divertida mente bdrip avi dual audio rmvb dublado.exe

App Software

Dove Max (Fried Cookie Ltd.)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application divertida mente bdrip avi dual audio rmvb dublado.exe, “App Software Setup ” by Dove Max (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
App Generic installer   (signed by Dove Max (Fried Cookie Ltd.))

Product:
App Software

Description:
App Software Setup

Version:
3.4.1.0

MD5:
a96bddb35b8bca2e79000c577b5c3de4

SHA-1:
fafd4609a1d93b55ca629ee9f3b3012ca9f2d391

SHA-256:
a801ce2be95bca059653ad8b79d38f4a67ba7862f91b729f31f6069cad9090b5

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/6/2024 12:57:44 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.Installer.Installer (M)
16.2.20.3

File size:
906.8 KB (928,608 bytes)

Product version:
2.0

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\divertida mente bdrip avi dual audio rmvb dublado.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 11:33:00 AM

Valid to:
7/24/2016 12:27:26 PM

Subject:
CN=Dove Max (Fried Cookie Ltd.), O=Dove Max (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121CE9583D2CC8D85A6A453411F33888A7F

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:oR/ySeSdfBlJcDrPq7QAQbpEULTeuh4nhUq6vKo:oRaJSdfDJcDzv7bpEPuUhZbo

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file divertida mente bdrip avi dual audio rmvb dublado.exe has been seen being distributed by the following URL.