home

icreinstall_adobe-reader-11-0-9-32-bits.exe

Swift Funnel (Fried Cookie Ltd.)

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_adobe-reader-11-0-9-32-bits.exe by Swift Funnel (Fried Cookie) has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The installer is marketed through download protals and search ads as Adobe's free Reader but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Swift Funnel (Fried Cookie Ltd.)  (signed and verified)

MD5:
e11c73e4a79aff25b1526b74f0f4065c

SHA-1:
bb143751ff34caf107a0f2fe138d6fd79f494a32

SHA-256:
d1229d88b8166f399f60e33be3a1846563ed995346e9b952eaa09678947dd92b

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/27/2024 2:43:32 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/InstallCore.Gen7
7.11.186.130

Comodo Security
ApplicUnwnt
20103

ESET NOD32
Win32/InstallCore.RO (variant)
8.10732

Fortinet FortiGate
Riskware/InstallCore
11/17/2014

K7 AntiVirus
Trojan
13.185.14021

Malwarebytes
PUP.Optional.FriedCookie
v2014.11.17.06

McAfee
Artemis!E11C73E4A79A
5600.6943

Sophos
Generic PUA LL
4.98

Trend Micro House Call
Suspicious_GEN.F47V1114
7.2.321

VIPRE Antivirus
InstallCore
34844

File size:
698.9 KB (715,672 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_adobe-reader-11-0-9-32-bits.exe

Digital Signature
Signed by:
Swift Funnel (Fried Cookie Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
11/4/2014 3:05:02 PM

Valid to:
11/5/2015 3:05:02 PM

Subject:
CN=Swift Funnel (Fried Cookie Ltd.), O=Swift Funnel (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11219222B1C3CFE5BB71BCB5117BC2A44FC6

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:KT2aBIZBhDJLKc7NlZ2llDPkRZ1PZZrspGqNUHUBxvrQkgEm/XFjwHXwAbd2yZR0:KT2YIlw2yDMRdZrxqNyUB5rQkklwHvbK

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file icreinstall_adobe-reader-11-0-9-32-bits.exe has been seen being distributed by the following 5 URLs.

http://d.baixakifiles2.com/?ic_user_id=254&data=IfvD66 pdmzVbe5t2CXT8b2Q2FG0vkuQ3cBEgx9Z9KNP3WGD0jgcCB8oXGG38KvizuLCZ9 vwdd4jWpbVgylb8RtEO3xkGelgCh1kFVsCT0tURa5mKF2HxGua6KQU2QXFaDf0g6BrUUKgO3 qC4WZ0YCrng11YcThtuIl XEuix6nSJzyEm03P7Nd87m1IPN9QUE/zyDa5tKCusRXsm5dAauHOjs8ZZmyGfep4MG8gIb4vyXvjNcqWc74Sj961vEru9jLz0HMVbpdVMfGxqnyNe33Vrsjz64TSL62KjM7Gyzv tJMNu f7GCUsyh56G4uFs6zGYvYE/9ETCUjdjUSKiCC9s6N5RyLRLo7 /yIfe5IopWAHJ7DMkgrMtGbAjplOxit/W6nxwIhMkdcJZqacoMdLFh6x0SqIR9Do9fpqc/GP7xs8a/P66XCcHlzgUkzwgC03ZCDq4Pj7Adh5ttY6eL7b8KkSj7WvAQghvmgBFvKrgaAynHlZ7NFLfGgCC6Jgi6g22TUbD95TojNQBOkv5BVIQAaucjohjlx4ixw6anuYfHQI5mnlLAWUn4lt1PICs/bqfgOL1c7FZ q9bNli62E/rmV5VKqdN1aenvAd8F3PKPlqbzpQrZkj9oZLL1tbH4pLvAF3DnbAZUSjEDmBKDxff2w ovBceN4f6B0i7nX/oXItcghHqOKg8EaHAwLBjZgMJPuA1g kjfs/PVHSZM5jId6gaWdGUGdrFu3DBa/aOcbkRH0odeXWjq9fYkguzJ2fQAvnc1c8ryqrxS5iZZUDRxnbEdnYBzS/ipYZ0pLw8HKYqr6ELkpL6s7Op/.../vCizqJsdg2mmYlwVYfW7MIIsRjNUrwk rJaTQGuC66dKZFGpqWyK4gM6pd2lXf G4avqG8DAuZf1WstHJRM

http://d.baixakifiles2.com/?ic_user_id=254&data=A13qPQFzUuyv7Jq9Jf3H AlYvWYDkUgmaGAFxLg/RPVgjdz9Oa/QXX28IIOaGaWFi oG 7LkRZMeTqaSVn99tkh6BOihQNLz5fTDKxOgJqs/cYIR5ykHx/4N4j uWGgROVZxIAaAX44E2VTM9mJ4AJvyVD3mL72BjKM4XAB7wKc43EsQMUmdbPsIFXMKPJ76z1v4vUVj4W6ni4GOE22WORb2OzHaIIu5hlmYhAtk4pobrFY1Nnwxeo2X82tSzGvJaM2eAWkChMOLdsRP2I6wG4F9CncwAyMgEDRglhImDCiRsM5uY2TB0jtht4u4zFEKLE4rqPggX xQGLC2Vm/yjzrJafW8D7XzNCKseLgx0VtZCcv/Aw5ZCIRB9b7w2AEHyXWFTimfAj/aE5xNkOrJMuzu9qYSL AQZPGgzgbRo11ri1jl 5VHIFKpJ5bpcMdrgwlZRkqGGInRJVFSi5/kut8jRg4qj mDZ4ybi7mlCNHcoBsj0yIeN4wLmkx2ksRLbiEpTIo3o3q1Qv8tSqhz/pt4bUd bKI6ZTg5y Zcxzv1yB8WZfc jwLY4HvxVF8EVzwxZqTLfaD9ngU/UaUv7vwhdVkFqs5pGwTpJb5InN2dX/D KlczrAVeyX3 3lmPV2S5BnPqWoHwEj69wvkCp1nzqsJ1AmIvfztt3//a3 SFhj8LBtRjLwEUokB5i2 DFENHAJRL3Ln2savVWvfgNkQ/cfBNaN2QjH21tCYe 5CFz kZWXm5smbVkscuSRMrxTrRF6VfoyZPjkCJ8TF53i6D5CPkV6ZlVDLHgPDUKpHWV8K1/BHCAvaAM5XUrpFu5Lc=&key=Dgx7q9EQmP7EDtLlwYcKcEMkXeUEyeN oDJycck1lXQWVdtg9qbBqEjcLlcu6b9p i3EDI/.../6QRzgM9nhg77IWz1Y

http://d.baixakifiles2.com/?ic_user_id=254&data=1RPJ8/X06h/9SS9C idu7YR4FM7ajIJH1ahkaRT9S5xXv9NtGbsuF4kMZNQQf9gZFuqqOvAkeImJ5NBGi W4TkaV5wd60sR//fIGDxu8aO3PmQ17vGFWNiq2TnCQjnY5Us7HU/700OnzSgr6itFClcdvjbIjRrFOyttqUdGJvYIzmFPbADXkyzKmdSoeyBV0X9ihLKaqu8PJg/ShxXY1Rcnzs7MRdpMS9BSZDAtUudknGy0Prnj44tNPdpHWL5Icj UL09QmBU1zremOTj6r0Qrb9ElTmTUszefBMHDRl1hjvN9Olnloag5G0PbsDQ8P50s1s8Bq6dx67WlTsDsBPY8/FhgMYvUb7hsZUp94VutrDA4vVamB6z5eg1BNICx/vg5OIAc//c HUueWnGycEQohGboDd/O58Q8QqZ3kHD2tpffr/WZm/kzlB1t7XnS6VhH4Wd0Vo PY44D3Aa SIgBU6GF1rT2gZ8Dl4MEjK659x/yaAERhtR7aOjvRcSlAIDpoL0tiKC7lMlOoF3ynefYv3VHtHaduMgTTKi8pavQcfoZrjHTS9/xg1xzJ5l7nsSGTHT8AEOe6qsMb9TXoiVbJcU42Pvzd7VmwpX DoOe4y23zNtVRtBLF FVMoLbQIY reZvEMwbm4BeSXFnJ/V8WMA7V4rRhx78HX6K4a59ufQVjX3JRFZV Km3eUeGwbRobgYSglHBnhrLx65/vmhsreGT/E9PV6PWuJOXGawSqIbUBN3KPf 4z3a/pYxxqUJeU 5SvjYHFQt0wtt5l6rhUbK1/D24Hgyoo X1wQOB/eZp3pMfZGY2SSRfp0QOt5yI=&key=ahp0du2kFbaquf1lGnfA2SFAlBxpzAxmGFwz8WKUQsfxT/.../MXrTZBsdP9Ti5TsRvkiuuckIMRyuEi4n YWG8lWIAq1 KoSeK

http://d.baixakifiles2.com/?ic_user_id=254&data=xYe1 fpgA2OsCrHMVAJsC6x4Fsuc7v3/gGXTQAvMIWu4j37CFWWy6U3lrGJUE7Il9qRFo5KewAwqRUbkYbiuy1VtAD7YZ7sTWXEby5h3qSJLqJyE1LjlLPkHcLnVpdmE83rWJ99nqzpSKGI0eqVsd7hyR3CRFwKrHcC7ypIvCAYLu6gFIqqxpLQ7elPYrlHE417hn77I8qFdWECJr8I98dcOGSqmR9nnhO4keaExy4tSNB0vMq17aIQsSuANDZwgnx62R9N4tBl9khrRfingTnyTiKLWTiEw4c0AmgK0h69jzfoF4EJMcr25MoRsyewLWNpFgkDqAv2gzE/mR0eecsRiQJIGvTSc3x0I4H5F6J/Ev28ETpw80Ciho/LzXuDgMDa5fyyWXgqzXAzqxHEIW6D5wvQoHZpwBn2 pT3tPN8Exsh9m1uKkQx7 7BgCfmebDwxzfXmXLgFS821UPY0YkS2IZLcABsDXfNmS9miocROq3/uhlwq5Yf5bB2eb0rGZnltB2peqMCNb4xEi Fb8q5TSi/Xaz5rshyA2LmJTWb1CyYBp6Agp6 /6T2lKB0q0px8ZTlK/I3aN903KbRDlib Dz6N8ZZI80g2XWI0puplTW1xAB9i7g5VS7ioc51T6y aQuwesGgmr0lEmvlwBgbruFPLiJvxZklQqe3jZcoZU46cbg7q/P1QB2xGc1MInJxyFOcXqqI XXXWBQ1pJb2zU5sMRslVmExQoxZV01cxXGzIRkTnNwgvBdOKXUdC2j4XuUHOS4FzZ06ziFXVqQ Gf/523z h0TBcZ8iEop9Gf0tPkgmQRFDCN8X2OjV zjg=&key=hV/ USSUA4pOR CkUPAzxeNUEapCfvj/.../PXoE7KqYiqP

http://d.baixakifiles41.com/?ic_user_id=254&data=ddb5w5VMyqz2DLeJceAPIuZc4Omkxsp3F2FPNAAbMM0StotqFYHy9hHrHdxODvr0mEVm9roWCdfcc4jhEcG3j3kvsIPzH75JxhS0aSqajl5hDEu267cqdH8pHGY/JtpxlmukTdKNqwP 8OwMEksX8MLA hkSUnXI2JUOYvCKCBedqzP0JWxbWQJuQ W92oNoOCoUp1nebgddA84mdSb57vV3j/j5I wapfYLX/JIbSWmPt7t3GJ8t2cZ4DfZC99Vc 57oJsKU 4 6PDipvG7MgRr/NQJspaPRjdGGbCQWUx0rhH8wFkYOfXg4ARbi1b5LOkSHm/GvoKqFS3A9QWOKmZA2DbF8JnXpYb7nrbMtLvtM4AuDZPIJowfhzaayFoQI69E7AhD8oDQwGWWtyJTPFtaDRU/2F8t5mU3iilrJSOBWHN8eXLtwPIIW9Jw9TGl12H5s9VGMNwilvkqtYPZU3CWsrs6uJZlMYjIeUilDtXPkywoijurG75 9T6vIS3KPQ3nxqQNEpGLYA91ejF3/vrrz9OytWBVit /p5r5oLYCuCbcvp3ZOa9/l1xT0XNe/xC58lrZQUaZ bRzpW0IW8d2uhRnPYPyzll03RJnTgDPkyvYnOW96wKu7rQdeDrCBROIoypYXyESvLuvOsAdDPs/cP2Yw7lju3 NMmyQnCH2gBcksKBKzPnGEQZzv3ZxwQhv7DT/DCPtpyDIN/kCHmEhSYRyNoohv/oz7AejKB0iQP0ohtf7UxPiPP61TSDTW7dXS42/.../LkVIYCUkZGJ4LvVRDS5qfAVHWK DQZRUxedV7b 4sUpEibPSulx5wPZsKSExNxH 2JPTi9fhhmeGU

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

Remove icreinstall_adobe-reader-11-0-9-32-bits.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.