Smooth Funnel (Fried Cookie Ltd.) – 7% Detection Rate – InstallCore

Hello readers! Just a quick post on a publisher called Smooth Funnel (Fried Cookie Ltd.) that I found while running some tests for the upcoming FreeFixer release. The suspicious file is named chrome_setup.exe.

Smooth Funnel publisher

If you have a Smooth Funnel (Fried Cookie Ltd.) file on your machine you may have noticed that Smooth Funnel (Fried Cookie Ltd.) is displayed as the publisher in the UAC dialog when double-clicking on the file. You can also check who signed a file by checking the digital signature tab. According to the certificate we can see that Smooth Funnel (Fried Cookie Ltd.) is located in Tel Aviv, Israel and that the certificate is issued by GlobalSign CodeSigning CA – G2.

Smooth Funnel Fried Cookie Ltd certificate

The problem here is that if chrome_setup.exe really was an installer for Google Chrome, it should be digitally signed by Google Inc. and not by some unknown company. This looks very suspicious. Here’s how the authentic Google Chrome looks like when you double click on it. Notice that the “Verified publisher” says “Google Inc”.
Chrome Google Inc publisher

Generic.763, a variant of Win32/InstallCore.SP and InstallCore (fs) are some detection names according to VirusTotal:

Smooth Funnel virustotal

Did you also find a file digitally signed by Smooth Funnel (Fried Cookie Ltd.)? Where did you find it and are the anti-virus programs detecting it? Please share in the comments below.

Thanks for reading.

3 thoughts on “Smooth Funnel (Fried Cookie Ltd.) – 7% Detection Rate – InstallCore

  1. Internet Explorer on opening tells me that Adobe Flash Player needs updating (although I have installed the latest version from the Adobe website). When I clicked on ‘update’ it downloaded a file called ‘adobe_flash_setup.exe’ which was signed by Smooth Funnel(Fried Cookie Ltd). I didn’t try running that file.

Comments are closed.