Hello readers! Just a quick post on a publisher called Smooth Funnel (Fried Cookie Ltd.) that I found while running some tests for the upcoming FreeFixer release. The suspicious file is named chrome_setup.exe.
If you have a Smooth Funnel (Fried Cookie Ltd.) file on your machine you may have noticed that Smooth Funnel (Fried Cookie Ltd.) is displayed as the publisher in the UAC dialog when double-clicking on the file. You can also check who signed a file by checking the digital signature tab. According to the certificate we can see that Smooth Funnel (Fried Cookie Ltd.) is located in Tel Aviv, Israel and that the certificate is issued by GlobalSign CodeSigning CA – G2.
The problem here is that if chrome_setup.exe really was an installer for Google Chrome, it should be digitally signed by Google Inc. and not by some unknown company. This looks very suspicious. Here’s how the authentic Google Chrome looks like when you double click on it. Notice that the “Verified publisher” says “Google Inc”.
Generic.763, a variant of Win32/InstallCore.SP and InstallCore (fs) are some detection names according to VirusTotal:
Did you also find a file digitally signed by Smooth Funnel (Fried Cookie Ltd.)? Where did you find it and are the anti-virus programs detecting it? Please share in the comments below.
Thanks for reading.