installer_driver_d_link_dir_300.exe

Copu

FunnelOpti (Alpha Criteria Ltd.)

The application installer_driver_d_link_dir_300.exe, “Copu Setup ” by FunnelOpti (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.sendchucklebulk.com.
Publisher:
FunnelOpti (Alpha Criteria Ltd.)  (signed and verified)

Product:
Copu

Description:
Copu Setup

MD5:
aaa3bede199d280012690339d1f195b7

SHA-1:
a9a29f7fcf7facc57acf5deceb15bb880d09f159

SHA-256:
2856ba149eda3f336b88dc0a282a20726b3f37e2f171e0a71411919bfedfb4bf

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 3:46:55 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
17.3.15.19

File size:
927.7 KB (949,936 bytes)

Product version:
4.5.8

Copyright:
File Fast

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\installer_driver_d_link_dir_300.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 7:41:21 AM

Valid to:
8/26/2016 10:34:53 AM

Subject:
CN=FunnelOpti (Alpha Criteria Ltd.), O=FunnelOpti (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C57D0836DF0829F54F07ADA2D08AAFCB

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file installer_driver_d_link_dir_300.exe has been seen being distributed by the following URL.

http://www.sendchucklebulk.com/oqswssyeORr7lwHfglDVrWmbKnycSpKd8Ej_46YiIeO2HXVsMqS9rT0bY8QbQ6yhthNPfvsmMuE4tNATU7bW1gk45Pi6D 8Fm4GZ F6SDcPIjgMFn5 sw1RvX_juWqqvFZplnCle774v7MNeVuLGvupU0miVbcrTWgQ5MbHpFx9nR7HzH_uPO2c_m1l0GuMBjgNNXuVaYU1AUqsh2KJnXloosEpleEiMJb_G7S7vxDDKO1_n0ugd2wSkla eOyj9ZCWkOqZnZuANS6B9xIBbSX72VCzJn070qi5aXQv Dn3kb7UkRG1F_I1sMtZiG3vFlAN2IbuFWLJoyyjQPFSk9T8yu5pJZmmwI5NA6mGhHw VP3e8sMjcUGzRbH67mhAEjQjaK6q9GV09Hsub02g9qNjOeNt_ChQ74b82nMwMh3qWt2o5jknx9S8SSvJcqh9ZJJWXbeJNjF2ruOM3tVARdoDolZRJLtl_e2_RN U_CbMDjq5jRTuY_adRW 9A10VW C5C2whBO128419n35V1qUAg _dF4VRcyGQWlGewagyUtNlafESaodaG4fWljY_HYg5_P370i2FH0Z2lqznjHnRYfYmG2Q5i0cdc7qA9vTM0GnP6qUfYRFWgHg3IQ dOJGr0pKMC6zWLJL9w3Nw XRZ_fh qzTPbQgd7Tfn9TS5ZZK4OhvjcabzjNATzZC_5FRAFXHHoj0Ih9wx_Eib3 Xkc4WFT6rtCTPbjf vAqDyrwkUXKABr94NFGuWQ1J2F7M6sw1XwCkCju217WJHvWpSNCSvRiScsJ2fIi4bh3Pc8Xb04JLN6MNmwePN38YerC1TyWMwhcruHI aCV_mzauWgq5zk6meEdYQyC8BTiyfA4RE7_coDg4KP9TE84EBZI_G1wjZ8fdvR4JjLxPv4hj3DnEL_PQQByr2rdT0Ok4aqy2vbMeBeDsBmG6IJU eZKhhxtlHk-

Remove installer_driver_d_link_dir_300.exe - Powered by Reason Core Security