BicycleDownloaderInstaller.exe

Bicycle Installer

Bicycle Corporation

The file BicycleDownloaderInstaller.exe has been detected as a potentially unwanted program by 5 anti-malware scanners. The file has been seen being downloaded from dll513.yourfd.net and multiple other hosts.
Publisher:
Bicycle Corporation

Product:
Bicycle Installer

Version:
1, 0, 608, 1

MD5:
ff518b3fa07e2580bfe6cff9c96b39b0

SHA-1:
f203e68827f20550fce6e581e7499ea49526005f

SHA-256:
ec91d4a485dfe930a135422b6719a58b2a66a91187933e0be65bc25243ecfcb5

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
11/14/2024 9:05:59 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.Win32.ExpressDownloader
4.0.3.1541

ESET NOD32
Win32/ExpressDownloader.K potentially unwanted (variant)
9.11410

Fortinet FortiGate
Riskware/ExpressDownloader
4/1/2015

McAfee
Artemis!FF518B3FA07E
5600.6808

MicroWorld eScan
Gen:Variant.Mikey.10506
16.0.0.273

File size:
3.8 MB (4,007,424 bytes)

Product version:
1.0.0.1

Copyright:
Copyright Bicycle Inc (C) 2015

Original file name:
BicycleDownloaderInstaller.exe

Language:
English

Common path:
C:\users\{user}\appdata\local\temp\auvss6oiml.tmp

File PE Metadata
Compilation timestamp:
3/30/2015 12:27:37 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:jVaADv0Ae0fQY469s1DPye+EC5leRNgB9sbvjiOoN0v9u+aYZv/vM4Ow+D/aX9zt:j0gv1e0fpe+xj6bvt9PTZHUVnDaa1O

Entry address:
0x8B7FD

Entry point:
E8, AA, C6, 01, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 50, DE, 4E, 00, E8, 4D, E4, 00, 00, E8, 9A, B2, 00, 00, 0F, B7, F0, 6A, 02, E8, 3D, C6, 01, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, EC, 1A, 01, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
796.5 KB (815,616 bytes)

The file BicycleDownloaderInstaller.exe has been seen being distributed by the following 7 URLs.

http://dll513.yourfd.net/j5GiRWOdukJrwaFeftejbmjdpypr7et7Jv37O2n10Gcs 9xvG nZYgCnmD1DvMxSHuzBUgfV3xtXlokBX5peGlrRNlE2gmgdIJ1uID6BYeZzxDPkPml64Gs1O/s e377MX9RqhZ4TPoCZ0P6HjZSzAM6QcMBf1rEA0pJ3QMVEf9YXiDW7m8q1 9XJuDkV2zzqEgxtM0pKfaudnP rHhP4a91S WXYU uxwsFvtkwTNSZORbfhgEf3IVSTd2PULHCjlq1xPRJvJqjRr2a kGgJbsdqESapvVs6 HzKbnp1S7vqtVljfTceJLLxHvXqpdRj/.../4VlLqk=

http://dll513.yourfd.net/j5HjQ3GN A80g/QJOYvicCjPoCV7pOR6JvTufyv7xyN/vpE5R6K2MkLp3nleqpAFSLWWOEaZiQ4L1cxJWYRoEFXRNFE2lHokLpt C3eMeeYvmGbpN3Q36DlpO/s e37wMXlL4xBpFNIoMl/6C3RuwAJ1VswtTlaWRgJJywl3KMNDHXSArAJ5i6gGdZG7C2jl 10Kr/MzMfahczisonwAtal/U eQZVHrl2Rb75luSNbPOUfX11BA2pARHNL5IKef2VHgmeQT6I/.../Dx4kbycnxUM Z9ABnhvgNZIL5Ww==

Remove BicycleDownloaderInstaller.exe - Powered by Reason Core Security