winrar-5-20-32-bits.exe

Application

Deliver.com (Fried Cookie Ltd.)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application winrar-5-20-32-bits.exe, “Application Setup ” by Deliver.com (Fried Cookie) has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The installer is marketed through download protals and search ads as WinRAR archiver but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Deliver.com (Fried Cookie Ltd.)  (signed and verified)

Product:
Application

Description:
Application Setup

MD5:
b61b0ab7f9de8b32e9ecd9f16260bd10

SHA-1:
d1b9e66047c8397e001ebe6ce358b4ff9954d8c7

SHA-256:
b4ad6bbbfd7634294ed6f2168f4dbc7029f103ed32d2ef88e4100d7d8090025f

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/26/2024 7:21:56 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/InstallCo.zkz
7.11.205.246

AVG
Generic
2016.0.3212

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.15131

Comodo Security
Application.Win32.FriedCookie.CIRK
20898

Dr.Web
Trojan.InstallCore.32
9.0.1.031

ESET NOD32
Win32/InstallCore.UQ (variant)
9.11097

Fortinet FortiGate
Riskware/InstallCore
1/31/2015

G Data
Win32.Application.InstallCore.DI
15.1.25

IKARUS anti.virus
AdWare.InstallCo
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.193.14811

Malwarebytes
v2015.01.31.07

McAfee
Artemis!B61B0AB7F9DE
5600.6868

NANO AntiVirus
Riskware.Win32.InstallCore.dlayph
0.30.0.65070

Qihoo 360 Security
HEUR/QVM06.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.ironSource
15.1.31.19

Trend Micro House Call
Suspicious_GEN.F47V0128
7.2.31

VIPRE Antivirus
Trojan.Win32.Generic
37100

File size:
766.3 KB (784,672 bytes)

Product version:
4.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\winrar-5-20-32-bits.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
11/14/2014 10:12:20 AM

Valid to:
11/15/2015 10:12:20 AM

Subject:
CN=Deliver.com (Fried Cookie Ltd.), O=Deliver.com (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112157EDEEF1A59AB086421EA4B8BBEC42ED

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:Xa5pTZe5t4NVgIPEs5g0Cihho8oFpxgcDFz/RFHLIzAWkDr4/aI4vVVxz4:Xa5NZe5toEs5guhoxFRR/RFH0EDr454e

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file winrar-5-20-32-bits.exe has been seen being distributed by the following URL.

Remove winrar-5-20-32-bits.exe - Powered by Reason Core Security