installer_adobe_flash_player_english.exe

Web

Setup Delivery (Fried Cookie Ltd.)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application installer_adobe_flash_player_english.exe, “Web Setup ” by Setup Delivery (Fried Cookie) has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Setup Delivery (Fried Cookie Ltd.)  (signed and verified)

Product:
Web

Description:
Web Setup

MD5:
38767be79ba7f657e32bd0418a773f11

SHA-1:
a94357a0710f0cecbfa82ceec6cac6eafee74289

SHA-256:
0221eb715b4253d7571852821780d800e84cfa7ce6e69fbf0c9971e00e4855ef

Scanner detections:
25 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 4:46:47 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
PUA/InstallCore.II
8.3.1.6

avast!
Dropper-gen [Drp]
2014.9-160201

AVG
Generic
2017.0.2847

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.1621

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Installcore-651
0.98/20550

Comodo Security
Application.Win32.InstallCore.PK
22332

Dr.Web
Trojan.InstallCore.49
9.0.1.032

ESET NOD32
Win32/InstallCore.XS potentially unwanted application
10.7.0.302.0

Fortinet FortiGate
Riskware/InstallCore
2/1/2016

G Data
Win32.Application.InstallCore.DI
16.2.25

IKARUS anti.virus
AdWare.InstallCo
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.204.16134

Malwarebytes
v2016.02.01.01

McAfee
Artemis!AA44A3B04733
5600.6503

NANO AntiVirus
Riskware.Win32.InstallCore.dnajwn
0.30.24.1636

Qihoo 360 Security
Win32/Virus.Adware.94c
1.0.0.1015

Reason Heuristics
PUP.InstallCore.Installer.Installer (M)
16.2.1.1

Sophos
PUA 'Install Core'
5.14

Total Defense
Win32/Tnega.JMMQZQD
37.1.62.1

Trend Micro House Call
Suspicious_GEN.F47V0126
7.2.32

Trend Micro
TROJ_GEN.R02ZC0OBE15
10.465.01

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
40824

File size:
741.8 KB (759,608 bytes)

Product version:
3.8

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Swedish (Sweden)

Common path:
C:\users\{user}\downloads\installer_adobe_flash_player_english.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
1/14/2015 8:44:35 AM

Valid to:
1/15/2016 8:44:35 AM

Subject:
CN=Setup Delivery (Fried Cookie Ltd.), O=Setup Delivery (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11210A6522A1A7E7C584A5E3B94F933EE6EA

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:KuFa+fpe7ITfOoDiZ2O5mxnrzlQ4R8iRZMHNuWDc2TbQYUT9xjKCl8++v:KuF7fpe7upDiOxr5g6MHJQSbc2Cl8p

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file installer_adobe_flash_player_english.exe has been seen being distributed by the following URL.

Remove installer_adobe_flash_player_english.exe - Powered by Reason Core Security