installer_adobe_flash_player_english.exe

Astro Delivery (Fried Cookie Ltd.)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application installer_adobe_flash_player_english.exe by Astro Delivery (Fried Cookie) has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from clkmon.com and multiple other hosts.
Publisher:
Astro Delivery (Fried Cookie Ltd.)  (signed and verified)

MD5:
f10ca6f71d48d57cd6f179febf36ab28

SHA-1:
df5e7028ec328e4e91221ae637570ac6b3acc7e2

SHA-256:
c5a69c9a6e5654dc2c782db35a330fe84dd67bccfcd8df263fc9d80a780d9c98

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/5/2024 7:09:33 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
7.11.188.24

AVG
Generic
2015.0.3283

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.141121

Dr.Web
Trojan.InstallCore.15
9.0.1.0325

ESET NOD32
Win32/InstallCore.RO (variant)
8.10762

Fortinet FortiGate
Riskware/InstallCore
11/21/2014

Malwarebytes
PUP.Optional.FriedCookie
v2014.11.21.06

Qihoo 360 Security
Win32/Virus.Adware.94c
1.0.0.1015

Reason Heuristics
PUP.AstroDeliveryFriedCookie.e
14.11.21.18

Sophos
Generic PUA NP
4.98

Trend Micro House Call
Suspicious_GEN.F47V1120
7.2.325

VIPRE Antivirus
InstallCore
34998

File size:
793 KB (812,080 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\installer_adobe_flash_player_english.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
10/21/2014 11:11:59 AM

Valid to:
10/22/2015 11:11:59 AM

Subject:
CN=Astro Delivery (Fried Cookie Ltd.), O=Astro Delivery (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121A99E73962365DC8A4A1F35AD57C59E60

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:cUZwZFpwmHcKbANWeKiowYAhLJqI3PdOGDQ/2fCfZwUB:cq/mHXSRNGI3PdCk+tB

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8901

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file installer_adobe_flash_player_english.exe has been seen being distributed by the following 50 URLs.

http://clkmon.com/.../sa?cid=11021-200080510020000000&pid=11021&q=cristiano, ronaldo, dan, lionel, messi, terlihat, terlibat, diskusi, kecil, keti

http://clkmon.com/.../sa?cid=12060-1049793&q=hao123,agregador de sites, sites do Brasil, melhores sites para navegar, agregad

http://clkmon.com/.../sa?cid=SUPER-CRSRDR-200118821015000000&pid=11021&q=??????????????? ??????????? ????????????????? ???????????????????????? ?????????

http://clkmon.com/.../sa?cid=FELESITOS_21295_0&pid=&q=Casacata presepe video

http://clkmon.com/.../sa?cid=11021-200208210123000000&pid=11021&q=D.I.D Electical, D.I.D, online shopping, electrical goods, Televisions, LCDs, Pl

http://clkmon.com/.../sa?cid=11021-200208218223000000&pid=11021&q=El capo 3 Archives - Novelisimastv

http://clkmon.com/.../sa?cid=SUPER-CRSRDR-500082021022000000&pid=11021&q=??????????????? SUCCESSMORE Online Member Service (OMS)

http://clkmon.com/.../sa?cid=11021-500084223321000000&pid=11021&q=ROTEK PHUC NHUNG - may loc nuoc nong lanh - linh kien thiet bi loc nuoc sinh hoa

http://clkmon.com/.../sa?cid=11021-200225514223000000&pid=11021&q=Kino99.info, watch movie, online movie, ???? ????, ???? ???? ????, ???? ????, ??

http://clkmon.com/.../sa?cid=11021-200080502416000000&pid=11021&q=???-???????? ?????????? ???? ? ???????? ? ??? 3 500 000 ??????? ???????! ??? ???

http://clkmon.com/.../sa?cid=SUPER-CRSRDR-200186804620000000&pid=11021&q=decidiste dejarme camila

http://clkmon.com/.../sa?cid=PINAYPOP&pid=&q=Movie Archives - PINOY AKO

http://clkmon.com/.../sa?cid=SUPER-CRSRDR-500082021022000000&pid=11021&q=???????????????????????? ep2,????????????,??????????????????,???????????????????

http://clkoffers.com/adServe/.../UhV3Vn9DBykB5siSCOrna&ui=Z8zTgCz36kQo5fJ5jSJxDscaKRMNtL4xlA4kOHjhy4YK6p1bf1JjzxkSYB7QCwau&src=BANNER

http://clkmon.com/.../sa?cid=11021-200171603119000000&pid=11021&q=O novo MSN, seu conjunto personaliz?vel do melhor em not?cias, esportes, entrete

http://freempr9.jrcaaa.com/down.php?p=REVENUE&trckid=003767484015948437053

http://clkmon.com/.../sa?cid=SUPER-CRSRDR-200068704312000000&pid=11021

http://download2v.freesoftstore2.com/installers/out/011200112101122/piid-546f70b5e2d7b4.23304272/on/2/freesoftstorecom/english/revenue/firefox/adobe_flash_player/d/275876e34cf609db118f3d84b799a790/ici/.../na/installer_adobe_flash_player_English.exe

http://clkmon.com/.../sa?cid=11021-200212806123000000&pid=11021&q=Vous ?tes d?butant complet, vous voulez approfondir vos savoir-faire en fran?ais

http://clkmon.com/.../sa?cid=11021-200170012721000000&pid=11021&q=gossip, gossip lanka, gossiplanka, gossip-lanka, gossip-lankanews, gossip lanka

http://clkmon.com/.../sa?cid=11021-500184415322000000&pid=11021&q=22find

http://clkmon.com/.../sa?cid=11021-200186903122000000&pid=11021&q=Passagens A?reas, V?os, Pre?os Promocionais, Milhagem, Avianca no Brasil, Viagen

http://clkmon.com/.../sa?cid=FILMPOP&pid=

http://clkmon.com/.../banners?pid=15867&cid=SU1&action=r

http://clkmon.com/.../sa?cid=11021-500131006223000000&pid=11021&q=Oficinas y Locales Manta

http://clkmon.com/.../sa?cid=SUPER-CRSRDR-200185909920000000&pid=11021&q=hírek friss

Latest 30 of 87 download URLs

Remove installer_adobe_flash_player_english.exe - Powered by Reason Core Security