java-portable-6-update-26-32-bits.exe

Dove Delivery (Fried Cookie Ltd.)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application java-portable-6-update-26-32-bits.exe by Dove Delivery (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The installer is marketed through download protals and search ads as the free Oracle Java Runtime but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Dove Delivery (Fried Cookie Ltd.)  (signed and verified)

MD5:
0ae069c53b5e39e5f5cd48b8d8bfd5c3

SHA-1:
93a8be7255dce05eaee152dd9cf28641d3fb4201

SHA-256:
dbd6058866df3db52249abe3e8e0f64df544541746232f2e4de3703202f935f2

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/26/2024 1:50:26 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.FC (M)
16.12.25.7

File size:
699.4 KB (716,160 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\java-portable-6-update-26-32-bits.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
10/27/2014 10:19:47 AM

Valid to:
10/23/2015 12:56:22 PM

Subject:
CN=Dove Delivery (Fried Cookie Ltd.), O=Dove Delivery (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112137EAE0964D7E3FEF23473D2D8D216639

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file java-portable-6-update-26-32-bits.exe has been seen being distributed by the following URL.

http://d.baixakifiles2.com/?ic_user_id=9289&data=1Iud0JD8Rs5pY0qmUbK6MfZqv4O5OQsiOtWxRHugpBm9/e3Yzy9QcK0Yqcso8h6FZLqIY8MJeNRW4KXzRPcwVN9ac6t3kc6CCoKV28g1VZ/KKgYvCyFhWHUWxOgvo4CDhEeOQEI9AauK7bEHq6Diw2H01DYHg1eKr fpSeKYno9TLhsAKqt4bOMHwYg9NVu7xPTNLiFwtztIWRHvoGzIKBI2izIv IShdotTeldnTWZmoztn1bDCfVu8S/CgJVnuhesOolG1dlWNDomyCh1lcAm/0/f02u3T6La6x5OWhbxNURq7E12oc2Ag8T90KHhpFcUNl/ L7Hsj/eNvEob w09pRf porzO6a3 mFjvwcY8HXqh0sZ4GOYiYK1eoZ3lSCOw5a4pAhM3aKOBMjr 2VCBqqYcOfvAODtXTPdaqIHSYsgzirWM 6Ca/OtwxhwLoJPTGfPD7bRwfKdx sIfl1IWISjYQ13kte5bDXrQ4kVZTukgmFS IXr3LRLfZmmqlDqoUq5Ep6DKhgWPAgh6k cxTORgnS7ad8OprFbUT4XJjeY4sTzyzB63gXQDjIRjjq7AXGmL8BRnxWsK0yyVtIsmwAVeoaF1ly1Qu1ec5ybTDhdrMYyIHbK557AGNsAVuHoTGnA7K25xmijV9BJkUqut5Slk7tFKzYhC/NSkpeSOINf1qlvxC3nG2k4hpeRwKfCOpZ6xvP4bxtg7xaekhkvPuZnR vJ7W0RMDEY5DELrmNg00f2gAcO7ZiMOxGKyYtBsVKHFe5i6&key=JGoe3/.../GVL0gAy75L3h oe1HNrZE1My5ddjRq6315tmcahHPb y2EkwTW0SG0HYMGdp8kRK2N6ik0nobK9FhraGZNy0bsgOT6zWG7j4c6aUyyWEJ0S7JbI7hwP1j3kzNpauvRdIVEP4HBuKfiH

Remove java-portable-6-update-26-32-bits.exe - Powered by Reason Core Security