zipopenersetup.exe

Fried Cookie Ltd

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application zipopenersetup.exe by Fried Cookie has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. While running, it connects to the Internet address ip-50-63-202-104.ip.secureserver.net on port 80 using the HTTP protocol.
Publisher:
Fried Cookie Ltd  (signed and verified)

MD5:
0b22f6caf2d22fae89e3d7703a223cdd

SHA-1:
d9761b7a593bbc3a10195c9466a6785b94fff894

SHA-256:
25201358a02a4ee05c5ee3fa11050a30994e7659aef1e73618f8a19ed195eb6c

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/27/2024 6:42:59 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
PUA/InstallCore.Gen7
8.3.1.6

avast!
Win32:Downloader-VYE [PUP]
150602-1

AVG
Adware InstallCore.MZ
2015.0.4355

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Packed.26328
9.0.1.05190

ESET NOD32
Win32/InstallCore.LQ potentially unwanted application
7.0.302.0

F-Prot
W32/Skintrim.1!Generic
4.6.5.141

K7 AntiVirus
Unwanted-Program
13.205.16253

Malwarebytes
v2015.06.17.03

NANO AntiVirus
Trojan.Win32.InstallCore.cxkwlc
0.30.24.2086

Reason Heuristics
PUP.installCore.Installer
15.6.16.23

VIPRE Antivirus
Threat.4786018
40828

File size:
670.4 KB (686,456 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Common path:
C:\users\{user}\downloads\zipopenersetup.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
5/2/2012 7:00:00 PM

Valid to:
5/3/2014 6:59:59 PM

Subject:
CN=Fried Cookie Ltd, O=Fried Cookie Ltd, L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
3739B9B5702964D0DD4429F69D6595EC

File PE Metadata
Compilation timestamp:
7/2/2001 3:24:39 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:4R4s28ijBGlWwtyrfFOmNnOZb61XeLLLS3cPT5WPyyR60UH1kt5nUj7xk52Sk21P:Xs28ijBGlW5ZOmFOZb6ILLuSJ6qvc+

Entry address:
0x9386

Entry point:
55, 8B, EC, 6A, FF, 68, 90, A2, 40, 00, 68, 06, 95, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, E4, A0, 40, 00, 59, 83, 0D, 1C, DE, 40, 00, FF, 83, 0D, 20, DE, 40, 00, FF, FF, 15, E0, A0, 40, 00, 8B, 0D, 18, DE, 40, 00, 89, 08, FF, 15, 18, A1, 40, 00, 8B, 0D, 14, DE, 40, 00, 89, 08, A1, E8, A0, 40, 00, 8B, 00, A3, 24, DE, 40, 00, E8, 10, 01, 00, 00, 39, 1D, B0, C9, 40, 00, 75, 0C, 68, 02, 95, 40, 00, FF, 15, EC, A0...
 
[+]

Entropy:
7.8533

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
33.5 KB (34,304 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ip-50-63-202-104.ip.secureserver.net  (50.63.202.104:80)

Remove zipopenersetup.exe - Powered by Reason Core Security