App Setup (Fried Cookie Ltd.) – 7% Detection Rate – InstallCore

Hello! Just a short post before I call it a day. I found yet another file that bundled a bunch of unwanted programs, and the file was signed by App Setup (Fried Cookie Ltd.).

App Setup Fried Cookie

It’s possible to view additional information about the embedded certificate by right-clicking on the file, choosing properties and then clicking on the Digital Signatures tab. According to the certificate we can see that App Setup (Fried Cookie Ltd.) is located in Tel Aviv, Israel and that the certificate is issued by GlobalSign CodeSigning CA – G2.

App Setup certificate

The problem here is that if mozilla_firefox.exe really was a setup file for Mozilla Firefox, it would be digitally signed by Mozilla Corporation and not by some unknown company. Here’s how the real Mozilla Firefox download looks like in the UAC dialog. Note that the verified publisher is Mozilla Corporation.

Mozilla Corporation real firefox

Adware/InstallCore.A.530, InstallCore (fs), a variant of Win32/InstallCore.SX and InstallCore (fs) are some detection names according to VirusTotal:

App Setup virustotal report

Did you also find a App Setup (Fried Cookie Ltd.) file?

Thanks for reading.