home

free-audio-cd-to-mp3-converter-48820-dp.exe

Bab

Mode Beta (Fried Cookie Ltd)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application free-audio-cd-to-mp3-converter-48820-dp.exe, “Bab Setup ” by Mode Beta (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Mode Beta (Fried Cookie Ltd)  (signed and verified)

Product:
Bab

Description:
Bab Setup

Version:
1.6.2.1

MD5:
709ced8e37f4bbc7c2d3b8721f4965a1

SHA-1:
b56b546ab495bbd086e347e00188918f815574b7

SHA-256:
a062a0926c73da4bfc0c424431e1183f2bf9a046154b00ae539cc2df477bbbe3

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/15/2024 11:10:55 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.FC.Installer (M)
16.5.5.18

File size:
951.2 KB (974,072 bytes)

Product version:
1.5.2

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\free-audio-cd-to-mp3-converter-48820-dp.exe

Digital Signature
Signed by:
Mode Beta (Fried Cookie Ltd)

Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 2:37:06 PM

Valid to:
7/7/2016 6:06:18 PM

Subject:
CN=Mode Beta (Fried Cookie Ltd), O=Mode Beta (Fried Cookie Ltd), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112172B4C29D53526C8AFAEF1C4F6265E881

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:fvp7y5I5PpEla6JVWwIar2hfWz21GkqfQT7L7/bpoQOGZ/u:Xx8culbVzIaKhc2gkqfQTz99Z/u

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file free-audio-cd-to-mp3-converter-48820-dp.exe has been seen being distributed by the following 11 URLs.

http://www.tourcontentdownloads.com/WVl6OTRQV1ZhWlNVeVFubEVWR1U0U0ZkMU5FSkZiakowWldoQmVYSm9SM2RQV25WMmFHNDVSazQxU0d4b2VGZDZkeVV6UkNaalBYbEtabkJqZDJoTGRFRllZakJrT0hBd2NtSXpjRXd5TWt4eFJrVlhWV3RTZEZaNWFtUkZVeVV5UW10V1RHc3hNbm8zYzFkRVVIUnZWazV5UjJaaWNsWTFNR05zYm1acU0yWkdja2x1VURsRWVFNWxKVEpDVmxKUWNXTTNOWEZOYVhBbE1rSnNUVnBXUW5CaFdraHRSblpSVmxsa2VtdDVWeVV5UmtsMU4xUkhSMEUzUW0xRWVEbDRSa3hHYm5WSFkzQmhWalZtZEcxa2NEUmFVRXRSSlRORUpUTkVKbVU5TUNabVlXeHNZbUZqYTE5MWNtdzlhSFIwY0NVellTVXlaaVV5Wm5OMGIzSmhaMlV1Wkc5aWNtVndjbTluY21GdGVTNXdiQ1V5Wm0xMWJIUnBiV1ZrYVdFbE1tWkdjbVZsUVhWa2FXOURSRlJ2VFZBelEyOXVkbVZ5ZEdWeUtHUnZZbkpsY0hKdlozSmhiWGt1Y0d3cExtVjRaU1prYjNkdWJHOWhaRUZ6UFVaeVpXVXRRWFZrYVc4dFEwUXRkRzh0VFZBekxVTnZiblpsY25SbGNpMDBPRGd5TUMxa2NDNWxlR1U9

http://www.tourcontentdownloads.com/WVl6OTRQWGhVVFRSMVJVeHRTVGg2UkZBd05XNDRWRWRwSlRKR09WSlFaalZLSlRKQ1VuVnhNemhRSlRKR2NTVXlSbW8yVlZSSU9DVXpSQ1pqUFVaM2FFVlpTMUZXUzJjMmVYRkxWMnh6U3pSRVlWUlFTR2hNTTJSVmJtRTNkalkzUzB4cE5qZ2xNa1pEYTB0U2VpVXlRbFozWld4MVRHbzBiVzVqVVhsMFkxSlpZbkYxZEZGWlowTTRVRzR6ZURWS1VWbFhaWGM1ZUNVeVJtbDRaa3BNYTIxYVVXaHVZVnBYY1dSd1ZuRWxNa1kwTkVnMk1IbFlXRE5UVDB4elpVcFNVMFF3ZUZSM2JUSnpjM1ExYkRJMlV6RmlZa3gyYWlVeVFreFpVbEVsTTBRbE0wUW1aVDB3Sm1aaGJHeGlZV05yWDNWeWJEMW9kSFJ3SlROaEpUSm1KVEptYzNSdmNtRm5aUzVrYjJKeVpYQnliMmR5WVcxNUxuQnNKVEptYlhWc2RHbHRaV1JwWVNVeVprWnlaV1ZCZFdScGIwTkVWRzlOVURORGIyNTJaWEowWlhJb1pHOWljbVZ3Y205bmNtRnRlUzV3YkNrdVpYaGxKbVJ2ZDI1c2IyRmtRWE05Um5KbFpTMUJkV1JwYnkxRFJDMTBieTFOVURNdFEyOXVkbVZ5ZEdWeUxUUTRPREl3TFdSd0xtVjRaUT09

http://www.townbitsquick.com/WVl6OTRQVnBDU1hOVWNEZFpiVFJHTUhKcVpIVlVhMUY2ZVc1eE9WRkxVbEl6U0hScWFVaExVR3huVDFWMU0xRWxNMFFtWXoxRWIyWkJPVWhKY1c1bVNXMTBjSEZTYlVSTldFMXhUelJRSlRKQ1lXRk9lbVE1Y1VVMVNIbHhiMnR3WWpaMVp6SjVjVmxTVkRCSVVTVXlRbXgxWW1WWWFrVXpVazk0U2xaR1JuUnZPRTgxTWxoTFJsQkhZemM0YW5oeFlXWndhWG80V0cxS2MwTWxNa0p5YTFKdGNqUlJZMGh0U0U1Vk5IcGxjM1o1Y2lVeVJrUlFVV1pPTUZaTGRtRkNSV2t3VTJWM2RVRk9jM1ZyVUdaU05WYzJaeVV6UkNVelJDWmxQVEFtWm1Gc2JHSmhZMnRmZFhKc1BXaDBkSEFsTTJFbE1tWWxNbVp6ZEc5eVlXZGxMbVJ2WW5KbGNISnZaM0poYlhrdWNHd2xNbVp0ZFd4MGFXMWxaR2xoSlRKbVJuSmxaVUYxWkdsdlEwUlViMDFRTTBOdmJuWmxjblJsY2loa2IySnlaWEJ5YjJkeVlXMTVMbkJzS1M1bGVHVW1aRzkzYm14dllXUkJjejFHY21WbExVRjFaR2x2TFVORUxYUnZMVTFRTXkxRGIyNTJaWEowWlhJdE5EZzRNakF0WkhBdVpYaGw=

http://www.tourcontentdownloads.com/WVl6OTRQVVpSZVVkbGRtVWxNa1pOSlRKR1kzRmhNRGt3TjFwRFUyaHZWMmRSZDFadFNWazNOV0k0VTBSdE9UazFaR0k0SlRORUptTTlXVE51T1VwbFVISmtOa2h4VVd4UE0yMW9aVGxQVEVWclRFNHhXamgyYnpCQlprRmhTMGxsVTJwVFVYTlhkVmRRWjAwemJGZE9lVUZsV0UxaVMzSjZiMmh3VEdaRGNHdHJkMnRUVW5GVU1GbEhXSEpIVTBwdWVWQjVPR2xhZVdGMGNua3hiMlJoY3pablYxUjZWVEZKTnpBMWJFNGxNa1p2VkVFMWFGbzJlREF5Tkd3d1MyRlhibm96YzNodWJsVktTVmwwTWxSMVlXY2xNMFFsTTBRbVpUMHdKbVpoYkd4aVlXTnJYM1Z5YkQxb2RIUndKVE5oSlRKbUpUSm1jM1J2Y21GblpTNWtiMkp5WlhCeWIyZHlZVzE1TG5Cc0pUSm1iWFZzZEdsdFpXUnBZU1V5WmtaeVpXVkJkV1JwYjBORVZHOU5VRE5EYjI1MlpYSjBaWElvWkc5aWNtVndjbTluY21GdGVTNXdiQ2t1WlhobEptUnZkMjVzYjJGa1FYTTlSbkpsWlMxQmRXUnBieTFEUkMxMGJ5MU5VRE10UTI5dWRtVnlkR1Z5TFRRNE9ESXdMV1J3TG1WNFpRPT0=

http://www.sendtodaychuckle.com/WVl6OTRQVlUzT0d0clkxb3piMnRwY1U1dFJtdE5iVzlaT1hwamVFRjNNRGxpU1RGVGFTVXlSa2w1T1VZeVRFTlVUU1V6UkNaalBWRmtVa2RMTUU1UE1UaGthRWhxWVVJNWMySldkemhLYVdodVZtaG1ka1ZtZDFsbFZUTnlTRzFYTlVWRVIyMUVValpHV1hOSE5HNVJhbVJFZUd0UU9EUndZVlIySlRKQ1kzQnlRVTQ0WjFCemVEaFlUazlQUjIxamNFdGhVa0Y2V214SVZsUXplRTQ1YTB0aU9UQXpUVEF5V0hBNVdqQjFjM2hDUzNvelFsaDRPWFV5TVNVeVJuWjJlRzVPVkRaeWVXcENhVzh5TkZGQlMxRWxNMFFsTTBRbVpUMHdKbVpoYkd4aVlXTnJYM1Z5YkQxb2RIUndKVE5oSlRKbUpUSm1jM1J2Y21GblpTNWtiMkp5WlhCeWIyZHlZVzE1TG5Cc0pUSm1iWFZzZEdsdFpXUnBZU1V5WmtaeVpXVkJkV1JwYjBORVZHOU5VRE5EYjI1MlpYSjBaWElvWkc5aWNtVndjbTluY21GdGVTNXdiQ2t1WlhobEptUnZkMjVzYjJGa1FYTTlSbkpsWlMxQmRXUnBieTFEUkMxMGJ5MU5VRE10UTI5dWRtVnlkR1Z5TFRRNE9ESXdMV1J3TG1WNFpRPT0=

http://www.dlchuckledl.com/WVl6OTRQWFpFUzFkbWFGWjJiamdsTWtKclpGRnpkSE5wTWtoalJrOWhOVUZKYkVaUFRXZFdUelpqVVhsbFN6Qm9UU1V6UkNaalBYbHNhRE5PY0RBMGVVdzFNelpDZGlVeVFuYzVUVEpuVVRGQ01IcHpNa3hEYUhKNFRVNUNiWE5VT1hnMUpUSkdUMnRhYkVKSWJEaDBSM1prT1hGRldXdFNTREpaVEhocVQyaGhWazFyU2tsd04wOXpTRkZSWkhWemNuZFpXazlvVTJoaldFeENkWGQxTnpCVk9IcENkVTkwYmtwWmRuaE5TSGRoVWxadWRIQm9KVEpHVTFkSE9UUndjV3hJVW5Nd2Rta3dhbGxOYW1vNVZrWTFVU1V6UkNVelJDWmxQVEFtWm1Gc2JHSmhZMnRmZFhKc1BXaDBkSEFsTTJFbE1tWWxNbVp6ZEc5eVlXZGxMbVJ2WW5KbGNISnZaM0poYlhrdWNHd2xNbVp0ZFd4MGFXMWxaR2xoSlRKbVJuSmxaVUYxWkdsdlEwUlViMDFRTTBOdmJuWmxjblJsY2loa2IySnlaWEJ5YjJkeVlXMTVMbkJzS1M1bGVHVW1aRzkzYm14dllXUkJjejFHY21WbExVRjFaR2x2TFVORUxYUnZMVTFRTXkxRGIyNTJaWEowWlhJdE5EZzRNakF0WkhBdVpYaGw=

http://www.bundlebesthost.com/WVl6OTRQVUpMU0RkSlpqbE9ZME5tYTFSV1psSndWbTFxY0NVeVJuVTJiaVV5UW5kQmFsaHBWSFVsTWtaalUwSm1UbmM0UWtrbE0wUW1ZejF5WkZFd1YxQWxNa1o2VkRKV2VFVTRVbWR6Wmt4RVlraDFPWEU1SlRKQ1pteEhaRmh2ZGxoNlNFTmtKVEpDTkc1RmREUnphMFF5U0VOMGFFWTJUU1V5UmpGdGVFSlZhRUkyU1RFNFlVOXVSRWR5WWxBbE1rSjFkRUZ6Um5wNFJuTmthVFppWVZGVWRGZE1UMU1sTWtacWQwaFNNeVV5UWxOdE9WbFhKVEpHVlhwVE5tdERSVVZSY2pJNFFrSjZTMjEzZFhwdmNXNHpja3hHSlRKR1RpVXlRa2hKTXpOWlFsaDNkeVV6UkNVelJDWmxQVEFtWm1Gc2JHSmhZMnRmZFhKc1BXaDBkSEFsTTJFbE1tWWxNbVp6ZEc5eVlXZGxMbVJ2WW5KbGNISnZaM0poYlhrdWNHd2xNbVp0ZFd4MGFXMWxaR2xoSlRKbVJuSmxaVUYxWkdsdlEwUlViMDFRTTBOdmJuWmxjblJsY2loa2IySnlaWEJ5YjJkeVlXMTVMbkJzS1M1bGVHVW1aRzkzYm14dllXUkJjejFHY21WbExVRjFaR2x2TFVORUxYUnZMVTFRTXkxRGIyNTJaWEowWlhJdE5EZzRNakF0WkhBdVpYaGw=

http://www.headheartvault.com/WVl6OTRQVmx2V20xTlZESktNMFIzZWxFMFNGaHJXbkpIVjNaaVkzVkhNekY2Y1VsclpXVnliV05OUjJkcU5VVWxNMFFtWXowM1pEQkxjSEJwYVROV01WQkVhMFYzYm5sUWFrRm5WMVZJTWxOeFVDVXlRbkp2YUV4clltSnRSM1pDVkhaelVEQlFWR2wyTlZSU1QxQm5hV05aZGxWNU1uQmxObWw2Y0dvNFJEZEtTWFZ2YkdZME1sQTNSR04yZWxkbWEwVkRSSGRtY2xOc2F6WjRha1J4Y0VNbE1rSkhNRTVFUWtac2FFcElNSFpJVGpGR1puQmFSRU55WkV0Rk1FNXVibFYyZURKT2FXZDZZMDFSTlZKM0pUTkVKVE5FSm1VOU1DWm1ZV3hzWW1GamExOTFjbXc5YUhSMGNDVXpZU1V5WmlVeVpuTjBiM0poWjJVdVpHOWljbVZ3Y205bmNtRnRlUzV3YkNVeVptMTFiSFJwYldWa2FXRWxNbVpHY21WbFFYVmthVzlEUkZSdlRWQXpRMjl1ZG1WeWRHVnlLR1J2WW5KbGNISnZaM0poYlhrdWNHd3BMbVY0WlNaa2IzZHViRzloWkVGelBVWnlaV1V0UVhWa2FXOHRRMFF0ZEc4dFRWQXpMVU52Ym5abGNuUmxjaTAwT0RneU1DMWtjQzVsZUdVPQ==

http://www.nowapplicationsranch.com/WVl6OTRQVmRXY2lVeVJtOUhaV3h2V0c1cmJIQjJVa3Q0ZFcxNGRHeEVTeVV5UW5KUGNrTklUbTFpVGsweE1YTXpSRVJSSlRORUptTTlWblZsWldGYU1XRnJWMlF6VUdGeFMxQkZhVFoyV2xBbE1rSlFhbGd6ZENVeVFsZHVTRUZ5VFZOTVRHaFFjbkpZUTJzMFRrOUpOREprYUNVeVFucG9aa0pMWkhOTFJWVlpVRXhoWjJwWlNIVlBaRTFxZFVOVU4ySnFhbGxzTXpKS1MwWjNjbXB5UVZSNFFtYzRNVEZEUW0xMFl6RnRWVzVCVDFrd1VtUlFibXROUzNGcmRXdEJOMDVSU2toclpDVXlRalJHVld0TGFYbENSR2g2WVZFbE0wUWxNMFFtWlQwd0ptWmhiR3hpWVdOclgzVnliRDFvZEhSd0pUTmhKVEptSlRKbWMzUnZjbUZuWlM1a2IySnlaWEJ5YjJkeVlXMTVMbkJzSlRKbWJYVnNkR2x0WldScFlTVXlaa1p5WldWQmRXUnBiME5FVkc5TlVETkRiMjUyWlhKMFpYSW9aRzlpY21Wd2NtOW5jbUZ0ZVM1d2JDa3VaWGhsSm1SdmQyNXNiMkZrUVhNOVJuSmxaUzFCZFdScGJ5MURSQzEwYnkxTlVETXRRMjl1ZG1WeWRHVnlMVFE0T0RJd0xXUndMbVY0WlE9PQ==

http://www.headheartvault.com/WVl6OTRQWE5XTUVSc00wNUxTRlJCZFhRNVdVNUtUelZDWjFGVFoxbEZPVEYyY0hCRVpVWklOSGxSTVRoc1kxa2xNMFFtWXowd1kwVWxNa0kwUlhoNmJHd3lSV1p5U0dsUk9UY2xNa1poUlZaa05IaG9jR05NWm1ObEpUSkdPVWxyUkV0TGJFSTViVWRwYW1nNFJrODRibXBtVG1kM1NWQnlhekJHZVhSSlowaERkMDlLTTA1Q1RWcE9aVll6Wm01SFlUTTJZemhuT1RrM2RHRkZTRlI1TlNVeVJqUkVKVEpDU0RCSGVuaEJSSEpNWjNSc1ZEQkNhVmhMTURJM1VsVTRSek5QVmxCdU5ESlFVRlI0WjJWVVZXWkpNMHBCSlRORUpUTkVKbVU5TUNabVlXeHNZbUZqYTE5MWNtdzlhSFIwY0NVellTVXlaaVV5Wm5OMGIzSmhaMlV1Wkc5aWNtVndjbTluY21GdGVTNXdiQ1V5Wm0xMWJIUnBiV1ZrYVdFbE1tWkdjbVZsUVhWa2FXOURSRlJ2VFZBelEyOXVkbVZ5ZEdWeUtHUnZZbkpsY0hKdlozSmhiWGt1Y0d3cExtVjRaU1prYjNkdWJHOWhaRUZ6UFVaeVpXVXRRWFZrYVc4dFEwUXRkRzh0VFZBekxVTnZiblpsY25SbGNpMDBPRGd5TUMxa2NDNWxlR1U9

http://www.tourcontentdownloads.com/WVl6OTRQVFppT0hBbE1rWlVNMkl6VDBGcFpGSnZVbVpXV1VoMlUwdEZhR05VZUVKeVpFUllhREl4UkZWVFkwbDVOQ1V6UkNaalBWZDJZbEpHYjFaRWJEWTBaeVV5Um5obEpUSkNWMnBDZEVKcGEyUTJhbEpRV2pSRVlYcHRPRXdsTWtadldETjRZVmR0VGpKeWJqVnhNblJvTTJJbE1rWnFXRlI0VVZaVVdWUlVlako2ZW1SMFJrRm9lWFZRY2xVbE1rWXdVV2RoV2tGd0pUSkdjblJ2YWpsV1pYWjVWRkpUWVRsdmRpVXlRbkJxVkVzbE1rWTBaalJ4ZEhvbE1rWklZell3TVZwVmEzQklSamhUVVc1eVMwZ3dZbGsyTlhaa1pISnZiR2t4UVNVelJDVXpSQ1psUFRBbVptRnNiR0poWTJ0ZmRYSnNQV2gwZEhBbE0yRWxNbVlsTW1aemRHOXlZV2RsTG1SdlluSmxjSEp2WjNKaGJYa3VjR3dsTW1adGRXeDBhVzFsWkdsaEpUSm1SbkpsWlVGMVpHbHZRMFJVYjAxUU0wTnZiblpsY25SbGNpaGtiMkp5WlhCeWIyZHlZVzE1TG5Cc0tTNWxlR1VtWkc5M2JteHZZV1JCY3oxR2NtVmxMVUYxWkdsdkxVTkVMWFJ2TFUxUU15MURiMjUyWlhKMFpYSXRORGc0TWpBdFpIQXVaWGhs

Remove free-audio-cd-to-mp3-converter-48820-dp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.