» f_001a22
Overview
Analysis
File Details
Downloads (22)

f_001a22

Hapoc

Delivery Superb (Fried Cookie Ltd.)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The file f_001a22, “Hapoc Setup ” by Delivery Superb (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

f_001a22

Publisher:

Delivery Superb (Fried Cookie Ltd.) (signed and verified)

Product:

Hapoc

Description:

Hapoc Setup

Version:

1.1.2.3

MD5:

e15348253a31818be546a64dd185d12e

SHA-1:

66c1840dcdd94658afe371a37b7165fbde945fca

SHA-256:

7002b93b68276d8fb89887ed02d4bda3d282beb5a930099ab6c1535d3831b788

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

9/29/2024 12:24:43 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.FC.Installer (M)

16.3.21.20

File size:

1 MB (1,076,448 bytes)

Product version:

3.1.0

program

Bundler/Installer:

installCore (using Inno Setup)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\temp\webkit\cache\f_001a22

Digital Signature

Signed by:

Delivery Superb (Fried Cookie Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

12/17/2015 12:59:53 PM

Valid to:

6/22/2016 4:54:14 PM

Subject:

CN=Delivery Superb (Fried Cookie Ltd.), O=Delivery Superb (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11211DDE033C8F24FD358ED7B6271AD4DE2B

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:srJ0sYhNlI+B8Q0j3SxuQVyQPGCBU8I3iSsc7tHv3o0bDMX:sNHyI+BKTQPnBUzV7hv3eX

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file f_001a22 has been seen being distributed by the following 22 URLs.

http://www.signbinariesfarm.com/c?x=2F7pQa g/FNNwAAeaTmvPeTImAtBrwXb9pkZhTKFM8A=&c=dDa22DJNcPGJrHvufrPbnqMdOr4lTx68pSbUPFxLIKujxqCGCb8ptMCXKF87v6vFR1FTMRinhGJ67lAMIzWwr2QJRDagReFAfsvCf6vWODLpXWKhN4EJNHRnqztvA6gI&fallback_url=http://bi.sciagnij.pl/.../0/Apache_OpenOffice_4.1.2_Win_x86_install_pl.exe&downloadAs=installer_Apache_OpenOffice_sciagnij.exe

http://www.signbinariesfarm.com/c?x=i5OLg/GQGiUk kBBslL t11lkwe IS2HqMCNWDNXA/0=&c=ahTdZeG2AE4c9Y68GM2gitEb33ULhIq2KD0qgYkxVy 00CIM/nt6droz6orRNq9l7c1OKTQwGhVLrYW MPvaW17BldWMSwVOgsAMs/5Foka7 76rLzs3DKUfqB/aQlgh&fallback_url=http://bi.sciagnij.pl/.../0/Apache_OpenOffice_4.1.2_Win_x86_install_pl.exe&downloadAs=installer_Apache_OpenOffice_sciagnij.exe

http://www.signbinariesfarm.com/c?x=6llaZaAVQpSVbZu1HE5 Hn8/Md8PA /wjy Ed8Gw5MU=&c=z2/J1dOZ9avWVynwsHC3VObP45SjcTNLLNdrXQWOJAWddLeZlrv48hE4MhnIFTGpJH0W op/FHjofmyRVnN8UUUln8pbCrmN6tP5cSpKPoAaQ8yPVGjOhSl55fpF6GaN&fallback_url=http://bi.sciagnij.pl/.../0/Apache_OpenOffice_4.1.2_Win_x86_install_pl.exe&downloadAs=installer_Apache_OpenOffice_sciagnij.exe

http://www.signbinariesfarm.com/c?x=uUQPgVvKEO9bIOEjzZuIdFGyGfB 3r1neMTH99BgTqw=&c=loGGKX qzuV6AjrndVUM1q57VQytanh6daug544Dp3OGQKtX0YPOr/FpXv6KJKMjY1PhO22OM d9QuxDM13XEkLpOewcFkC46A8cO3kXYnjYxrCCIjqGsNeKaGGKiZcb&fallback_url=http://bi.sciagnij.pl/.../0/Apache_OpenOffice_4.1.2_Win_x86_install_pl.exe&downloadAs=installer_Apache_OpenOffice_sciagnij.exe

http://www.signbinariesfarm.com/c?x=Pun7dwgcFanRIa7FQmpolaptGjZBpKeDt zBuyWZrN4=&c=UdgGVt5TZqAX9boPSY4Q0BTjPUm7GybCLpl27zgx57oCi7GMQWxSq53d7KPds4USiY9ofl3b2AXrLd2pIB0ACAEiyh2WDIZPdZsP4whVaj0mKxAdZsGDyO6hB/tMsdXL&fallback_url=http://bi.sciagnij.pl/.../0/Apache_OpenOffice_4.1.2_Win_x86_install_pl.exe&downloadAs=installer_Apache_OpenOffice_sciagnij.exe

http://www.signbinariesfarm.com/c?x=ShT1F1uClhsODT/HqJc/6XLYbDOGIpmQkBTs1PVpX74=&c=65vt18C1F2r5FVe6lU4hJDxKK oVIFW88r56eJQJOP2ufq81kqJiIEfmTFUc3ocedXG5ehLZ3G3 FSyg96tinSfFi4W6cUl1V/SB3paFn6Fh0aO3/wjAK5pr/V/2lu e&fallback_url=http://bi.sciagnij.pl/.../0/Apache_OpenOffice_4.1.2_Win_x86_install_pl.exe&downloadAs=installer_Apache_OpenOffice_sciagnij.exe

http://www.flashbesttowers.com/c?x=NNH/2my2/6MifGF2w4HSQ2ZLmBvOvRgF5UlRvHBtWig=&c=rQxQQO yV0IxdLAv4WQQyPVwG kbEIAsVW2kvWyj0v1qaB7XUjlc61XZvkO1z8NFFKJuLEioeDzbtPUT1oFme0dY 1Q9X9WSbo7A7H8DcFrxdeVOzL6bcB5V5PPH8S3F&fallback_url=http://bi.sciagnij.pl/.../0/Apache_OpenOffice_4.1.2_Win_x86_install_pl.exe&downloadAs=installer_Apache_OpenOffice_sciagnij.exe

http://www.signbinariesfarm.com/c?x=jAbCbliX7Vo9A3qA47PtACLHilK 0WBO/EymK6WiyI4=&c=UZhPdEzXeUFZnGMHQTOGrJrNGBm54IcOrOyanrIvA3xXNncpnMHx3gCu V46vPyXPiqgecaiVvAkRhXfyhut2ihT2WY1qdtjefwc8GBVoVe5dIz6XpfrekvQ38dwNza3&fallback_url=http://bi.sciagnij.pl/.../0/Apache_OpenOffice_4.1.2_Win_x86_install_pl.exe&downloadAs=installer_Apache_OpenOffice_sciagnij.exe

http://www.signbinariesfarm.com/c?x=v4WNoHAwvKjCEZjKo4MecKkmBiELbJEa0aj 3bvmwzM=&c=Qa5PSi/MK5mmz7xT7x7ZvVz7dWIm9meNbRcfx7Zp77g/oZQG5YyTUqqh6lp6nLVuBhv JwNBAgcK9J7 KcmimPs8EJ5JWVLWeEjR S5T0n6MskyKDAnzaaywymO8Y4fw&fallback_url=http://bi.sciagnij.pl/.../0/Apache_OpenOffice_4.1.2_Win_x86_install_pl.exe&downloadAs=installer_Apache_OpenOffice_sciagnij.exe

http://www.signbinariesfarm.com/c?x=GKKhpaOre9OxY88L8vIZb7tjLQYN2H KLCgWN1twizU=&c=2P8gD3z 6p5sY4dauNBmeZp80JxC5t/xWaPFi66raMb0o2V96It0a5MJX/NNGD /CkGHUKJA4FTBiDIevR h/3Aiqtm4Mtntz8XaJdrgpbEDCVznN4WZgTQsxZQpPCBH&fallback_url=http://bi.sciagnij.pl/.../0/Apache_OpenOffice_4.1.2_Win_x86_install_pl.exe&downloadAs=installer_Apache_OpenOffice_sciagnij.exe

http://www.signbinariesfarm.com/c?x=SyaiPMYGHtBSs3TQ0f2 nEdkynVf1UQ6MomCbhB9/pM=&c=0mz2g744nBTdmk8jCmz/TdsJaXKm7Pt3RJYqNNvNrTmTseZhs9K1LI6nE8ZViWijbTQKpoCSYkY/0yQrWwlRQngSCf5YopbRB8CRTCaVeIccvU0rAmzp77caHGpyAuIN&fallback_url=http://bi.sciagnij.pl/.../0/Apache_OpenOffice_4.1.2_Win_x86_install_pl.exe&downloadAs=installer_Apache_OpenOffice_sciagnij.exe

http://www.signbinariesfarm.com/c?x=8f/nALHwFs8SWZQ6sCGpz6pMfWMdaT99mpqhA0sYvOA=&c=l1VIcqd657cq1w4MhvXRoz0jj/teBc 7eJRGF3rrKSMsvxPRPx0vN8czOGZ30ce8nslqzXjPvQeete24o87md0iMKu1Oe8CqisoEgr9eY35tHEp7aBzWdCkQgwJYqeoe&fallback_url=http://bi.sciagnij.pl/.../0/Apache_OpenOffice_4.1.2_Win_x86_install_pl.exe&downloadAs=installer_Apache_OpenOffice_sciagnij.exe

http://www.signbinariesfarm.com/c?x=46b95 l7GE7P72V1WDg8SHEyYEKRahLMrIWlt6z6ghA=&c=VXpltDfhWhR9uwjzjV8TohX3zZQryvkHRVxQ93VM3NrMdn363kmWFlej3Scdi7oBLCwmgwce8idJNkvbiF1ymULhQ6Ge5jC6dLyiPGYD8tUcDXaryQocyin2uIt8VGn1&fallback_url=http://bi.sciagnij.pl/.../0/Apache_OpenOffice_4.1.2_Win_x86_install_pl.exe&downloadAs=installer_Apache_OpenOffice_sciagnij.exe

http://www.signbinariesfarm.com/c?x=0EjNGUEnzpWOnkcGAuLxarPnlF9ctWdEKWK1I/8PiSs=&c=hX31 BhbZoA1vuM0t9QAe/DgJ0gm4v/2cjhWRuLX2NyRES5xz1aa4bKHc05xzvySopbFqyMky1klaxUVRUS1xv/Fnm UH8wJUJ/b8c24YCnCbtUaTkO/xs9xANdU7GT6&fallback_url=http://bi.sciagnij.pl/.../0/Apache_OpenOffice_4.1.2_Win_x86_install_pl.exe&downloadAs=installer_Apache_OpenOffice_sciagnij.exe

http://www.signbinariesfarm.com/c?x=3KkgQiKF4ng8cuAVO5Aj30UcLfu0yeFB0dtczQzR2rQ=&c=W ctF/WmFh3OKltqSQzM3LRqW9foOIwSApjyGAhvwZB25M9S6ABFPnJWLwEin0AF076dWJnAjR4l5YvIZlNGLc/flDbexL2tlUE1q SM5Vayhc46 3EGAJfQ1qym6WS/&fallback_url=http://bi.sciagnij.pl/.../0/Apache_OpenOffice_4.1.2_Win_x86_install_pl.exe&downloadAs=installer_Apache_OpenOffice_sciagnij.exe

http://www.signbinariesfarm.com/c?x=lJr4w7otwI4oq/KVuYWCmLz8kAX1H8aOEHtodfrFoGI=&c=ZaElOKdaB8XLD4FRwmTbDrvdcR M7eFNkjxtqiylRbFwoCYl1wi d0cIPeRUFNmhK22GUoY4cC7iPPx57nEnaH4NqigmK/PKhpshdDeCv7Ai4HOkiZ9RRrf0F1iPfnIU&fallback_url=http://bi.sciagnij.pl/.../0/Apache_OpenOffice_4.1.2_Win_x86_install_pl.exe&downloadAs=installer_Apache_OpenOffice_sciagnij.exe

http://www.signbinariesfarm.com/c?x=KRJoJMYPlMFSdPryPLTDAuqsZBN4ir/Tug6I5gz1zVA=&c=MC4jro3K9C03ZM8skzO0HQjskA4mdE4cDdWR/uiuc68RBC6yiUVvf7 /azFKvYQPvCK9rfwJOvEnUVhKzfhH0SrEnYVaPaqEsDQtp0YJ3hKLpBTo4HoDK3iQ9piJmjnH&fallback_url=http://bi.sciagnij.pl/.../0/Apache_OpenOffice_4.1.2_Win_x86_install_pl.exe&downloadAs=installer_Apache_OpenOffice_sciagnij.exe

http://www.signbinariesfarm.com/c?x=j Uo3Niorl1v7bT rQ1 MXCvaBrWv4zDvMOUSbDK Ug=&c=vJEt7pRA4JdPlT4fTdyXag6/APT06nVkEFw230 K9GwgNZ8OtHhQO8OPBKQ0K8 LgBYDrb jJ2WU5pUmbbW60EdI3aPqlSBKyG9rEw2VClB8ZhVQ1D3zCzbmnNcHe 75&fallback_url=http://bi.sciagnij.pl/.../0/Apache_OpenOffice_4.1.2_Win_x86_install_pl.exe&downloadAs=installer_Apache_OpenOffice_sciagnij.exe

http://www.signbinariesfarm.com/c?x=IOfsNI2og42nJlnDW9BBrDtWVJlm9t8 YcAuubQ11HQ=&c=4YvAoo8KyUE5juOhTC3nI/1aoFoQ7KpkBBIqHRHclO81u0W CzOlv3wPjKKR mbdSucRh1Id cgDr/hy6vfHoKKPvSP46j Wv0NbAs S3fDbwzuE9EVV5h6hA6mmew &fallback_url=http://bi.sciagnij.pl/.../0/Apache_OpenOffice_4.1.2_Win_x86_install_pl.exe&downloadAs=installer_Apache_OpenOffice_sciagnij.exe

http://www.signbinariesfarm.com/c?x=MyO3FmQpLn 7tPY Dx5svaCp3YHxejaT0RHsiY7Q7Jk=&c=fUngQIQQAEX9KGbKjMx7fDmU59g7QYxkvLlzDmm6LjwWsjt56K4vdaWkdtozd2TtAT6lx2GcoKERNsaDAXHuauuvenyFwneJufMPBEb4RUJFWyLAp3xpFhQqX txQYah&fallback_url=http://bi.sciagnij.pl/.../0/Apache_OpenOffice_4.1.2_Win_x86_install_pl.exe&downloadAs=installer_Apache_OpenOffice_sciagnij.exe

http://www.signbinariesfarm.com/c?x=mAOdIppcWM/IGLr6R5ytrmrDccKEBKkEcOuF4CaT9G0=&c=iDIa2m8pFpGhnecJLGcZ5qKsAp0JgXi8TG6vcnTdVlwf4j6ET9EEMClXZAfUrKijKerC RhJMOzrVxjGr/4o55oiXYm9XWnqQ5Dm7rHc9v6/Dj/ToJVbW3VLtG9rfmfV&fallback_url=http://bi.sciagnij.pl/.../0/Apache_OpenOffice_4.1.2_Win_x86_install_pl.exe&downloadAs=installer_Apache_OpenOffice_sciagnij.exe

http://www.signbinariesfarm.com/c?x=hUJi0xEN620b/mIQn0OxhbroFrn5AOoiZw0Cv 4 FCg=&c=DbYe0PBV5YpHOapNgnsFr/Z5nWC4el9HXXD1JVU69bFCnMwh1RdLl4No9hQHlD sLpjo5gZgCY4YE6rCIi8xwU8mNxVqUAn /9JTLZpu6SUZOnjIjllvsQAH/WtXm21f&fallback_url=http://bi.sciagnij.pl/.../0/Apache_OpenOffice_4.1.2_Win_x86_install_pl.exe&downloadAs=installer_Apache_OpenOffice_sciagnij.exe

Remove f_001a22 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.