itunes-12-0-1-26-32-bits.exe

Installer

Bumpy Apps (Fried Cookie Ltd.)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application itunes-12-0-1-26-32-bits.exe, “Installer Setup ” by Bumpy Apps (Fried Cookie) has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The installer is marketed through download protals and search ads as Apple's iTunes but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Baixaki  (signed by Bumpy Apps (Fried Cookie Ltd.))

Product:
Installer

Description:
Installer Setup

Version:
1.0.13.30550

MD5:
10cc8fab9c47d07620573f7f4e5fe34e

SHA-1:
9c966ec0aa128fbf0bfe360c898bd063e48cd2a2

SHA-256:
fa2056a17f8909469973f13ef62de85f093eba7a0653f6ce388473589b6b6723

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/26/2024 5:40:56 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
7.11.203.90

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.15129

Comodo Security
Application.Win32.InstallCore.DL
20777

ESET NOD32
Win32/InstallCore.UQ (variant)
9.11041

Fortinet FortiGate
Riskware/InstallCore
1/29/2015

G Data
Win32.Application.InstallCore.DI
15.1.24

K7 AntiVirus
Trojan
13.191.14694

McAfee
Artemis!10CC8FAB9C47
5600.6870

Qihoo 360 Security
Win32/RootKit.Rootkit.7e5
1.0.0.1015

Reason Heuristics
PUP.Installer.installCore
15.3.1.12

Trend Micro House Call
Suspicious_GEN.F47V0102
7.2.29

VIPRE Antivirus
InstallCore
36814

File size:
679.6 KB (695,904 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\itunes-12-0-1-26-32-bits.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/10/2014 2:14:20 PM

Valid to:
12/11/2015 2:14:20 PM

Subject:
CN=Bumpy Apps (Fried Cookie Ltd.), O=Bumpy Apps (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121B000FF2DA5043B97A16823C79402FCDC

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:waopbhpAM3XI6da76QikQ7TE5gflVCo5jOptDbBY5IIAwfMC7DCgj/5BsqBDryKM:waoNhn3XNa7HCYgLbItDdYu8MjgL5BpS

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file itunes-12-0-1-26-32-bits.exe has been seen being distributed by the following 11 URLs.

http://d.likelyaa.com/?ic_user_id=9289&data=n/f8x3RS5Cr6CCkyWk9EyqfZZ9Qta07ItNKQgqI5P6TaBVYzOHoTh 9eZTS8IQaBEybG2k FskO7rXbThMHVfZjRRUbjSk599p2lnVKRhydCADNzlSE g/eYWFIts15Pup17tDN8F7SCmKSugl pvonW8SAIkZZhtBxCKoEXUNxwVXqSEEECkYw6/hJoqoOk3xjsFj4HiTDFnBd22IRH6SL2lQuHgH6kAwnpiSjeWs G7ViQUGM9FRJBepDU4R64Q/QnAZCbaNcL5iIrK7eanSvVPxPXKSoukuvN9yuFGOchk63XzXrLNE3 vyzPH2NfTqjy8vrSBo9Kko23ozLw0 YrzVipWNS8FHS CGY3Hsik4PQsM4qjNViAe4DfOTuATeGo5ke1MGQoEwypQB/X6Ik u/FuJg hYyW7qDsL3wzjhZgPgE z2EPXL4ANHU6lQibQHGUeITNBVYVU7KQEOD4XhHanEAhOyI0ytvss5 lRh9I5FrBLR9qj6aEXWHuKGgRUcrkhEKGi9Mu6Of X7teGQ whJMAfJGT0 RSBYddkqbEAveF IRRq1S Fz7yhscTYWx/xwo7D1z2Iv9pN7 TisO3 DDxKOTr7eGVwhuvnHo849oEGadFs0AFfs06QyUH18XwzjhFmfGPKV8l2p9QCOp1WaXNKrTcsMzWZpvvbC1udGRVfF8pWzT1Jj2W0jQ9Cr0ye&key=jZMQlYzQWQb1yVXarAjqtWIE82LwEAzUQCLy6zQei9bzLOSWi5616G6HDg2nMVHsJqTa2O/08zVKA9ATjMYVngKlu YP55EV6vIzU924Lj25AKlxycN7Jl26VwimeLqkw71bxIGM4dBMsdn5/.../Ub7

http://d.likelyaa.com/?ic_user_id=9289&data=DcLeTc fI0pFp6ol5s23Ne3os6LYzQAkGH/ 05sRVcEtDtEyhFsoaOrW0lKqIonWE yzxtr5G KRrrCjEUL9EwtOOvNXxc/ipCs25STpX7Vxb9ly3aTdf2ZgzRCgUiOfiqU2OQAgOR92csihXYBYFx/KgsWe9ovorsnkka qwlGTzekopTEsAdbSJx6RcDjA3N1bvVJKmDcaxvA1KZ99K6y0NgutWYibcxcrDqBlPm805pl2mA8f4ZRMIWh0l6KOUMvc0/n1vKnuWsav8t1tyY/2uqx1pWzvl83Hlk4J2MWAUx2yHJxrx5fSj1/CnQeBcbIKkCJIY2hYa96l6dt9njW31Je7b1lOqOrzEfHX3aIccV30WgF Juxp7rCPpQpcBfXlFlJc/lgslIcy2laHiReWMzJrMrDY11rlMYAvz5JP0PaQm9APqwLMtwnMxC07F2JXR1RV7OCz6U0dJxX7uPqCTfPPqNRFubmyoMgDOckgKT/Xq 3njK0MRjVYDxK550CxSBXsQmmKB/IAS B5MB6NpJuD9j0GVFrMgHTUXOD5qr2 jWwdIsZktJVNXVC6ElexCTmbq4VgHKm40Io5EadcWMpPnm 3 3iYM/EGurJgDMg2Kee7rUCxhbtp9kmkmwdM6mAqDqGWXZ2Tus FRz0Pn vkOqcAF6rvsgEdQfvpwYtXPBFPohGuZWNWNhSZ sYgYW3I&key=UEqk9iUmtortpjPNe9IGLqwgWBm/YzLZFQN6n/45C2RBEMQuI LMfe3AkhuTqWq0ng0HgR74yMsi0J83ArYwdlxr7YVjml1lyCN5rDNjVSOPjUIRrD35U8FIiBoeWYhZjMIzywFr/.../lI9sZlMuaiEfFfsPaSWIe0CDNWMULt2mXtVszXkVsQ5zZUcALWUouTFIfMNz9IdGF0Jd9PCMJCaPJXvObHJ8uJ

http://d.likelyaa.com/?ic_user_id=9289&data=iJS Q3Mlkhwe8WRNnmOxVGY7xfx5mojr mLCaZXXzMJ2CdOOiHKO62OwYh/npKWLiJSzSoztN w1DipuF4UG0tkHc HFEmwL3cGU8FOpqG9EgJG1Xmj8AvfgEdG09PMResBHGQYlHBzAKQAYjRbIAkTu PCB/1IGm59Rk8yevMT5dbascxgNbSe7whJdcVlI 6yMqNtefwjjteGmBkw3MphH2SSvE7cyljtvUnGNAD4pi0M246Tqi3FHQuryAH1v5phfYlB4LQErtCruLzV2efck0hwzgIM/bwii /HZX1j7 V GeD9Uxg1rpYY34r8NE3ZXaSbTXOqDood5haYQvMda2zHZCg0hlTdC0wNR DtQ2cvNHqWLBcxX8cGbzTgF1Gf03z2e IQpUMLqGrqwQf8/VCTs485ZhkgLnmYFpLsVur bLVsZ2jH1t7TRgeIpkhKqitp7PqCZYNjC qDftDo3uSPP8ACZHtp/u5mXS2vMGbfSehuPojdT37zZDDuwgkVIvsRRoPgduotuo8ahmJJalsxf2QIHT hup07YjY5FSsZ6QJqxE082y5U5 UiAR5WsW3z9bCnNfCijhOupJIQaCaMl3ZFRUWOL3X28mAV5uZdgppvYfohaync11HXSliKi3Ej/ocKzgMkRZ38q68ik3Qv R wCCvpziHyQQWnWvu4LFATBdTkDzk7qeNmuPqUclFwR&key=QOU5H8zTmihhkF2YZIpk5hAIrV ByMGcH1 m6Bi396UGBUIc1bR5p86fULxw4jzfVj/SzZ6hfY6/jyfJ RxMiP9eMmYxRFLMrD9Um2DaEUQS7PcgcBc8wmIMIaa5MMsLFpznP uxG4zxXVlOf0Kkj5GZsCFOJ62gQyA/.../SmZmacQiWxjEYU8VS3Cs7lGss

http://d.likelyaa.com/?ic_user_id=9289&data=BRXMeMiXzI0MrJgcx5X6iD5mjcGi2PPrJ598ONdKAXVVzZ/eHESLao5bPPYgacfDvvdTOq zFFWy NDgkp0JupUr/ugu9WsS34KF1GfAc9kyBKPoXo8Vb d4NkgKY2RiOLXMh8eg9Y2VuYdi57WbaqTr1GnAsQQ4SILUaVj14lY95Jyi4u/Qx9TslfKWbhBlAiVVPy4JsrmCsI6yp8HmGJX5 4QM2ecPmFgaTbYpzvHIkn0a8B44QWrUw32O8rRis2UGOjhn5YtFUpu/Ah4BT rhBVDVh/pdLXUQe0XFtVYvMYgQUyaGN9xnvBVCaU0oz16hLqZdEbSHgxB/0/FFV3rMX0xlCBUEaNOD4HpbkF11xfG2jciek9AAI6/eC/QABZhSHS/rV5w9ogOJXgoMO1AI43ioBtK2b/ikfeCvcVLg6KCezYQrKhQ3SItSyNi1tZWAMAJ8BdcJNLW75JBCca/Q28pJOLweUbLgNjGz0d/4R3PJLowwglw0nysx5ZcJa9nQgW8cSJBLh6eQ3xOh0I/6VuQOz1mVPpEjLY2bfiMLi/k3rzDy4ukMEFQT961oWg0o5V2HuvqcZjFrhKd3abRlt75WMD7RprAd7CRYRoY9IRuyiRykrhbOjVx5A3W5BS4vKQgTfFdfB9 O6NviBjCy0rufg/B4AMZvsD6x7MKR6ZlmMnL1H1ck0n5w6ZdTFw4oMYSr&key=IFi1zqpTbV 3tkbtwVHzHZQBcEEs5RQCSM3gOKBL1firNS987/GnOQaLeNIypUbI 0WilIBD3QnRC6bWMkcw43f987oLIV/R25/.../3c1LhCV3lcX9bYlsdbvbMcQnPMy1wrynWbJfJX3fQoVQ5VFXBDLI2dxkwahOFFeGdE5YkjdkGOxdNxdD81tRkUA7K

http://d.likelyaa.com/?ic_user_id=9289&data=TPnEDGU/2BtslTX4JuWB3ehiy0wTCnkcQgJsSl548fCQOUjw9Q9MLLU02 Y/SrvMiL0RkubWcrCRqDne4EWhGT9AV/U xTMX7B/Vnwe0E3hQISDg2/Ey6dCEXF77XC AsSihuBiObPJ2NLYgaPBZtVtGNtecinqPsItbzFxrzS9wsZvcaFUBwL1vLANgyqKXtQ3JGzpjFfLnVKmc4A13PAktlhvqBb SuN1PqhKGgxHLClGeb2oeESoQuh2YA6QYHgHWY2ldXhQ2MlQuwQqFGPrNbyuYmvP80B7UfoKF0q1mELbRxprYniZJaqa5b6O5zQw7LYvMDaJvK6CN4FS2Wzx7vH73zza1fnICySFhKrt8499/8F9YUgG8bE kdXs07xNDJqai xs XsfECeNdM7iGkI8JxO1pJ1OHlVs29o24faGK3jkP4fZ6/zhIYaBHctrbwcNdIdSLuT56Z4QtjXez7XAMUDXMKX3D99 La/5FwnkZC47kXBXTWg7g8HC6YvoAo6v3FewUffm2kQ0nehVGcVx4rj4AfMyW3YCjgEygdiibEkRMAVf8kwbHJzNluz5ePM/99PZyn7udrnrrhQaucNBG5FPEyO//rYz28gXzaO0/t3GBCZE/HjXZT0rm7T3eX6xNh 93xQIMtJ4sfDeOVHSNkVI2ocRxjbomKtjQYwPu32K1T5JtrwMpv8Hbvc2JfnSw&key=GVsF7r9rs6Vkawutv4rWPf2iBU6I7wh5U9Otomabyb9I4O2/xsdXx0amaI9wt9sEAqBhYgl/DVs3RURy8EYjVoturM6ALvvAfZjp2gSv29Eu12qAOhdIOQcH//.../H2xpZbilh1cvXXlb1bES2pHNskrTFVkC51Q 1yWIa7nhS4HFatMoKoJ0Fq YANK3aLDZ6eCRbfzh

http://d.likelyaa.com/?ic_user_id=9289&data=jNchSOlHts1pZNio5zgRz0fuq 2Yk86YfrJ4yeRSiEei2PKEQ/XSu0ruaenjRMgJcB6Fy54yn389OI1NLafRwOVaKEK7qovG4kBn2GcjOWpaFtKEXOdC4REYwbwm jeVMBtsxqfTCb0uTheP0a8WkT0Z1wNaU5n6foNxp2ICz0P63WmjubwufpnIvYQ15GTZlMjRf1KP kJSfy3QOvE3SS 8e4j6en2PGPhTbr3WoZz 2TKsiEsSwNrgwY53LBF9YmuWR9sHzl047sIfJkZftlWkbmQcHucVezu4SnVZJ7NXoMJTl2LKb1PQFhfCkeXtfvWIIQCbPgIv gfNzqvE3gNQQLsVoRWZDVI1ICMHKeG9rnAZQ98xFevCVMVXlXv5Rmw/WQJBiKDCfLAQGPJExEA69nznvgB/LHs 5/10FitWIfPuzjfpRtSe/g6EDN43nhPttJiC25LoPhRTwTdVruu/78v36 jIsWY1jxc2gWiGMYWtjZ9R2T EL2DICXdUFxqpaLmTsKIKvWxIReG1uikb8dhfWUDhmPmAh00jJ8SJmbAgZB0c8Z5ZRCEJze1IHIIZwukIuymqOKJUFYeb6YVtbbECZs/NAEBRHBlxg31QozZ8KzX9SMGurFFg4CrrgbkEucP9jujJ0E3bMsD0fg10qT51vcwaX3wE/jKquC8LoCeWspOIg35WTQ4RD5rFxzi1QIy&key=Ley6M5xJcTxJKmLB7ZmJ2YIeLZJTdnUkPTy6RVvuhz7XoJabdj5m2g4jZoST9IZVVHx9fXWNeu15xIKRLrmUuLOpRx87i1alX OYXbeFYBoi3v3kCjSy8tukCB/.../mvtieWBAvBbBFILmmE75qL66r8d JSifDGMT2cwOD4e06XUZBAu55MUfTwZiHMilvpCvDn8QtMQOS Dtuj5WicwkpJ

Remove itunes-12-0-1-26-32-bits.exe - Powered by Reason Core Security