home

codec-pack_installer.exe

Figidusa

InstallSpeedy (New Media Holdings Ltd.)

The application codec-pack_installer.exe, “Figidusa Setup ” by InstallSpeedy (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from www.capitalcenterdl.com and multiple other hosts.
Publisher:
InstallSpeedy (New Media Holdings Ltd.)  (signed and verified)

Product:
Figidusa

Description:
Figidusa Setup

Version:
4.0.2.1

MD5:
a1c2cde985e6c2fde3a53eed3e892287

SHA-1:
cd1a185fbeab2193122b442dced8ea8e7aa22c93

SHA-256:
8e153d14695475a57a893d0f040e00ac8338974b3024565cc13cd227ec52ac23

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/27/2024 4:49:07 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewMedia.NMH (M)
16.7.25.11

File size:
948.1 KB (970,896 bytes)

Product version:
2.7

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\codec-pack_installer.exe

Digital Signature
Signed by:
InstallSpeedy (New Media Holdings Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
3/15/2016 7:40:35 PM

Valid to:
7/11/2017 5:28:33 PM

Subject:
CN=InstallSpeedy (New Media Holdings Ltd.), O=InstallSpeedy (New Media Holdings Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121F59EA8A6B04CAE5E738F6CB09D295BDB

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:wdv6k879NU9ZgkD2zeEkxBVJOOZg7Wr+Fk6xcJ4oBWY:iyD9yZgA2zeEkx9VZg7q+FnxJ

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9333

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file codec-pack_installer.exe has been seen being distributed by the following 13 URLs.

http://www.capitalcenterdl.com/gOALi6tlwYi5QnUsOocecYdhawDDvDFyp_DAPtB thSWuMns0Ae9cmgwNOMT9Z TtXr5WuryCw9Heq7Gz2qi5 f30jCa2 FY8tcDI4QC08pCNcd muhvP7hK2bi1GDESPgahwaQz3NLrfkF8HRcPuboiGgW07QTLZ0JwuJ0ueVO0SISkXOrBnOa m653GssXPSoQU6YQRW6SBZW6sEDr6l i0D_sm__hA6HWGuswYfE8O1wdez99APBlIqlDWX_Emea_s5gi1UC4sWW906c _Jv uOJWacaJFXJHvXauGQtLYY83BLAq84_njZvr5zRjXVeXtj95kCNkyLTDVk21d35yZXl WmUQ_uXevLNHaX hVXb0rzzKbn f7kPkMpg1T43VX9oen ptOatBv xaAChudjod8tGYDq0rKhryRstgT_x9kdXM1avmp2Jbnujo20DOm6T5-G0EAAAR0cEh_AoEEdhpISU454AC1VtB OeGdh3TcRZQ2f2MSWpDCxHZOa3q4akCzuarHmgc=

http://www.capitalcenterdl.com/LlHOTF_3bLVA40AQKZYS2PbMd3wpG2F8cv27fHLMkipLtBLNGHKKulWRj PMgjsLlX1I74wDZIwzJLUUG fT tnl4fCTlybSulFP71lV_ytXAWnmvC_dPS1IYk0PQuNpeeFBGNQVEGcyfuHqSz7Mw64NGNzeMi1JN8aEvGajArbUq89o9bYrtjtHf35j_FJtWlmkETwDUHLGp0xa5Bq86ebVzN5 XxWSI5E3KOISfp_Qm HGtr3DAytZc5_PtcY1j586zvdWH3m8xcCBEWbbMwtN4ne1 LJIyGMwzWmHJlm_oRkEruF3PUDGmZCOmXn5DdASOUFpxonEAvP5bljR3Lm7oY_OFXg5SFaxec_ktOC4O8v16E9ag0MQQAR7NJ0bliJOWGEZlPvVYA7LqXdXdIrMEEZmin1QSdcP244BXRnSgJ4OexxqteWLZ1d3FwN_6rBl6gZByOsnIU_hj7yBS 0S4pMMTw==-G0EAAAR0cEh_AoEEdhpISU454AC1VtB OeGdh3TcRZQ2f2MSWpDCxHZOa3q4akCzuarHmgc=

http://www.capitalcenterdl.com/jFoC_4muZsPUcwqdkOREPWlDMkeV5ZG0rO UaAoldw0NbhwfRs83Qn_R2adSw_ aiNp10pITnB1DSerHb1g5lNrgee_dA7OWLQIGpjRm2TI mhMwDws5edm GQR_bP 0Fr1NhmU4w9ACiYEK6iDp_vbCXCO7vaG2uCSa8UbK18u0bCBBXT4v3niJwM7MWHBTMpunovha8IuSo7pIs9vlToxgqjd2yDvOPEOMHhmnZC66mIc6H_mWeRxkDAPUj5Sc8kbjHmAeID QjgVkUR1NjCpI8Jl5oAimpDzDOxEZidOhADaIhl 3ehzDYGdifWDCS8526Q0GeFbxAQwuq2EsiX4Xqav5DgADoz_FUdhEO0LQbwew5ixMx_r286 aramzjS P07IZPiejpE9RBtREQDqs4jujOWMkw4mlPfK7MuZNqsX8fW94qoBhKpxsnu69xh8Xv0UIvfl Xx0q2j_NNUpfo6EzDg==-G0EAAAR0cEh_AoEEdhpISU454AC1VtB OeGdh3TcRZQ2f2MSWpDCxHZOa3q4akCzuarHmgc=

http://www.capitalcenterdl.com/8ZndyuP5El6ZufeyZja5ScYwyWS82cS48VQHEel8oH1RHnlK1T2NKaNRBzWiCLGm3EcXZt5L tGxkHnz5E 2vmRO69BE5IfbDthfrMnXLTM24CNVADPyrRzz1C6uP42Y3IBAfYypOBJRurQtVRAxqlma904eKdzC VEifwOvKqv0AmguhrUuZbdXmSbFfkgCtOi9FESA8FFsig_vMNQsS5k9jjXtdmgxpIKfaHgBSxcjlt8DYMoR7FhtmYK lBgdBat5ffxetvDAj3L3dli REoJP6kcSvhdonv3_QSPwpfEqM9ASb5 wdZMT1gp51kNRI9Of8BY3mi18UL3vDYNEJpzh5bKo6YoSPBewKTnNMRVUP_4q6LU1PRluMG6yEsuZB0C9PUVkqON_fq4Q7URHq3si4LSmumLB0Kjd9pShfFA_Af0U0o1IuTF uOblgC3LEQFZzM5EsByogDc8YTnCcOKciLotQ==-G0EAAAR0cEh_AoEEdhpISU454AC1VtB OeGdh3TcRZQ2f2MSWpDCxHZOa3q4akCzuarHmgc=

http://www.capitalcenterdl.com/_DGXqzT8svUuoto0GrlJOenMLkfXZHhOtZUDWUo8ftNG2Wh i11UQpNQoovXHs MCWuCQrvZWzFLZUNpHxakv4T6FlhLjZdxxCcrsNaKXKKyfqo3006Eg_H3C1KmZ98z2JEQv1vplOq5vS4CSGRQ4xMo8NMU232C 0BKSTG9JQcB3CZWSNz ujjEW1CoiVce1m2A_meGp sWSrHmUGK8ml6uDHzb4zteAwDljKdbUJJo0TdrMtQP9AW6HtZX_Umdvt1SD8e6EgwQomjonIYHTM7FvMuct_z648cwV7QF5lGjQZUpbdXTAFvfcZIBkRTw2QMHhibjdjZIqwfuk2bduuIRdCRnXQ3uWgHYuHgxZjUEMBPEGLVkMymvADoTZUnNCY7gc_z_EF0V3S7xqQ_WKUlEuuerfze4TZtVvnabuD6veoU2pb4lgQoIoLmV1CqiHAcN3w0uXcxM QIS03p97sDyZS5KqA==-G0EAAAR0cEh_AoEEdhpISU454AC1VtB OeGdh3TcRZQ2f2MSWpDCxHZOa3q4akCzuarHmgc=

http://www.capitalcenterdl.com/_DbFjnOLvscmRj9nwDYRBouoMfeXU3asl4eSNx6IoTbiNgqVcsKyEI0gubV zg2sy2Tiga9Aa8LuN8GBSfEohV9IK04Oq tX8HKSe4y0OzvqiNnnn3UmyjzTv_hTqg2tkn1q_ojRFjzq7Vqsod SprW9XtwwQ6RfjHo_2_Hi25eq2PDNVrdidP_ln27NSc4osN 19tCeTFj1QBC8kFRlOIZWiYsWjN4EEGpS0htySm8NTIAwHF6HXDMxlmUxp5dbAmjbEj_lAYfr1Gdqv62UgzbHwZS_wO 3 cYnHali4Zohfzq 2_LJW1AtjlDeKDwchSx9EW hfsX9LFn9s4n49ervoE61NDK1hcpF4tdHx1L9Bfc68LWmz76xTGL lOXrqDk 2sDFBhij8o9CuworrvqDL0A4wAQEuhIaywp1GhwHaOufWOJhPWhnkR168lJH5lrDgPXWcgnhJdiF_DEGiYvsLVAvA==-G0EAAAR0cEh_AoEEdhpISU454AC1VtB OeGdh3TcRZQ2f2MSWpDCxHZOa3q4akCzuarHmgc=

http://www.capitalcenterdl.com/xwTHnTLIYgkb6ksLsiBZp3DHYMgkTiih1syTTf2jyaNSMGDp4GES8fvbYBQunbocc_pc1BrJoHTVezPDOR8ToiTnI27vTujPusZYsrti_l Ad4NmvHqKez60tA0hTarGSSk24IyXHvIxQm48GT0bNSWxYYqyG_NtowAbDfc2E0hqMdspUI2h08pcbGJoV70G3qoXmbzbywWKwXqOPIytsB5J_4bmTfr2YW9l56tJOIr1Y2LU0eXBa1K gkAVIchcAR0Un7UoEtAOVixMCxG_cbnCbMMn0HAdpO6A0O8PQsOVfFd FqKaCIPPFHqsHHhcTzOKPTe34BUlx9OB51Gmak2446o5eOYRGzo8y3CigjeNrI5P0WhVxIOnwsfzNFJIWgXfAOAXlN5 BQMKjnpKB1xee9pYrjGlE71cpULMUOXerXlEZVa3kAq_BXZ62ZtaYNDjp_NSNgIOqkClnaEXIqJJ8VlWiA==-G0EAAAR0cEh_AoEEdhpISU454AC1VtB OeGdh3TcRZQ2f2MSWpDCxHZOa3q4akCzuarHmgc=

http://www.capitalcenterdl.com/BOTV7HAVh6 Y6UkNt_i_4G53RMt93FDv6KbkRmhA1dIj6D1O4r_V7XvgRlWgpHpvAi8Pv4kYinT 2_kYU6hjSkj9aqGx52w5urFDkC9LsD_e2W__6c8_TLbPobm0lNwjQA92c LWGoftXXEqTL5PYrJjFRjhGFmTD9ykC9ImpaBooMyh1aFSdUXI EWFLj0nOG enP2CPr69VBBXgf0POfzlm_B_J5SqjBXEYqGNRakNENyNzQEo6I zRh2LEv1Y5DSOsBcVRRHV6ONQHHb9evZnM7WsI_JmJZkPst Y5v0Ev2Aa9RSTeZ8tqEycZO2aNFub2SYnKf VijNizS5ZJvjWw WfijmZSZaEkvdEOqDniBoJUBCw9YQo_kXV88YnUAWbia38QucoQ7pdkZpeeheovXP5mnO7De J6UYmYDXU3AN7pZMUR73nv3lYFWpdRvT6rZIypFa lW r4yE6QJUpIu0n7g==-G0EAAAR0cEh_AoEEdhpISU454AC1VtB OeGdh3TcRZQ2f2MSWpDCxHZOa3q4akCzuarHmgc=

http://www.capitalcenterdl.com/HPWigwu6aTjHa8XOeQdeefUZ5PI0hFKzLDeEjHNidA2Yb2mwOs2Vho6okpofWE2Ryumsc8XbydWffm_O32Nk0p9YPVRx4zkP FCM8dGFN1UGDMlXp9knjmmonWfJppnFcs_oba5fNx7IRvSHYZ21ZNAeQ_zc2BjWPV30aQ1syaHioUCLFbwvONDP7RY_Raf4iUbbvhvr2xi4cTN38E96VWZnpMBnXy9qFUM4MxHMQxPRO1iTcEOUQ1l7PWmr0duWwrUSdYeTpNMS33p3e hK9ZTMzThuH64PBJrOn7wTdy3H3qxqRPAnZI3NH0oiAB2WNyoVBi3AbRBSMZyeCxkmh 4MLg2bJ4H rpg_l9JqT4YfmNXxbSSxkmxbkTLfLveI9sv3rTFu6ShU94mvV5HhVVn5pSPc4ITorZedhNU4p18GlI0wy1kvh8WN2 ovj9LakPkdxnmho8ERUIaNnYqNG8P_XuQ_pg==-G0EAAAR0cEh_AoEEdhpISU454AC1VtB OeGdh3TcRZQ2f2MSWpDCxHZOa3q4akCzuarHmgc=

http://www.capitalcenterdl.com/2n8ZY8ELzeMvgMV56 94_2bhtlG2A Lfz KKeJgAz0Gp dph3OcPouyG2Rp_Iqd6qJ5oQVws6Fa8zVC 6hdmMTMUEqdsehiwIJqBaGLdp6jQmpg_P63T2f4QY21IotTtbTSFQoUZwycuprxN3DpXpEbFXrIhkL4R6OcuwdXaTV3D rGF2mWkSHcELlvGexy9skwJNCmtzJXIYycL9wNa9jN9ZvD6 tq802_UrPOi21iU8v_L9QbtBxGBbgl2YBdNx1fiSZcw1uow1Vfb_OnkUQVpZ4XMOUV0ZymjODYauIeYLOyp_IbSd3bN9w7dCsvl8xswF3ugIaV67BLhWjTqW1D47ylxiJXkjrA7cX3di_3JLy3CVLZ23tDLRjhPECaL2mUxURHCbaxMiya45m3rtkVjgh0efk24vaiQxQm1FRQc_96lU5 T1PfH67S0PxlKwwg3bJgtX_GhrnaZbpkL1rQzhdGCYA==-G0EAAAR0cEh_AoEEdhpISU454AC1VtB OeGdh3TcRZQ2f2MSWpDCxHZOa3q4akCzuarHmgc=

http://www.capitalcenterdl.com/JoFohjYhuhcH4oEYmlBbjHq_dXqENdH4fm _gpoHxVUxJSu0KpDq_LC7mClH7lbTnOwTqApLyrVcHkX9358XbNHD0x6j5dnl7FjQh4__XPkUelUKPct0Qq2U4OOchXKZL2Ip V1wp_xIvaBqVlNur06AVFilW17VO_theNms8M5o7VniFn7UgSzQipvac71kcVzLFybGHY_G15fAU605BQgx7N3rtqbw3yLNSTOG1JfTkSXfwK7BTiHqB1uW9Fc6D3iVdoEB3Jgz_ZuU84_FDkVx2teW1qi73skP0MQBbL0HthSyHsRlqqrUBsV4VKxtHaalm8ZwuLoQ0JxHj_Jfwbkw3MUuF0A 8NvWzcbnvYvuz9WfsU lPLggbCuYmKfWotYt3nhRRVZiMUX7R6_Um0OEGYTA2B3g Hoa4pMONhEXx6EI8UvgFMX0 F43k8TLyvhKrlqKHqaEzJv2LCm0rNlYypwE5Q==-G0EAAAR0cEh_AoEEdhpISU454AC1VtB OeGdh3TcRZQ2f2MSWpDCxHZOa3q4akCzuarHmgc=

http://www.capitalcenterdl.com/4JPVtwTsbh0Aec3y9mBASSct dk9NiJbowKTPqrPIlEYinHixDgstR2OGERYV8Ig82 ZqcBd4UBGxEnLsig mkN6DuWnN_Xh0PQ1VW41UUEaM 2lNHzoc0pbEeW8XO8cO9iDnUVKiqGTh4wudTIVVQ5IwtZnqbnYaKhQIa 2jOIpdBqOu3DnzJvRMxAC0K8l_ PdfAtK0vbKaE2d93zQcefodhpITbSblt6Agvxarlffhx0c7FCDTGEKTS9oISSZzJZQyVTe5sBYxhdEJjegrFT_POQM3dfaD30vsNy5unExwbAq0TqyUlgXqock7sJQOdymTRShzKoLfCevM9U2nxi9HthFCcNBGs2VPdGhU2CsaYTRc8Uwjtob_J6jfFeN2ucQjN6Dh2T3gkIOTKQFsP5sT6jI2Y_7rb7r8zsUrsN9l2cTegWmqQUsUZqwMk5vRc_NjwA_H3ru5xxqNasPIdMqPzEfnw==-G0EAAAR0cEh_AoEEdhpISU454AC1VtB OeGdh3TcRZQ2f2MSWpDCxHZOa3q4akCzuarHmgc=

http://www.capitalcenterdl.com/ ANa2_Ce6F2qesdokLy1fONwzSjMOfogRlbmWXiaZNzXWGpqynEMxLrqaMULt5XC2d9adrb4N6Lon1TQQ4G3ZPAr1_hFnGn1JMbK8uUzNitZpNzibixn98KjxXIz1JER E GnBq893e4l2narXFEhrnXl49a rg5lmhcu0_8KDNdCyFFGsINxF16PJW3gkCbVsrMazp60t9WckRosxPuTDhWsT_9WtUi 4Kfy1UgF52f9WtmYtR8HAqEDNGG4XIIrKIPKNt_t loOOuvKbUPyHLMyvxpdisdjFC5m8kruyZcwhv0QjbetnP3KRCNpvtPtCXK2zyC9UrzZIpIt 48OeNIKyBWm9wUQJ90n1CmULxhIX0BI cj6NMokfAPv47Lpaf2EZYGM0pFQZz7MGLGCZueYjncqaScTsJ2KRmNUHf N 3IqT_d 4l93QNM9v8JbaOD8WewdWvxqBmKQcHXfWsj9pdN_A==-G0EAAAR0cEh_AoEEdhpISU454AC1VtB OeGdh3TcRZQ2f2MSWpDCxHZOa3q4akCzuarHmgc=

Remove codec-pack_installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.