home

winrar-x64-531pl_e

Getub

Mode Beta (Fried Cookie Ltd)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The file winrar-x64-531pl_e, “Getub Setup ” by Mode Beta (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Mode Beta (Fried Cookie Ltd)  (signed and verified)

Product:
Getub

Description:
Getub Setup

MD5:
d12adf94523f9a25aecf8f7e398c9366

SHA-1:
57b0acd9cbce5cc3af92307406d503aa78042bed

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/15/2024 9:34:39 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.FC.Installer (M)
16.2.29.16

File size:
1.1 MB (1,103,152 bytes)

Product version:
2.0

Copyright:
Application

Common path:
C:\users\{user}\downloads\winrar-x64-531pl_e

Digital Signature
Signed by:
Mode Beta (Fried Cookie Ltd)

Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 2:37:06 PM

Valid to:
7/7/2016 6:06:18 PM

Subject:
CN=Mode Beta (Fried Cookie Ltd), O=Mode Beta (Fried Cookie Ltd), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112172B4C29D53526C8AFAEF1C4F6265E881

The file winrar-x64-531pl_e has been seen being distributed by the following 10 URLs.

http://www.conceptsmetatag.com/c?x=ur8Wh8fXZ2qZfy0WFP0tZu0EXxH7B3MFjXOCA7AAsQ8=&c=QQR4aZ1vAerXCQ1Tcp50FgXmXWMxTBmSCH63DJbjqY8AsTVNtkLVn7j hjX2lC oIqcuebRKIZ0t66YeAHjAyZB cnt1aRAvLY/gxWKJ4KFznu62SUx5iHPDXF8NWI4W&fallback_url=http://www.rarlab.com/.../winrar-x64-531pl.exe&downloadAs=WinRAR-12398-dp.exe

http://www.giftcontenttown.com/c?x=XhiG3UdSnXCIQBNrEghtMTPW2MzhiUdIX8gfTtAwReg=&c=B208Xe/ZQQ6s8/lRtnSBDB aptFXR6U5E1IXidSOeKv8mjxbtBYPZN9IyPLUt3UF8opw3v1A2Xq4fA0bPvQvQ/aLI5etyUAXVhRdMmbBi4 tIC7gYLKQBq8pYyC35TdG&fallback_url=http://www.rarlab.com/.../winrar-x64-531pl.exe&downloadAs=WinRAR-12398-dp.exe

http://www.townfilesdownload.com/c?x=1UAXOcpAqG/hveWomul097 T2yE7Y5cROu SdadoHvc=&c=6bmjGvfxv8RgcK7e6dBUUw0wdOGpErnkm5Ld17SZzwteiJ9QwRSaV59kmLf/oKm/UFFU/FLvM8x/f7PRlVIyUwQI/ZeteNWcoA6Vg6xwaV7AMSWBhhjIyLu0B6JO3i0o&fallback_url=http://www.rarlab.com/.../winrar-x64-531pl.exe&downloadAs=WinRAR-12398-dp.exe

http://www.newmegatowers.com/c?x=JYLxnAR0BzEgT/ZxOgWzlWoe17zjC4alKhgjjAIn3MA=&c=P49h13f2wyQyp65KG6v6ltpaiHSTHaQ/nvFG8jzLjdNbjxoG8RNHhSd SWpW7Yfk4Cj9hTHadx/7d3jwLEX4G08TiIZMXcfB9zTtRDKFB4sktunv2 vHbq/B7 BUATXn&fallback_url=http://www.rarlab.com/.../winrar-x64-531pl.exe&downloadAs=WinRAR-12398-dp.exe

http://www.repositorysharefarm.com/c?x=nYrwBUVQhS4W3i/5AMauUsv40DW8NCwD6FoKCH50FwI=&c=FrA8I2spdez9u0EJxFpISU6yU1DjsbAKqV0mrUVzdzJpLXHSSUnGmLrSrLdpm3hhCyv2H6C2KAR1Bj8F1W5iQ8ZB0JhB2W3Tm 4Z5gOHhGYBkgwckuA0sVUYom6tXTmr&fallback_url=http://www.rarlab.com/.../winrar-x64-531pl.exe&downloadAs=WinRAR-12398-dp.exe

http://www.vaultfarmbits.com/c?x=BgPuQ3/jRMAqGYmBXoW/or9x9LsvShJl5i LyHBnl10=&c=k07wBmJoJd0 0JTgBztJvjHhl/1x/qEcOK6twt5WIgrQTpqJrjpfiITOHJ5/s8On8XlM2SVfVbifus1ekVveV6whRGUwBq0YBTtsTEW36f35DiKBjfJaXnfNuFbrDKA8&fallback_url=http://www.rarlab.com/.../winrar-x64-531pl.exe&downloadAs=WinRAR-12398-dp.exe

http://www.presentapplicationranch.com/c?x=fk6c7CIWPAC BHBz2BSKR6vXQLLIdbD1QoNZNI3XX6M=&c=/3edjkoT9TciSExUvW9ri4rfnfyHFvEe aXVVjSOWjgrgkx4/X lbMI3vnoBc6OEWNoSicUAdV6iQTicyMSaxst5wwfjaYvW38nk6oIsDMWZpQbo2olGH7hDjdJ42WUH&fallback_url=http://www.rarlab.com/.../winrar-x64-531pl.exe&downloadAs=WinRAR-12398-dp.exe

http://www.vaultfarmbits.com/c?x=S8rpViKzdd3HCAiBi qIwZdJU1CDUmWNIvZ1ObLj2BA=&c=gDwOzUc5hg5le5kqxoCRYIIMim3Ls7i6qpn2gyxdBxluVqwjOjB99FLupE0Jvc0CeoWNCV9rPiYijkoL8hT6ioYRKghq3yWOnNIxa zo11ayhS957VR0wfpmuE9ImdA1&fallback_url=http://www.rarlab.com/.../winrar-x64-531pl.exe&downloadAs=WinRAR-12398-dp.exe

http://www.repositorysharefarm.com/c?x=OyiKk93RXv2nJQH4TjWAEhdsxjupm52hYSlk7qH7Ul4=&c=FCqYarSqTnM7b/U7ZTDj4u4rHg5QMsIuBhQ7 7fUT94hXTLSQwYKd8wHarCMdJpq Ylv dxAdwjZG wr43EcpBIYB2UYeXMOYTbasArrStNBozJE7bSvatx8EBM68tX7&fallback_url=http://www.rarlab.com/.../winrar-x64-531pl.exe&downloadAs=WinRAR-12398-dp.exe

http://www.vaultfarmbits.com/c?x=cioGRoJlI8zaUUbVk5Ufyq5xS3G3D6pYguE PHFFM80=&c=kPtCGiZ9dgcBm/GeW89/VvDt3/9CFhvczDjGFcdM0Dupna1epl1fhVCxRWj/Zm0000hiSZvkZ23tlDDJta0hLJ4qpJACnB8ltr1TUehoBEXtUmOg ePzWj8zuC9CbZjb&fallback_url=http://www.rarlab.com/.../winrar-x64-531pl.exe&downloadAs=WinRAR-12398-dp.exe

Remove winrar-x64-531pl_e - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.