Welcome! Just wanted to give you the heads up on a file called Skype_Setup.exe that’s digitally signed by Funnel Connector (Fried Cookie Ltd.).

What caught my attention was that the download was called Skype_Setup.exe. This might look like an official Skype download, but it is not. If it was an official download, it should have been digitally signed by Skype Software Sarl. Here’s how the authentic Skype looks like when you double click on it. Notice that the “Verified publisher” says “Skype Software Sarl”.

The problem with the Funnel Connector (Fried Cookie Ltd.) file is that it is detected by some of the anti-viruses. Here are some of the detection names: Application.Win32.FriedCookie.CIRK, Win32.Application.InstallCore.DI and InstallCore (fs).

Did you also find an Funnel Connector (Fried Cookie Ltd.)? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thanks for reading.

Welcome! If you are a regular here on the FreeFixer blog you know that I’ve been looking on the certificates used to sign files that bundled various types of unwanted software. Today I found another certificate, used by a publisher called Best Standard (Fried Cookie Ltd.).

To get more details on the publisher, you can view the embedded certificate by right-clicking on the file, and looking under the Digital Signatures tab. According to the certificate we can see that Best Standard (Fried Cookie Ltd.) seems to be located in Tel Aviv, Israel and that the certificate is issued by GlobalSign CodeSigning CA – G2.

What caught my attention was that the download was called Skype_Setup.exe. This might look like an official Skype download, but it is not. If it was an official download, it would have been signed by Skype Software Sarl. Here’s how the authentic Skype looks like when you double click on it. Notice that the “Verified publisher” says “Skype Software Sarl”.

When I uploaded the Best Standard (Fried Cookie Ltd.) file to VirusTotal, it came up with a 9% detection rate. The file is detected as Application.Win32.FriedCookie.CIRK by Comodo, a variant of Win32/InstallCore.WX potentially unwanted by ESET-NOD32 and InstallCore (fs) by VIPRE.

Did you also find a file digitally signed by Best Standard (Fried Cookie Ltd.)? Where did you find it and are the anti-virus programs detecting it? Please share in the comments below.

Thank you for reading.

Hello readers! Bugging you with another of those Fried Cookie posts 🙂 This publisher is called Best Service (Fried Cookie Ltd). The suspicious file is was named FlvPlayerSetup.exe.

You can see the Best Service (Fried Cookie Ltd) certificate by looking under the Digital Signature tab on the file’s properties. According to the certificate, Best Service (Fried Cookie Ltd) is located in Tel Aviv in Israel.

So, why did I put up this blog post? Well, the thing is that the Best Service (Fried Cookie Ltd) file is detected by some of the anti-malware scanners, according to VirusTotal. Avira classifies FlvPlayerSetup.exe as ADWARE/InstallCore.Gen, ESET-NOD32 reports a variant of Win32/InstallCore.WI potentially unwanted and VIPRE classifies it as InstallCore.b (fs).

Did you also find a Best Service (Fried Cookie Ltd) file?

Thank you for reading.