skypesetupfull.exe

Software Installer

Fried Cookie Ltd.

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application skypesetupfull.exe, “Software Installer Setup ” by Fried Cookie has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
TeleCharger  (signed by Fried Cookie Ltd.)

Product:
Software Installer

Description:
Software Installer Setup

Version:
1.0.5.a0.1_32723

MD5:
7845cadf14c7acf26fd2c421ba1f13bf

SHA-1:
ac4f527428fd99da1c3cfb784183f97597cbaab4

SHA-256:
13ff158fb0b3258a9ce2fd944eb5db6ce31d39d708ff916acea8f1fad1c8a226

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/25/2024 3:12:47 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/InstallCo.zlj
7.11.206.130

avast!
Win32:Malware-gen
2014.9-150701

AVG
Generic
2016.0.3062

Comodo Security
Application.Win32.FriedCookie.CIRK
20939

ESET NOD32
Win32/InstallCore.UZ potentially unwanted (variant)
9.11112

IKARUS anti.virus
AdWare.InstallCo
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.193.14838

McAfee
Artemis!7845CADF14C7
5600.6718

Reason Heuristics
PUP.installCore.FriedCookie.Installer (M)
15.7.1.0

Sophos
Generic PUA KM
4.98

Trend Micro House Call
Suspicious_GEN.F47V1230
7.2.182

File size:
687.9 KB (704,408 bytes)

Product version:
5.4

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\nouveau dossier\skypesetupfull.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
12/24/2014 1:00:00 AM

Valid to:
12/25/2015 12:59:59 AM

Subject:
CN=Fried Cookie Ltd., OU=IT, O=Fried Cookie Ltd., L=Tel-Aviv, S=Israel, C=IL

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
7AF7564936A3976396DE017B6EDADD0D

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:vzFaWHueMd15N363qMeqIUy0xOpSKd0ZsC0Pl90t8dtHFOcix4idOlKeAcLpiI:vzFzOeMmdoqxOpSKd0Zb0Pr88dtbE3Od

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file skypesetupfull.exe has been seen being distributed by the following 6 URLs.

http://d.telechargerhosting.com/?data=PvFH037v9vZRn9bOzriUFeASo/ftWp3l2mfN3mgznxpCcA1 cPrdLH3LASm6srC/u1QqsmSyC6DbdGmv737wkot54WaLOrT0TU2t0JJySfZHOo63G1HC9jUs9njqSyF7pe8J33i7f5 uP eCUxxRhWoHaemX2wk589bq2rovOJDmR5HHbk2C0JO/E 6r4dR58qPuwhNW2L61Y6jUI6SLQN21QH0wcdnoE94nc9Tst33LD8RGOgassqvKeJADooKTkov3 3haiY022qaQEERVzsZyBR3CzI49zJ4nrhVjD 7KbbEgdSJVBYoCxcMEVW57N4xwY2gj6uGcBawtgNQQesxBh6o1i4sVxhdjEcYjjJtdR02nZBGaNrizw7DyjEqbixPXNoJKbvROGqSrwQ/K1jWbxaJKgI7Deqeq5Xicyxd8JbiLbS0G5K2QyoReZeAK6ci7nhzVW0lAQkGVYSNMmo4RHbXMDJrP256kaAiF9tFau8kTWeKJl3O9g8pEcep5UhvRRWhqCQRWT3YMcM8kvTA=&key=HVO39q/OzgKptBMG/kSwtA Fwb48a tAYJPl3x5y4FJ zoHc3fw/MvND8M0Wx0ji5MI8g Y8wZQVcqxi7BvdrEfCD9PWhJdjusWCnhifxMtrF3 2njPKSfQVCH4atSNvQ8X3J0IZgDIJMWCZourhe0zAp8VqWqdid99Ohv4Peea zGzGijG20NyetyGYR8 47Ivn3C49eP/sWgDUUPI65XzV3/kHp4NpRkBAc8dbMw14Mb/ vzV4hK2x6TTuCIJ4wga6HXknxoCOvgWZ63crx047VaETZh2fFTzypWwJfAKSSWvzGwmsVWB7siCx8sTVbAlXXS8e2XYhDxAiHa1 Ow==&ic_user_id=9257&fallback_url=http://.../325c4af68d6b04ac77426

http://d.telechargerhosting.com/?data=7n6z4bwfdi57gO4A4psZprw7/0nQSlwxNHuBP/XJpfjgU0v/7jylsOXq6y3ZDbOhK1MCAej8 MQaeIzVKlzEnwqcTcOf3VLKMJDtB97jSn lbhJ2aADW0rfWAJL4vvGWmrkci8vBt4Qqovsw9Z g6ubkAwC6dSGLF2nuGFot0zUneJpkMnVjucu7n5QILFdFqYshkVH97Ja9T2VmXi6QPnr FjH6SFY1tN0izxf4EDFHVMchYPWAp as43bpdHwBS9zc7LCDVHA3DwqWFxBFKcaGprsSb5IERZTBKzddQxEv9HCS/ydIzgKDBeABQPIaKoWvFRBO1/m1p9YrKmx0JVUtaxzWUvwNF93uLvmcjJycjOo1H1lI2dc5HgO6rvF/Ym8LvsgRKme7HkdpxRa0sSjwJSOI7CRswffn95Jxu4BBbcPb1yYQC8h5n8qDUSX nqE uyL1cul9QbWxDL6x8g/uSu2zkQzdui7VaABKRMYJvO bwbBVVqpxVXYRfX BTn1sgrd5pbSI1VIBNHAKjKk=&key=PIjQ VP2k3WzFy4arWdhYDmtp5amiGpbbCJ6kmtVn/V3 sT8TmuoIL6ZuK3us8g2YIZ vQn2t1vYB/vOYGh2/bws2zIAIJFIobdQDHXtNcec079d4mQ0xQvJ4CcfKIqZRAUOFHvkrfRiqsvaWhATlMr1jgEKz7R1DSQbfNDcm/iEKOSaZgEfXZi2 CP8lu/AayuWSIZmKiGuJ03K15z3GgpqHoM30Sey0OSBPv8fpnMfzC7FeY1CrYBiW2Qc11siwY43A NPWhvC74hwryQiWjQyW1hT0lIJgeGxtggXOC9xLi/6n0jO2ljd D0aPxB2d9/ltA1Vm5XyyKESp1DfQg==&ic_user_id=9257&fallback_url=http://.../325c4af68d6b04ac77426

http://d.telechargerhosting.com/?data=U9ooztkQ5xU3josbEkp Ne77E3Gqb3PikbuI4ZvWavm2yem2V/l3 8nALHCMbTiPpMSN0CoZPFyq WjTZng8f5pMq3Dc3 V3WMQprruj2Hrg1Zt7sRhEPJnfJdsvSvcVU/hlQhlz8I28GXZayuZpror/UPCi18YWw1udHE6XNTyXNDkmTEyB2zmMBJLJrjNd/1iMZNrMKaaUPJoJM0dDwzUHHzuC2ZN3A9PlyWPv0RitTIDxZNqszp/bC2WdD2UjhmKmVLtdpYZg JXphs5WBkzXZPwArJbJSpRIvcNq6vt5HDslVw 4R8t0lINhoulpVXsBk0s/acIiO/0bSEOAERNpdizIDIcmWkLwl8eBqEG1MBAj2mjIifxm yfibaJocMwZ4ex/QqjIYWSfx4kwuX itvay8O5tsu57dJ8EHaF94rR85pfynV6x /zexzQq0p8RkPbac/5aZXzVKN8kjLKglVB69Rrntf7GHf2qLLaZWHvv7AApagBNy0A6PZBx8nQf4MZMGB16t0L RiHG4=&key=Dn8sWpauOzgppiriqpMgVC6acQm7bQVhKg8lr0364OVwOspFMykKuuWUtX60qLY6TALsyX6GjASsVtPPTEIrRznYa 14WOJZ7mGkyQ3qAVD WjmsG8tNPGyzashW5mIykIw6sHIQjXnjbq07KwU7ToIUWxbHphC7ZY2TsriAzD8FS Zt PHwkZm63xDA4uDGbUq/PqPHmKoRfLTvx8vStUpKB5M5RwP7l D2qF6NxzlKT2CAIPjzddW99BF3vhP49/jcqUA1bU96bn2YmfJyUPg8ygYz76 YMC36yyssaasak8DTT3/IyZBNS08N4FYgK6y5r2lmSDv4RXP64etJLQ==&ic_user_id=9257&fallback_url=http://.../325c4af68d6b04ac77426

http://d.telechargerhosting.com/?data=1H7JxtOm1AUYV6GlG2r88b/uqgY2fuNyRgNI3CW8yqeI qxMdkZVqX4FRt1pVWGlf2ai/TmksQpRyvWWuuzuLn33w4yoBCVctBYbQpYkhZm9UptosBjVQmQSdTbjubApBaih6cmh/hS8GClDusncyHpZ6dmoaY1TNycASB54RclBdgyEXnSG pjQj/nCG36RxiZtPqufok QJJi5x1IXErCJPvvz ie2ZqKUNaOrUtv5xM4LM4yV0ysyFzqpZTIVW0cqkEYYAqlzPSd07ITPOLQLowv9BZb/c5MVwJKB3qJ3geQ/lLmuOy12pmqZINXHN7w CldPzf4G4Xwgf2D9FUa0F03riihtBzqVkefqoPUc3UobizU5KBavFji 9sP/q03uzQzxGJx2ggllnw gwsQTyb/9wUH/RjqdO8FhZT nbmCCgkqpOK6ZAF7ozDl5w gXp9tVEVluBv4LozOsLNOL4e7zKMEHuyuqV7BK2ghEE1ZhI520hclvvBo0zsOcrvAlLu504tDIYzUwZ7qZA=&key=rkMdV1n1mknLfz2iejZdB9x jT8HM/b4CSYo2o4heTJaXyVx5oPa1BplhmjY/WrEsRaJmxcNT7zjCM2qADjW9dLkp8sY24ngSckFFBOi0Z5cFphcLUwyEv5Q3aCqYCyGvMJffDkMLT ucuFTAWfzyIP3K2k77iLaiDX1qo5E cbc5aMWUpGwH9ybmGVst80gt4SZ9j/lp1OG/QxKl4Ao IgRvITw90vblDZDTufRtoOdkPI/Hu5TqIMSNfbP7OEQKwRSqcP0pxzjsFIZ6AgPIKz04cDbFeeA4OCSfs7sQVQJatAX2YzPzOo43Kq6Fg1dDQRpg05 ArqMuwZp4IfgmA==&ic_user_id=9257&fallback_url=http://.../325c4af68d6b04ac77426

http://d.telechargerhosting.com/?data=5orXwJt70bTRTQHpHdZHrcueEwYFxn7etpO7TesclhqVcUlVF1a/qBw/7k5LLdZUvi4/scEpPXly0qxqHclWfWznd5wzDQ0HwG28MVlzLjUMrJ2HXwlci55wE/2uqP6B9fjQElcHtn0vV2vfZY9l9njHPvyy7vsbH4arzdmG2PYEoc4V1LTmmM36a2RzCLYhon f6HQX/DNqlyDtNtjAN 6tVdAFeKRAdTocBBX42O9PPbFBTL9PcAMowmxdisUlMG 2VFVr5wGAjV8xHw hc5lOqevpKijyCeKrkpA5BjAROJs3O5 LpwHWNGJQfqyhcE0V6pwPB48OOc57qPFMrkAnefECFhJ/dUHDoxpAVLTXCiD5sH/xCyO9M80sRDgqfB7iWEaAc5cKGj10kW1u0Q3exw8gRHD97tPLwllg1woiMzcPWteYwVStaAmelWtr4qC3jg6PGkYsJxIZVFye7J9TAg/AnhhO4XcahWNgHOPpbIMHzapKg2wsg1N2kwmsrtIjw8hPzetVgQYUnSza7g=&key=YcuJgecHpq2ZW1NxH0dQ f2E J3IgcVWsXfSNRFAkt3TJYEpC4ZMUZxSUbzeT3ahe5XEueIzwrj Ti67N1SdjFpelibgbvZ0AWOXTzlOkRIlhf2T8Cy/ep3BF90n6rmEyJ/wDHDIGmdNzgXQZaFq7ShJCpg9NmsEnP3yrQA39PCpEdINbfjDE9X17hXcwNz185/6 Q6hF7uXe2MJkc5rFiJ0gpuKUxJrudP8BzGKtglvn6E5CqizM/vizfnVau jYilriQmCcw4WyJKEmdTluOAfFzyH5Muqyz/IvmQtjSb8Bgr4TEssFOW4c3x2ShTOC5AsIHnHGw3AKgvn6kYZA==&ic_user_id=9257&fallback_url=http://.../325c4af68d6b04ac77426

Remove skypesetupfull.exe - Powered by Reason Core Security