{blocked}.exe

Bicycle Installer

Goldencalf LLC

The application {blocked}.exe by Goldencalf has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from dll513.yourfd.net.
Publisher:
Bicycle Corporation  (signed by Goldencalf LLC)

Product:
Bicycle Installer

Version:
1, 0, 608, 1

MD5:
fa90a2df155ba1002a3c145ba8968dba

SHA-1:
0b1ea0b7f6b7e5b65e79d88e3d9a05111102511f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/14/2024 9:25:19 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Goldenca.Installer (M)
16.4.8.1

File size:
4.2 MB (4,439,672 bytes)

Product version:
1.0.0.1

Copyright:
Copyright Bicycle Inc (C) 2015

Original file name:
BicycleDownloaderInstaller.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:

Authority:
Goldencalf LLC

Valid from:
3/27/2015 9:26:58 PM

Valid to:
3/26/2016 9:26:58 PM

Subject:
CN=Goldencalf LLC, OU=Goldencalf LLC, O=Goldencalf LLC, S=London, C=UK

Issuer:
CN=Goldencalf LLC, C=UK, S=London, L=London, E=admin@goldencalf.com, OU=Goldencalf LLC, O=Goldencalf LLC

Serial number:
100001

File PE Metadata
Compilation timestamp:
3/30/2015 5:27:37 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:3sBUte5Cdc19j4xMHEnk/dBoJrwKeI1fsdLkAqhRlg:cBUU58c1l4xsKwoJs8ckphRlg

Entry address:
0x8314C3

Entry point:
E9, 7C, 54, FF, FF, B1, 37, 29, 4A, 98, A6, 9F, 94, DE, C2, 60, F4, AC, A6, 0A, 82, FC, 7C, DE, 52, B8, 24, 82, A4, F8, 86, EA, 08, 90, B2, 94, 9E, 26, 48, 9E, E6, 1A, 1A, F4, 5D, 4F, BF, 0D, 46, CC, CA, ED, 36, E1, EB, 17, DA, E2, FE, 38, 0C, 2C, 56, C2, E8, 40, 68, B2, 38, 7B, 38, 76, E6, D6, 7C, 28, AB, 3A, 84, BF, 56, 77, A7, ED, 6D, A1, D3, 83, AE, A0, 46, 47, 58, 13, 94, D2, 12, DF, 00, 3E, B8, A9, 3B, 6B, E7, E3, D3, 59, D7, 33, BD, 97, 91, 01, 9B, 6E, CC, B0, C6, 8A, 70, 93, FE, 33, 85, F9, 5E, EF...
 
[+]

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
796.5 KB (815,616 bytes)

The file {blocked}.exe has been seen being distributed by the following URL.

Remove {blocked}.exe - Powered by Reason Core Security