Install Service (Fried Cookie Ltd) – 11% Detection Rate – InstallCore

Welcome! If you are a regular here on the FreeFixer blog you know that I’ve been looking on the certificates used to sign files that bundled various types of unwanted software. Today I found another certificate, used by a publisher called Install Service (Fried Cookie Ltd.).

Install Service Fried Cookie Ltd certificate

By examining the certificate, we can see that Install Service (Fried Cookie Ltd.) appears to be located in Israel. The certificate is issued by GlobalSign CodeSigning CA – G2.

The problem here is that if Skype_Setup.exe really was a setup file for Skype, it would be digitally signed by Skype Software Sarl and not by some unknown company. This looks suspicious. Here’s how the authentic Skype looks like when you double click on it. Notice that the “Verified publisher” says “Skype Software Sarl”.
Skype Software Sarl publisher

The scan result from VirusTotal below clearly shows why you should avoid the Install Service (Fried Cookie Ltd.) file. It is detected under names such as Adware.Win32.InstallCore.OM, Application.Win32.FriedCookie.CIRK and InstallCore (fs).

Install Service Fried Cookie Ltd. anti-virus report

Did you also find a file signed by Install Service (Fried Cookie Ltd.)? What kind of download was it and where did you find it?

Thanks for reading.