home

drivereasy-4-7-9-32077-32-bits.exe

Swift Funnel (Fried Cookie Ltd.)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application drivereasy-4-7-9-32077-32-bits.exe by Swift Funnel (Fried Cookie) has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from d.baixakifiles2.com and multiple other hosts.
Publisher:
Swift Funnel (Fried Cookie Ltd.)  (signed and verified)

MD5:
79b592681656fa176e37698021cc25aa

SHA-1:
f77c17da24fa3fd4735b1b2664eca34440cf6f7f

SHA-256:
caf5fc62f19e8529c8d4f4a3670cdabf05776161bf7e3db73142aafccb0a5403

Scanner detections:
7 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
1/14/2025 2:09:39 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/InstallCore.Gen7
7.11.184.224

ESET NOD32
Win32/InstallCore.RO (variant)
8.10714

K7 AntiVirus
Trojan
13.185.13993

Malwarebytes
PUP.Optional.FriedCookie
v2014.11.12.04

McAfee
Artemis!79B592681656
5600.6948

Qihoo 360 Security
Win32/Virus.Adware.94c
1.0.0.1015

Sophos
Generic PUA PH
4.98

File size:
698.9 KB (715,672 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\drivereasy-4-7-9-32077-32-bits.exe

Digital Signature
Signed by:
Swift Funnel (Fried Cookie Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
11/4/2014 3:05:02 PM

Valid to:
11/5/2015 3:05:02 PM

Subject:
CN=Swift Funnel (Fried Cookie Ltd.), O=Swift Funnel (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11219222B1C3CFE5BB71BCB5117BC2A44FC6

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:0T2aBIZBhDJLKc7NlZ2llDPkRZ1PZZrspGqNUHUBxvrQkgEm/XFjwHXwAbd2yZR0:0T2YIlw2yDMRdZrxqNyUB5rQkklwHvbK

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file drivereasy-4-7-9-32077-32-bits.exe has been seen being distributed by the following 6 URLs.

http://d.baixakifiles2.com/?ic_user_id=254&data=sJ8EhlhTKgVCQMWEyzQkHIa23Uas/wfWGZ/EXdX16M PQisTfO27f8mBjflFTFcrwPcpymP 9ecRoKRBxoZfMuMXtt3CVqydC7GdSlVI87F9b0ZRPm/yzKl3GuBxzfPxjqnIWZ2Y0Xx1v qQls/JVQZSE8soY ObyLmwY2Cn5lH/ sWXy9jDdg5TtD3q1pwl8S3/JShJPc2/Mm0VknL0lzj6VzqzFAIm6l19mmXXoK2q8CGdwlezYT2FSesjObnWhcRV30N2zIzPsHKM8M9nkUiybOcPeSy/o3WXB8MQhnu3bjuwc0MnykTD1cdiuVpWrhmeV9tPeLxny7hX7E1wFDCxzX7dEcN0zL7HG 12/57DsJ4dxiQqX96ycyOPNk4uG1iFw dBrGC9Jlp8l1u5yWTuKBSb4fJUo1 H30kM9HghSIs9PKeDtUTlwsSbR2NlkKTwsO0MCK duyMwkDNdb/KP66pUzFhU9HjbQypiMO8j6ufm u7aTyyb8Q3V7ryht5Ci3lJBNoyo2bc0duUpF/fQEQNWMNbraPVSOpP31ekIDDPH8OixKSA0py98lPJTLpKra/30gFafPCo1h15ffRfkegOdGCnIb5EHkGG8kc11sZ9aCLVfqRDSG33ShWzZZ8l7xxWKdhtuYTenGMEFPsvB0knxX3MlbOKie8/R/.../6MQ

http://d.baixakifiles2.com/?ic_user_id=254&data=oOb/n3oladToPVLg0vMIu Kcmwv5DvNn6pIxG1yEwhBa2lvbyDmkpWOooiwKj52w/z7CnQNYl 36ssSWoK5bdLfEUhEM78geuvgSFPxmf4hqdZKp9Fp4KMKE5xc8IBmSUO2ufCl0oYWAJJ1xiuOf2yNQwl4DSCyjmYSHdhiD vhlPvhMdtFlC4fH6/o3snzbfiQLmNE0ad513lYCmdjmsum0jRLXF0XwudInJamWQYfEYjZxgjMNDIZOxd0Sc6/san2 6Gp0Naff85i4HLDdor1 Cq1ye8wgH46rBDl4ywSCkPqM6G/UDozxwr4Ds0lvD/q2bjlcrHh88Km1vzrpWrqctNiGSvyMgsPbJOopFIMG97IsGvih35pgPkZlc4/UomwYJfLnNNvnWY5wPa5Z8S7WyGEzMKF/ZkiqFPQFaRLRrbYqhamwZ3m/aAEwTVjpW6p xDVqBhck2AhPRdGY0qEqs9XCUwIyjzCZJ1/.../UkRwa1NygiXmwILY1tpDS oMiVr8itN1hbXGkROc g3SyKcTiCjuLQkdWRj I043n EW PKlWSrLJ5y ojkM

http://d.baixakifiles2.com/?ic_user_id=254&data=P0FG5uaHCXB5ud51Rf1MiWtUV44nG9TM i7R0n5dJRyKgrlSYt8Lp A238gDYaZRwbvTloWS7lZ8gOt6k2jDIAFuker1Zofkkik/Hzp3uHRjIeFgu FtWoDOArRCdoN9XKKDmMLVULUoFmdpzn AATq65MUbTPohfduuqs9intrU7DqelYgT /7zXUN2dgJ6wLYU3ajHwwxxJTbI4qADI/sU1zWj/L99IaYdrFsSZFzO1sHKW6ug/A zWDLpW7HebTn0WAQ 9Mv80rvd6XLl7H7a ETxJX30b QKcW7lRNLZaZi9w6FW8hgjSfdR6ob5hoV7tcbiD4Y7OGFfchF/WrMuhVK4SDvRa/ksG6e8OqQvp7/vOJyOubQzb7lvAqzWuZpE1nKskuHQU1bnkQIith8RAIX3ykgfUi/4k8ESsXCGYd23CzT2RGl1QzEvFfvKQ6ICLXzaD9YM6ev65RX8NrAGcMEv9MLzkq0R1I5azL2bQ4nL1s8Yv74zwC k8VfE1pCF/ryLzXbVCVlQ mMnVbNqPPUrylmItOaYhe5e71jQUiHVFuAHODaF5S1LoALdFKn2nsQd1SMHO8lODBK7Q58TBdGlIBy/hgI js1 f7vhF7ZpbgTCmoAZ9P6YuBUqPPd3/lI/q5/SwqQ7w3tla3c1MnZKjXBh36W98H7A/iNCEU48jc/SW K2ime1X0GspLRCXji5QmmJZ0QYBIU8XEz0/Q2bATnnAcO9zpZ8agexWdhbbQTAYd7aRODh7qIf/tiz&key=m/r2hk9lOeQJcckgdu18WzZ0brt0j7pOTrE/vP4PYeN7JK cULxyA4wYFNwbzxfztXjA/zNeUBXzdejzH9T45RodgiFr5iRfNy6db4uxeL1A9uMEvWkCPYOUUs2kOYQSidUhVXuLL8Rby3hCQvXu/.../m26Qt7dcleARoX4A0z4pr

http://d.baixakifiles2.com/?ic_user_id=254&data=S3h95ZnoP2yxwK3y3B1AA2uDt te1ORNBsZ6ucS0rPWH5hUK/iTJjOdbbBtccLC/5M6 YNmmg9VJOy63JfJFA55LGU/SNrvS/bQ0FSIfrSVFMrpwO05bbweoOe /ogMsPS6kuwkpOYll7f Riujal9o1YdfnnDmiERbBDaxiR9oAvKivOxzFbhpwWusJJ/A8enEtwktwyRmq9Jpq/U/0PZUh6g5nul42AgD0o3XGxLPNpjVEixJt06QpJyDgPGL2aj8XsnCOpePysnKs17Dm0fxLe5XYzat/grSrH/B7OBZYamS8DQ8mWAW1CN4kzc3hfaYeupSmVFhGz0hbgG4rpPTEVf2xOiIzIrwk 49wRx8yEV8KpsEbAokYH0jrH3oqyx75eDboMlqSvuOPVqPCANdL7yMmErptDojnECyP R6HTpSvn4APS8T5ZcAP2cEGeaTW6bHtsslTT qz29sm/VsYl m XaRgrvWEaS9b11PAVHKpDS8TuiCT4157aa8MgatpnV32UiLtE1sex6SUH/l5CuJkVMsZpYW xun1ZoJWd200EeZt VVkvWJjy4UvfTNsJUkDTAT2Av7zhlPMj4B SkZZ42uq9 zl7WzEXVpf9/ Rl PhpXuB3/Zto3I7VR68B0cSfJhKu9G9rmkWEldzZpHi5aXxFvAv2Qpo3HMGATclNyTMiJaZw6LUyGPKVoysUkWLya/GMOz5gwCKbYExH8UWEHH/MqEH9hats72JywSs0z9zPapYMxxmCHxdmX &key=N6r8cn6xVdHMliLsxfEzC6raQQeRyxJPSnqOjjyX7Eh/DSd12l6qywz8m4QtNsqSUmqt8fYSqHDc pGEQHTYGvjo TNo9YKuywmpnRH622UaEF4kiztcXjGamE40ewQObQ/.../OMSFKEzdGLv 1nxdmR8 2jxMnOuEX

http://d.baixakifiles41.com/?ic_user_id=254&data=ieih3jHQgLUtteblZ0ULHZfbTFY2I2h0m2nsaVFzys55oOQ9XT9HH6QHMxJHs6WviPzdqg7h/Yqblm7RT689mZA05hiUnmkPOH1mQq/yHixVe1PbpicNZfO1LCJAf5Wx82rcDz1nJXA69YjsZ4n9scJhWIs0J8osJQ/wFd2PPXJs8vvtrL7F1GzA1TjIqskZYIut5r aKLa6VxgGLXMjtX/SHL1/EogLCCRbimEdb27/wcsZXnXqn35L2B7/gRHldUmCmcPMJ1TC9eRG/EKtSVC9mY6OqSOuzeX64SL6Uu9PYN046K5o8Jv98jXWvvd004ue3bbQJQ5RTsgtJLCOD1EPo2vzGF7 M9RjHxRBIksx3Q2drgHbm7Vx7qKvpps9fMqqYqi9vZ7Is5lZOZ6PG0lGk3SSa 2JhzdI4 rpgZ 1 vtsbI06UDN1h0Ng6mjzX5jVSjByJARq1mQ EZXZ1aF3hOaAy5lzZc KwLU2yxrlcia3KMg5RdQ2CzitfmOKziEgMTikl0Y7LmQmuwtL/YPYE7cVjnEAGX4aPtUD9awtaquexhTNkXSGDSAEW3peO0wn4iy4et8m8wbGW UO8GAz81C6zqu3jCYfyF3MwrUWPZgGWp5zlXrAJfGvMNy 4o1 VBd9WlY8Z0bJBrz9qf3CbiKUoDHdepAc0Ga0s/n4U4BEvstl26AN 1IEMWiFctcKOAOeLSjdcsuOcGNsZp8aJl4QH7VawFHoLavPhPpYT/4pUfMnl6rKFRuVOiKo hsi&key=Jmd6UiUntq9Z/.../vAjROLRp9Iabq6Iin27kywu6vATwSEnYfAaSTS lvqcOYnoq8E6BKRnRt dprGLZtRpALGgv9kU2 e3eIvmgnvCkWEuSA3smZcAZfIZe2Kjsr2NpBBpPnLIH UDc6 R

http://d.baixakifiles2.com/?ic_user_id=254&data=5pIR/YV1VEqclHvuu83PsQ3YWMUXeF9CVSACXEknLY5fv6EgpbqEIw2c fRk49h7qqODIPv6ZAStSVGwtyrwN3YBWLi2bmo9/c/j/Ch8h6XBczwg2V pxuigb4gti3zpgbEieFq8NFg9Za/KSKOqAb0P2uqtqlp4O6UYAYhf 463/IzCFIgHkS8DYZFSmi7czdDY15jTJ L7kO9kXvIVJ6NchBtYGjUwNJXB1qxQy9FJQfBMEEFO5b2o2cXb99H/oxG919sqRUKXd4iM3YCPcI1XMjV9cligNCdU57pHBvMJtaLOjag6r3IrgPn17Bk7AbrMRmq6G2a/ WYImzdaL NGDJqkyeBFWngCN4rdouXoGQpNM96F0nY1Mf30UXnIjwG6mofa5iyq0gvMc0IL9PkrgfRvXPXvHyvrH2UIYelcvZOiPNAsoKZJW8FhQPxEwah LqfIBhKL1FZ30KLuhB3yT8hC6SQnRbUFOL80uNssYu9OSHZBgxl xfPP9Tzi8g5o1h 7K0D0iVNfGDVbkZAgF7V/yoaRnyPUvfu2uvfsaCyVWgwCnZzuTSgk/lGzcMtiqi7zUETKhgHiy43ksJ34gS6QdTL4UHLN/dO7SrkCUiufF0YM9dxMgH04 2shkOikZCX2JcvL7fY KKkXOFuxHZr2Cytr/qkBSQfWjOpHp05apVVru83zbYGOvbqIvaS8j52Ejut37P7i4sIeS9GySSnw PDTl9lMMbYDHJL1/uSawAt6ZOKN0 elP kzGp21&key=m9RiJ80rX/4RZJ/.../Xe Z6jO

Remove drivereasy-4-7-9-32077-32-bits.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.