwqxJLJTznyoIT7chNMSicpfFfim cR6A2OFLLQuuqefYemd Cf4o89Ky1bLtERsVYaMWed5yzh&downloadAs=Google Chrome Setup.exe&fallback_url=http://www.downloadfree4.com/landers/.../download.php

http://www.flashuniverseranch.com/c?x=GD749kVWXah69/h/9j7ybfuRterI3WaNV/4TVBb3K4A=&c=0mCLhDDsz9jrjGX8lXQIEbEuUhlMoBgtpmW62AW3qQccH07bqCaGZHs4s8qjhcy11P4tMcU36jPp1SJKRB338bXaP8Sim2bqaEgbqyb3c3ivq4GSRNvsBjvuhOI15JNI&downloadAs=Google Chrome Setup.exe&fallback_url=http://www.downloadfree4.com/landers/.../download.php

http://www.flashuniverseranch.com/c?x=YPndcPkJXX4ot6Nc7 Ge6vXJVgqToVohmY8kBnyJSok=&c=8bJbO8cNy31j2IpD tTu RzFlqr5SV8Q4vpiEDXdJF5MwI5NmEV1onOr032FedYx0OwnvJ8m M/fn0SF2d/x4SGLep3ZwnKXFAbf38OVTvRAs5Y3hXEIsj67tx3W wDA&downloadAs=Google Chrome Setup.exe&fallback_url=http://www.downloadfree4.com/landers/.../download.php

http://www.flashuniverseranch.com/c?x=0fMw6BWJOBUoPx2p1NqsloY e9eRBkHRZfCy5I6i35I=&c=4VQzuHR6 njt7r9bzMwtFnMC38tVUL/nAvQSRHz/G3DalH2Quj5wZB4mjNs9R EYbVxFwkRFkelZYubDiz9EV3Oe/3/3/KM/suq5c2gm7FGV7FOrP3aOEVNm8agSwg4o&downloadAs=Google Chrome Setup.exe&fallback_url=http://www.downloadfree4.com/landers/.../download.php

http://www.flashuniverseranch.com/c?x=tnUyC/9Rv5D6reooHSiAbpZggRI37wLds 2MzBPSmQE=&c=DO4nIng6nGaw9MWWc8s9pZ949BBL/gMd0TJ1N AuZpi89C7NT0UqPTHSa7X43ADVrMWTEoXzpEPUc8JjOwHpDl6zrxgbgZuFwRk 0dtOHAbUeV/niLmJ98ztaZcUqeK2&downloadAs=Google Chrome Setup.exe&fallback_url=http://www.downloadfree4.com/landers/.../download.php

http://www.flashuniverseranch.com/c?x=0eL0DA1xmicquwzSYA4GYl4DG/h7w/CVtSCKSWqJGIA=&c=yTtS2XMsU1/7UBUcMPh TFSA4YkH0cmbTLirYMlLQrbHavzpswtWBZyILbvEjKEsyLVvpXddHxEj3VeC3TpObuPukiCnuXL144xwhYhwO9XdeEXmuZRSVl6eJ0FRRWY6&downloadAs=Google Chrome Setup.exe&fallback_url=http://www.downloadfree4.com/landers/.../download.php

http://www.flashuniverseranch.com/c?x=gofrZc7dLNofI7yYBhxP3gzTpyO204EWI1EdIO 5q4k=&c=/sp21IJCXwsdLktvyE Flq7sR5Ds2xj3HGLpb3Kiw4PLVJL3LwEwDS1Cqaj1eIoXRpri/dcq2EaLSv6IWVkjLUg3zVCcSarwGTZahMacm3KkNsTM08Em86Yi5sV4aVzZ&downloadAs=Google Chrome Setup.exe&fallback_url=http://www.downloadfree4.com/landers/.../download.php

http://www.flashuniverseranch.com/c?x=wlneBoP2EfcI3bI8On74dtnuxHMQfaDvaNpwVar OaI=&c=klDb0kbxxj1 Ui6kQKqpTC 2UBgtyiGKSyVXHL0gDJx3lOfwPN22hP2epQUVHsN7bbNVNYiQUl0NC1yfHhOK9VXaIQUPZbsnBJK ZSKS1uIjyH7CmRj3i5Dc/FgdrjP&downloadAs=Google Chrome Setup.exe&fallback_url=http://www.downloadfree4.com/landers/.../download.php

http://www.flashuniverseranch.com/c?x=TDTorW/BHg8 CnZvjF GkqHzGwm tZEGuxCJMl5HkY0=&c= dd9MuQL7Zzpbr0vRK2zJ7WwfxIa/foCFMEaEUvm/cQ5Ihli/8Zn84hI4JlA0fMp/HHYf3Rs0WHW50cUDDRieFnMD4EaX/qnJgijx7cKUbCBY9fvAbTIRooXoM7Wh8Le&downloadAs=Google Chrome Setup.exe&fallback_url=http://www.downloadfree4.com/landers/.../download.php

http://www.flashuniverseranch.com/c?x=oypvMLEeKYBPOWkXTHoU31tjEOPO4sfq7AezssPZNTg=&c=jI4TSvlhA1UvLzsvUxwz1sihPTMJI94 c/PBFjM2pcexx0HHdHiyfqMnA7xAaU6oTb7fRn0DLcBipdzwUMROYZqff7bfIs5mzkImlMt4amGwPztOpKu83gCe5zefL0oU&downloadAs=Google Chrome Setup.exe&fallback_url=http://www.downloadfree4.com/landers/.../download.php

http://www.flashuniverseranch.com/c?x=/iRTupB9tQhWGiuzVxrgHtWoyAdX1RDcFpQyPe7KJ5A=&c=jZ7sGDRlgRWYfOc1FR4guBl0wH7DLuJIkkQuJcqgWu1di5fPz6BnCA3JCSJS0YZKqVOHktCZ4vazZvTEgU07RAgOuXSsGkuvKpj3P9pUkMEKB0zK7DmvpRkzjRqMVQjg&downloadAs=Google Chrome Setup.exe&fallback_url=http://www.downloadfree4.com/landers/.../download.php

Remove c.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.