Safemode Install (Fried Cookie Ltd) – 9% Detection Rate

Hi there! Just a short post on a publisher called Safemode Install (Fried Cookie Ltd) before going back to some coding on FreeFixer. The file is called chrome_setup.exe.

Safemode Install Fried Cookie Ltd certificate

By looking at the certificate we can see that Safemode Install (Fried Cookie Ltd) appears to be located in Tel Aviv in Israel.

The issue here is that if chrome_setup.exe really was an installer for Google Chrome, it should be signed by Google Inc. and not by some unknown company. Here’s how the authentic Google Chrome looks like when you double click on it. Notice that the “Verified publisher” says “Google Inc”.
Chrome Google Inc publisher

So, what’s the problem? Well, some of the anti-virus over at VirusTotal detects the Safemode Install file. Application.Win32.FriedCookie.CIRK, Trojan.InstallCore.844, a variant of Win32/InstallCore.ZM potentially unwanted and PUP.Optional.InstallCore.SID.C are some of the detection names.

Safemode Install anti-virus report

Did you also find an Safemode Install (Fried Cookie Ltd)? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thanks for reading.