filezilla_3.11.0.1_win64-setup.exe

Web

Funnel Delivery (Fried Cookie Ltd.)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application filezilla_3.11.0.1_win64-setup.exe, “Web Setup ” by Funnel Delivery (Fried Cookie) has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Installer generic   (signed by Funnel Delivery (Fried Cookie Ltd.))

Product:
Web

Description:
Web Setup

MD5:
33159f44f8d6778023152461c8bed062

SHA-1:
72bafb213eddc3ca793d3852a9f80b6b23ad5fde

SHA-256:
cb18905f15947810613c1953bde9c661d4131196e30806f3565ecd1c292bb759

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/23/2024 10:38:52 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
PUA/InstallCore.6113
8.3.1.6

AVG
InstallCore
2017.0.2860

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.FriedCookie.CIRK
22274

Dr.Web
Trojan.InstallCore.152
9.0.1.019

ESET NOD32
Win32/InstallCore.ZD potentially unwanted application
10.7.0.302.0

G Data
Win32.Application.InstallCore.DI
16.1.25

K7 AntiVirus
Unwanted-Program
13.204.16076

Malwarebytes
v2016.01.19.08

Panda Antivirus
PUP/Multitoolbar
16.01.19.08

Reason Heuristics
PUP.InstallCore.Installer.Installer (M)
16.1.19.8

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
3.12.26.4

VIPRE Antivirus
Threat.4786018
40552

File size:
729.7 KB (747,216 bytes)

Product version:
3.8.2

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\filezilla_3.11.0.1_win64-setup.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
2/18/2015 9:25:47 AM

Valid to:
2/19/2016 9:25:47 AM

Subject:
CN=Funnel Delivery (Fried Cookie Ltd.), O=Funnel Delivery (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112133C6C5A75D20F1272672EC8E81301429

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:E8jp0Leyu8jpgt5z9Y4GGWkep8SsfPZs9JINVRtBULqBE6JMvEHrGW:E8jWLJu8dkH0ru1VRtBULEav6rX

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8655

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file filezilla_3.11.0.1_win64-setup.exe has been seen being distributed by the following URL.

Remove filezilla_3.11.0.1_win64-setup.exe - Powered by Reason Core Security