home

winrar-5-20-32-bits.exe

Application

Deliver.com (Fried Cookie Ltd.)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application winrar-5-20-32-bits.exe, “Application Setup ” by Deliver.com (Fried Cookie) has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The installer is marketed through download protals and search ads as WinRAR archiver but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Deliver.com (Fried Cookie Ltd.)  (signed and verified)

Product:
Application

Description:
Application Setup

MD5:
b61b0ab7f9de8b32e9ecd9f16260bd10

SHA-1:
d1b9e66047c8397e001ebe6ce358b4ff9954d8c7

SHA-256:
b4ad6bbbfd7634294ed6f2168f4dbc7029f103ed32d2ef88e4100d7d8090025f

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/16/2024 12:36:26 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/InstallCo.zkz
7.11.205.246

AVG
Generic
2016.0.3212

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.15131

Comodo Security
Application.Win32.FriedCookie.CIRK
20898

Dr.Web
Trojan.InstallCore.32
9.0.1.031

ESET NOD32
Win32/InstallCore.UQ (variant)
9.11097

Fortinet FortiGate
Riskware/InstallCore
1/31/2015

G Data
Win32.Application.InstallCore.DI
15.1.25

IKARUS anti.virus
AdWare.InstallCo
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.193.14811

Malwarebytes
PUP.Optional.InstallCore.A
v2015.01.31.07

McAfee
Artemis!B61B0AB7F9DE
5600.6868

NANO AntiVirus
Riskware.Win32.InstallCore.dlayph
0.30.0.65070

Qihoo 360 Security
HEUR/QVM06.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.ironSource
15.1.31.19

Sophos
Install Core Click run software
4.98

Trend Micro House Call
Suspicious_GEN.F47V0128
7.2.31

VIPRE Antivirus
Trojan.Win32.Generic
37100

File size:
766.3 KB (784,672 bytes)

Product version:
4.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\winrar-5-20-32-bits.exe

Digital Signature
Signed by:
Deliver.com (Fried Cookie Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
11/14/2014 10:12:20 AM

Valid to:
11/15/2015 10:12:20 AM

Subject:
CN=Deliver.com (Fried Cookie Ltd.), O=Deliver.com (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112157EDEEF1A59AB086421EA4B8BBEC42ED

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:Xa5pTZe5t4NVgIPEs5g0Cihho8oFpxgcDFz/RFHLIzAWkDr4/aI4vVVxz4:Xa5NZe5toEs5guhoxFRR/RFH0EDr454e

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file winrar-5-20-32-bits.exe has been seen being distributed by the following URL.

http://d.downloadsfilesnow.com/?ic_user_id=853&data=ECj sKjj71YdYg1HIQQjazuH6JlzLa Zcej833ndKuTu8PP4vLhPIyzSeJjUn6fStga9uPJU3NMlcfBK3I2Ru0VAo9GssQsX69o2DDq5BwR5VQ3dLrMnw32Y9lF4aMHwheQ9ywEELCzCD87O/OfZBgO7YHYOvUG5v8zOS6gISgioOndTf2i2I34qXuxBXL2RZnJ418m kTT EdxzPA2gckbGFNLv7Nxax8D pSucI9sskuDMGSm7ZPDBu ZjA9/e0kmT6sfaa072OasWGgojXIwXvozl25YX nHR2h64gtu3L3Tz9n52yn ufUscdCcmE5gGhjL1CxS3F7HmqGnEhc6YJG1uiOi gE9S4U9ula2Z6nkcstHlndk2853HuHYPUrXSNu90ohNag4j5VCpN0lypXrvPwob6hvLSy3SQdd84aI ci8At i19w9QAv/mgbMr/VMA6CQdIyr2zX1iSXjnPL1ZcOtzPttc77JsEwt1rdR5 O4KXKgS2P3LEMW1jIXPZz1Qn3mUO7eGnHN 5O52lM3QOgTumNu6GcFDoqVysDOHlUAEfvREJwnxqfCMDizUEVLe3T4nl9oewocwa7d6sedZNVKL5 qCNmqoyBzTS9QnixYWbmjAoogXrXFQp0noe69UwF7CVD1D Sy6rUEdHtYDL3GuCywb1Mkp ugw3SCp0E/ sgKSXvDtC27aOD0zAhkzwxED6Ap EFfZMz7l7qg==&key=qaq8mvKXNTrgrs AkrpVQ31vfi/Ut6jrFQNGonbjGO78ptVRna B8uEawMGpFfVSixh2e1p5x/yASGrofkxXDDDuOCKNnU603MYcyEP2FKDowsRT2Iny/.../44va4Y7i30LEIpn9KtVt1OSjrUc6Ljx GU0CYGEsDVW

Remove winrar-5-20-32-bits.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.