Tag Archives: Tel Aviv

Funnel Connector (Fried Cookie Ltd) – 7% Detection Rate By VirusTotal – InstallCore

digital signature, ,

Welcome! Just wanted to give you the heads up on a file called Skype_Setup.exe that’s digitally signed by Funnel Connector (Fried Cookie Ltd.).

Funnel Connector Fried Cookie Ltd. certificate

What caught my attention was that the download was called Skype_Setup.exe. This might look like an official Skype download, but it is not. If it was an official download, it should have been digitally signed by Skype Software Sarl. Here’s how the authentic Skype looks like when you double click on it. Notice that the “Verified publisher” says “Skype Software Sarl”.
Skype Software Sarl publisher

The problem with the Funnel Connector (Fried Cookie Ltd.) file is that it is detected by some of the anti-viruses. Here are some of the detection names: Application.Win32.FriedCookie.CIRK, Win32.Application.InstallCore.DI and InstallCore (fs).

Funnel Connector Fried Cookie Ltd anti-virus report

Did you also find an Funnel Connector (Fried Cookie Ltd.)? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thanks for reading.

Platform Connector (Fried Cookie Ltd.) – 12% Anti-Virus Detection – InstallCore

Uncategorized, ,

Hello readers! If you’ve been following my recent posts here on the FreeFixer blog, you know that I’ve been looking at files that have a valid digital signature and bundle various types of potentially unwanted programs and programs that works as a downloader. A few days ago I found another publisher named Platform Connector (Fried Cookie Ltd.).

Platform Connector Fried Cookie Ltd. certificate

Information about a digital signature and the certificate can be found under the Digital Signature tab. The screenshot shows the Platform Connector (Fried Cookie Ltd.) certificate. From the certificate info we can see that Platform Connector (Fried Cookie Ltd.) appears to be located in Tel Aviv in Israel.

So, why am I writing about the Platform Connector (Fried Cookie Ltd.) file? Check out what the anti-viruses report about the file:

Avira detects installer_jdownloader_English.exe as Adware/InstallCore.734264, ESET-NOD32 reports a variant of Win32/InstallCore.WX potentially unwanted, K7GW reports Trojan ( 004b61851 ) and VIPRE reports InstallCore (fs) are a few of the detection names for installer_jdownloader_English.exe.

Platform Connector fried cookie anti-virus report

Did you also find a Platform Connector (Fried Cookie Ltd.) file? Do you remember where you downloaded it?

Thank you for reading.

Best Standard (Fried Cookie Ltd.) – 9% Detection Rate – InstallCore

digital signature, ,

Welcome! If you are a regular here on the FreeFixer blog you know that I’ve been looking on the certificates used to sign files that bundled various types of unwanted software. Today I found another certificate, used by a publisher called Best Standard (Fried Cookie Ltd.).

Best Standard Certificate

To get more details on the publisher, you can view the embedded certificate by right-clicking on the file, and looking under the Digital Signatures tab. According to the certificate we can see that Best Standard (Fried Cookie Ltd.) seems to be located in Tel Aviv, Israel and that the certificate is issued by GlobalSign CodeSigning CA – G2.

What caught my attention was that the download was called Skype_Setup.exe. This might look like an official Skype download, but it is not. If it was an official download, it would have been signed by Skype Software Sarl. Here’s how the authentic Skype looks like when you double click on it. Notice that the “Verified publisher” says “Skype Software Sarl”.
Skype Software Sarl publisher

When I uploaded the Best Standard (Fried Cookie Ltd.) file to VirusTotal, it came up with a 9% detection rate. The file is detected as Application.Win32.FriedCookie.CIRK by Comodo, a variant of Win32/InstallCore.WX potentially unwanted by ESET-NOD32 and InstallCore (fs) by VIPRE.

Best Standard Fried Cookie Ltd

Did you also find a file digitally signed by Best Standard (Fried Cookie Ltd.)? Where did you find it and are the anti-virus programs detecting it? Please share in the comments below.

Thank you for reading.

Max Source (After Download Ltd.) – 9% Detection Rate – InstallCore

digital signature, , ,

Hello readers! Just a short post on a publisher called Max Source (After Download Ltd.) that I found while downloading “FileZilla” from SourceForge. Big thanks to Peter for letting me know about this download.

This is how Max Source (After Download Ltd.) appears when running the file:

Max Source After Download Ltd in the User Account Control dialog

To get more details on the publisher, you can view the certificate by right-clicking on the file, and looking under the Digital Signatures tab. According to the certificate we can see that Max Source (After Download Ltd.) is located in Tel Aviv, Israel and that the certificate is issued by GlobalSign CodeSigning CA – G2.

Max Source After Download Ltd certificate

It turns out that SourceForge.net has been into bundling for quite some time. Here’s a blog post dated July 2013 which describes the DevShare bundling program.

The reason I’m writing this blog post is that the Max Source (After Download Ltd.) file is detected by some of the anti-malware software at VirusTotal. Avira detects FileZilla_3.10.1.1_win32-setup.exe as Adware/InstallCore.765232, DrWeb classifies it as Trojan.InstallCore.52, ESET-NOD32 reports a variant of Win32/InstallCore.WI potentially unwanted, K7AntiVirus calls it Trojan ( 004b52261 ) and K7GW calls it Trojan ( 004b52261 ).

Max Source anti-virus report

Did you also find a file digitally signed by Max Source (After Download Ltd.)? Where did you find it and are the anti-virus programs detecting it? Please share in the comments below.

Here’s how the download screen looks like for FileZilla at sourceforge.net. It hints that something will be bundled by saying “provide you some options during the installation process…”

sourceforge downloader

Thanks for reading.

Best Service (Fried Cookie Ltd) – Detected by 9% of the Anti-Virus Scanners

digital signature, ,

Hello readers! Bugging you with another of those Fried Cookie posts 🙂 This publisher is called Best Service (Fried Cookie Ltd). The suspicious file is was named FlvPlayerSetup.exe.

Best Service Fried Cookie Ltd certificate

You can see the Best Service (Fried Cookie Ltd) certificate by looking under the Digital Signature tab on the file’s properties. According to the certificate, Best Service (Fried Cookie Ltd) is located in Tel Aviv in Israel.

So, why did I put up this blog post? Well, the thing is that the Best Service (Fried Cookie Ltd) file is detected by some of the anti-malware scanners, according to VirusTotal. Avira classifies FlvPlayerSetup.exe as ADWARE/InstallCore.Gen, ESET-NOD32 reports a variant of Win32/InstallCore.WI potentially unwanted and VIPRE classifies it as InstallCore.b (fs).

Best Service virustotal

Did you also find a Best Service (Fried Cookie Ltd) file?

Thank you for reading.

Leading Funnel (Fried Cookie Ltd.) – 16% Detection Rate – InstallCore

digital signature, , ,

Heya! I was playing around and testing some downloads last night and found a file digitally signed by Leading Funnel (Fried Cookie Ltd.).

Leading Funnel Fried Cookie Ltd certificate

To view more information about the certificate you can right-click on the file, then choose Properties and then select the Digital Signatures tab. According to the certificate we can see that Leading Funnel (Fried Cookie Ltd.) appears to be located in Tel Aviv and that the certificate is issued by GlobalSign CodeSigning CA – G2.

When I uploaded the file to VirusTotal – as I usually do when I find something that looks suspicious – 16% of the antivirus scanners detected the file. The file is detected as Application.Win32.FriedCookie.CIRK by Comodo, Trojan.InstallCore.53 by DrWeb, a variant of Win32/InstallCore.VM potentially unwanted by ESET-NOD32 and InstallCore (fs) by VIPRE.

Leading Funnel Fried Cookie Ltd. virustotal

Did you also find a Leading Funnel (Fried Cookie Ltd.) file? Do you remember where you downloaded it?

Thanks for reading.

World Setup (New Media Holdings Ltd.) – 11% Detection Rate – InstallCore

digital signature, , ,

Hello readers! Just wanted to give you heads-up on suspicious file I found right now. The file is named ChromeSetup.exe and digitally signed by World Setup (New Media Holdings Ltd.).

It’s possible to view additional information about the certificate by right-clicking on the file, choosing properties and then clicking on the Digital Signatures tab. According to the certificate we can see that World Setup (New Media Holdings Ltd.) appears to be located in Tel Aviv, Israel and that the certificate is issued by GlobalSign CodeSigning CA – G2.

World Setup (New Media Holdings Ltd.) certificate

The problem is that ChromeSetup.exe is not an official Google Chrome download. If it was, it would be digitally signed by Google Inc.. Here’s how the authentic Google Chrome looks like when you double click on it. Notice that the “Verified publisher” says “Google Inc”.
Chrome Google Inc publisher

After uploading the World Setup (New Media Holdings Ltd.) file – ChromeSetup.exe – to VirusTotal, it was clear that it’s probably better to stay away from file than running it. The detection rate was 11% and some of the detection names were: ADWARE/InstallCore.Gen, Application.Win32.InstallCore.DR and InstallCore (fs).

Since you probably came here after finding a download that was digitally signed by World Setup (New Media Holdings Ltd.), please share what kind of download it was and if it was detected by the antimalware scanners at VirusTotal.

Thanks for reading.

Setup Delivery (Fried Cookie Ltd.) – 21% Detection Rate – InstallCore

digital signature,

Hi there! Just wanted to give you the heads up on a publisher called Setup Delivery (Fried Cookie Ltd.). By looking at the certificate we can see that Setup Delivery (Fried Cookie Ltd.) appears to be located in Tel Aviv in Israel.

Setup Delivery (Fried Cookie Ltd.) certificate

So, why did I put up this blog post? Well, the thing is that the Setup Delivery (Fried Cookie Ltd.) file is detected by many of the scanners, according to VirusTotal. Avira names installer_jdownloader_English.exe as ADWARE/InstallCore.Gen7, Comodo classifies it as Application.Win32.FriedCookie.CIRK, Sophos detects it as Install Core and VIPRE classifies it as InstallCore (fs)

Setup Delivery virustotal

Did you also find an Setup Delivery (Fried Cookie Ltd.)? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thank you for reading.

Dove Source (Fried Cooke Ltd.) – 4% Detection Rate – InstallCore

digital signature, ,

Hello readers! Short on time today this weekend, but I just wanted to give you the heads up on a publisher called Dove Source (Fried Cooke Ltd.). The signed file was named Skype_Setup.exe.Dove Source Fried Cooke LTD cert

 

The certificate is rather new. It is valid from the 5th of January 2015. According to the cert, the company is located in Tel Aviv, Israel.

The problem here is that if Skype_Setup.exe really was an installer for Skype, it should be digitally signed by Skype Software Sarl and not by some unknown company. Here’s how the authentic Skype looks like when you double click on it. Notice that the “Verified publisher” says “Skype Software Sarl”.

Skype Software Sarl publisher

The issue with the Dove Source (Fried Cooke Ltd.) file, in addition to using Skype’s name, is that it is detected by a few of the anti-malware scanners. Here are some of the detection names: ADWARE/InstallCore.Gen9 and a variant of Win32/InstallCore.UN.

Dove Source (Fried Cooke Ltd.) virustotal

Did you also find a Dove Source (Fried Cooke Ltd.) file? What kind of download was it?

Thanks for reading.

Dove Delivery (Fried Cookie Ltd.) – 11% Detection Rate – InstallCore

adware, digital signature, ,

Hi there! Was looking for some downloads to play around with and found one, signed by Dove Delivery (Fried Cookie Ltd.). The file is named FlvPlayerSetup.exe.

You can look at the Dove Delivery (Fried Cookie Ltd.) certificate and digital signature by looking under the Digital Signatures tab on the file’s properties. According to the certificate, Dove Delivery (Fried Cookie Ltd.) is located in Tel Aviv in Israel.Dove Delivery Fried Cookie Ltd

So, why did I put up this blog post? Well, the thing is that the Dove Delivery (Fried Cookie Ltd.) file is detected by some of the anti-virus scanners, according to VirusTotal. Avira reports FlvPlayerSetup.exe as ADWARE/InstallCore.Gen, DrWeb reports Trojan.Packed.29923, ESET-NOD32 detects it as a variant of Win32/InstallCore.UQ and VIPRE reports InstallCore (fs).

Dove Delivery (Fried Cookie Ltd.) virustotal

Did you also find a Dove Delivery (Fried Cookie Ltd.) file? What kind of download was it? If you remember the download link, please post it in the comments below.

Hope this blog post helped you avoid some unwanted software on your machine.

Thank you for reading.