» five-nights-at-freddys.exe
Overview
Analysis
File Details
Downloads (6)

five-nights-at-freddys.exe

Labul

SpeedySetup (Alpha Criteria Ltd.)

The application five-nights-at-freddys.exe, “Labul Setup ” by SpeedySetup (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.bundlessendquick.com and multiple other hosts.

File name:

Publisher:

SpeedySetup (Alpha Criteria Ltd.) (signed and verified)

Product:

Labul

Description:

Labul Setup

Version:

2.3.5.5

MD5:

2d73b3fe9989636e094216f47c677a08

SHA-1:

3f0649db18f2bfdeb34f4ee418f567ed6232460c

SHA-256:

95f4464fd39c430d6b1a4a3909e295399143243842805626ec9b032d60687696

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

12/28/2024 2:17:40 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC (M)

16.8.8.20

File size:

1017.9 KB (1,042,312 bytes)

Product version:

3.4.0

Stub installer

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\five-nights-at-freddys.exe

Digital Signature

Signed by:

SpeedySetup (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

1/6/2016 9:43:41 AM

Valid to:

8/20/2016 10:07:00 AM

Subject:

CN=SpeedySetup (Alpha Criteria Ltd.), O=SpeedySetup (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11216B7B9B1E7ABF6047433BDBCDE9234400

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:8eJLhLzTa/6PsiwYIj33ifaR2dKDaTuu1gcTrwM/oel7u:8ILhhPsiwV3SKQKOTb1gcfwMwe

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9061

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file five-nights-at-freddys.exe has been seen being distributed by the following 6 URLs.

http://www.bundlessendquick.com/VxMcXFepsRbqrq8RxAqfCzIIh3a2E9tkYK zTA3q61wdcEKrLPSmXpYDMRudq6eZZbeTTEasLsNUpExtZaTuR23MTE7nPlbCJlEhBEmtD2jYzyHfOwClMCAoycx068OetxROP aaCsuSj_wlZIoA6ejP0VSDDPxNIsqA3crPoaNbBdxfka1vs01bjTRLM7BXxhTAYiwrJhcwFMaTrMOSGUpz753ktw==-GzsAAERPFtMpj8WGKlzAMQ54QL1eFhvHG9s8kG7MgAwLhSB2et0oYE2IRX2fL6sr

http://www.bundlessendquick.com/Wqu7bhwruJm1iJOqIqZZasSFSMK7pnONhSCTDerUyqvPKoLLfZKOq4rbgU2cOYRwcOHtzuc Gerj8nkD9V4xjND0hG3U9FjXsu3aKSKwYrToSuWEfQA_cmtKyqmPzDp6i57xIrD guE Ec gHx5s2N9rg90nY0Mqacu0WTNBl1y53AhBpOX3nKQ27z71nR cUzs8H9tXaO6xfVzHniJtXXKB1EXUBQ==-GzsAAERPFtMpj8WGKlzAMQ54QL1eFhvHG9s8kG7MgAwLhSB2et0oYE2IRX2fL6sr

http://www.bundlessendquick.com/ED3THEMmg3J6HLCz_v3q8Gcn Aaxg6ChNUZ M5T_KTstCAYslg 7IUNXAgB8KCxwL5wi2o0rM6ymnWWOqsrjHSLynSrVIAH o1RgbBaqx968FYrT13YCBwCGNwJIKrTuXBtc1ZV7ONrR98yZiM7pHnE8VtvsXJTVfXFA8Ri9u5UyX3k2s_Xr1byC5Q5bw6_FZ4JCOZAyVSYhVlt 9Qthtl60rvohIw==-GzsAAERPFtMpj8WGKlzAMQ54QL1eFhvHG9s8kG7MgAwLhSB2et0oYE2IRX2fL6sr

http://www.bundlessendquick.com/3XPDYhGqxUOpTbnQ6vUTb0dRJPCArXPYfPk3X_M5_OHfwzRrhoVRqSLug0xvEh9m6aJz0iokvAb_TwsVe5rUMiImwdy2rb7fbC9EvHmI1xTO_UFcgDDhoONnkEabwMxjTwVEtUhAoOcxc7do8vrc kjqm83wqV4c G7h4vkoQk CtlevFcBFcELcBR6R dejcZPxKoL63XTzq5YhwiWUz4NVqnQdKA==-GzsAAERPFtMpj8WGKlzAMQ54QL1eFhvHG9s8kG7MgAwLhSB2et0oYE2IRX2fL6sr

http://www.bundlessendquick.com/hEDeFAYQxo9Lk0bjIQbHBSLI6h8mcL7uo9Vxr1UsVsWGZUoffSHNrfCWlMVkMnrIzhijuqrCAL1r8ExtvYiSzhFUU9wSHicTOLYKjs55quO9sMKOwtSqPPhRAFQAICiL6cbDLT w5UArEh8TGxidjeOwQKzoORkzPboPV1JUABVp6EmSzPMCxW71KmaoVTMK6yDSJiV 8Qp863ljneui1n6 67O 1w==-GzsAAERPFtMpj8WGKlzAMQ54QL1eFhvHG9s8kG7MgAwLhSB2et0oYE2IRX2fL6sr

http://www.bundlessendquick.com/WyrKt4fi _UtT4herNZ9bCwPFRMGeRdG4g2vZkJ0xjMw35ErxhJ3 9jpbDX3uiSVnL1_EFQGkexYnJgLWoiNeiGNjhCK4_3amk5lpw9Xe9mrbZA8_67kf2FZEy59mRSDRQYdWQKNow0DE2wvSLeJfXVnKBQdBgLx8MeSgbjlmkSILuTXYM zVNhbROkuo9RN4Vblkd9AwZjlgnqkhQT0LExd2jigNw==-GzsAAERPFtMpj8WGKlzAMQ54QL1eFhvHG9s8kG7MgAwLhSB2et0oYE2IRX2fL6sr

Remove five-nights-at-freddys.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.