fyd_setup.exe

Dedepe

Criteria Quality (Alpha Criteria Ltd.)

The application fyd_setup.exe, “Dedepe Setup ” by Criteria Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.currenthostingsigns.com and multiple other hosts.
Publisher:

Product:
Dedepe

Description:
Dedepe Setup

MD5:
a95c745a0126574ff462a2ee87df2f80

SHA-1:
063f9fd65ec42bbe844fb5bae172f604c69a02e4

SHA-256:
c41f63eabf592da2d87985294dbf5c81ecd5fbe6c7e9d80ea486b06406388514

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/26/2024 2:03:32 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
16.7.30.17

File size:
948.1 KB (970,896 bytes)

Product version:
1.7

Copyright:
Stub Internet Lite

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\fyd_setup.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/31/2015 6:14:57 AM

Valid to:
8/3/2016 9:13:33 AM

Subject:
CN=Criteria Quality (Alpha Criteria Ltd.), O=Criteria Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216B914C61A8F4896BFAF26489B9954D2A

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:Yp7B2Ne25YpeLTLAXXsaDg1iKVr+Fk6xcJ4oBWY:YBB9sbjaDCh+FnxJ

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9329

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file fyd_setup.exe has been seen being distributed by the following 50 URLs.

http://www.currenthostingsigns.com/sZ0B6wbP29orcqfvOtvJ s8M8jkkEkJNFQHVzQueBKRCdX4v_M91BWjaYZ5y93nKzrPtlWicxDEhcuf lq_0CIHs0l2jT3plEmcW0_Kn4cQrJ4322pqkgs5ensHJ29HLvxY5ea56yKRppzOVBmfZjOCrZKiO_I3BX2Aky08NsEFC9R8U8iWVpp cPTsi6ffyoVDMQipA-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/yegsBInqMCyx9XPX2vkF9UkI6T3nbmI53nLc9NzJ1J0FOijWLXkGt0HIVAtl_ybOU 7mgpw3DwnyqX4_miPOhcj6zWOvMTsOayrXm4es2o3LSNDSLXuEBNW9AhuOXMYFJF2q39prDFbG2KnJM5QnpHco3UomqL4x2kF2wXdgDjWUatNIyKABK8j5jsG 3bymWnj7_Jf3-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/LMXI3MBX3nq_NIQGlVSizBBPAcyHdZVQENANZcbSaz0cdY 3gY rLeF bdnydpJWoQIXhQ3rjN5sfRt0K28_2B_9PznRBZGCwgKzUWsGpXmcPy6Rlh84hSsixG8f 8EbcoMfYlzeDAF36Qq3 ccXXnQXl1u2fEAGETS0kqmfArhRbWwHDeDFOvOkuBy5vWpWRD3pFsmM-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/zG21UM4_NjmEviyxoUfrA1WFzpvFsK4lc76RMdxQFoSAiyXraeNrtUpJudgObwRnK ywiAxxUkTZo kbfIhdfrT9yr4CHUzsONez2hh3lmSqJf9jHWaQxMSev5Eg5AE4TRPzjpqJNZTDuAZ6CfvQEFr i060xm NMIV7uIFfnYBpU4__hoiuPtfDWYa6ykfzUjub7zCw-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/OKbJUi4NmQfQyti7iOjzXlSEa_5dNLJ8YSDvnqSG5Lu6iG_y68VhvQ1dHQW1djKzQ3tYztHBVgBdKqwyKSeyGy6aP0zKPTuEMzf17ntrXO_FtM qzUkakE6zxJ JMiqiln2qAXVon37RwdAjA737Q2mNRGzmxbUboICTrMkyHIoJko1uPf0=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.currenthostingsigns.com/nWkXFnfPkjs0jUekdAy5XZvFZfpgsi2863A0NAI32xAz38G4RJODiaE5Gsf8 EINYnBk0oMg4pBI4ivqqxkjVfnmbKgo2BPZK347WLNUI4gYbsi8fusa1OfT3uMra0rAEhGIM25Au3ydL6MdAYgi7IOFFOgmKLMrmvnLFe29hj0G7TJgn9s=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.currenthostingsigns.com/i35x20KumXBwrVVdsmOlQ9E_6SZEyogOaiUkZcsifps8qsTWkOVdO500KtvZfZsWi pWKvLmdqs6HdyEbA4dcE0oJSrr3X9DLOzNpAMNyimmmTKa06nRVgrBimgfaXp8WLrXZJWMXTinq5M1sj5u_4Lv9h5fSOazBMpNnBajL573Fu7t662311r7yeuJo6o6bEgz7iP_-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/96cM3ZwckdOMv3qfUVi58KLGGC5uWdCHp3vTD1G3gNTd2YbGbR39tPL3M3N6rzCRhzqk3Ohpbpx22N762uTPoWKs9yH_RD6oKRPEUy5HsdxI_tJyWxqvHQzzLHcrvKT4cBMPctZMdCgxzq TlKhmGM9k13RKUZavG02VTKAvC_KIsYlcg6U=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.currenthostingsigns.com/Z3GERo5pROnq5L2KGaepCMcJXuqicWi2Q_1iM0XJkvthJM3GOxBqeHU6gZUYe8X2Eif5sbQ6 2VW4WEGbt e5sbE vrq2PjYPG32DYXXw5hGlBgyAKZfGaREnOVwOAPzXLGbsDK39bMKb4_4Z_ovyJaDl7XTTkr6apyw8VQ5duAI7Uu4DEc=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.currenthostingsigns.com/OC1OO5I61XmeNyun8baFS8RP98NJqB9FvLNsXMmQj6GtupxQ0OEA4NsKBKSdLcTf960hApGZ4fRZB0FsUuVOW_dF2rTCcRqEOOqOBywqRqBcznsOvQ2ZqBtEKEx8osXyHmQL4UbFx7IDZCm7Edr BsDFbCRQjPPBb j4MOqU8CA3awwWHeNdXbbq0uFuQ2Eijw0pKxOe-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/4lrGMv_oi6sQs73rLxIGSMvN6Ck2BdVS5BS759 ANIpjdWRCi5qmYG01C6FL3xSD0eidczwiklXbqfQPm lzGxnZ_Lct1NXDzuEu8vTq_A9YLMmwYXCUhRi7t_pNHskPQN5YfiFs3ZJJ9zpvnB iGfrJl1nARpRKs9WyCv5OGjrtfdjqvTnYXlIPpKYJK0C3dVjYHrVB-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/ZGIc5af vtMQvu XkHwi1V59zsgxi7dO1bLQV0BPMviYPkX2OhA9pksKMF HoVm3 G66AeE8gAbP2KWYVkk3iHqT4VgihnVgIO91lQhzNxSX27dhFVDBYiIDQogbALwWdA20BB1Z6fhbJ0rzJFfppKqc2jUxmo4O6EIFd79IFjRKuo_bfNQ=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.currenthostingsigns.com/K1FwpqPnwSonhoTbyVPIEzfh5pusobt2HhAWaEWD9CbhctcK6q7tJUTnOqVVtKaTAM5ASoFyxzmmfAb30fJam1juCJVAOoWEfMi0dK7iNFhc414oNK5mu2xMQC8x4n4MXuTIY4 pAXYQpFc5hH1JTDEIBJUbIWF4olVmYe95aUWgfWCidvmhEJ1ZFVrVb9MChMptPxNC-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/LFlGRYaHy0g108J3lqAVkdk6bkxVriG2k WzWNo3dKJ21GfMgdHi3qAyWUIgt3mlsrt26v5LhB25r dIFBrUiu2k myKhryLYBi fxnwOumqOVVWT 5G9Z4PyQbrNTzB6yFjFuwrXLLP5 z5S5Lj7NPcjbCNloD7Rcvk2MFgx63IN4GdxAJer3hAH3mPeAiPFiCHO8Tk-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/fNEhulEb48AqlKabmVPe6WwR5ZW9QE u7 vI60StnsRlr6CbWEw_KGh54GpFTkUKdQmbzgwXQKLWphUBCru40hpJ3zJRuPiuahDlg88WCSoAvVZHfDrNBpijhtIKNx4Y3S2hr6FK_fH bVKBHj00 6aEldJ9WQUtfmWnkrc6cm6q0baBuJDs 4xv8ygmWya2_gpaDmaW-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/OqYAFbZlO9H6beX4EfeLl1o utcdooW2Nm9ZHA_ozZ33KIbYgRHYDX7FJRyCVtrwn3gHtqZX4emdXMNe z7uaO8x1OGuewSvVUqWL_P1CcoTJoj1zlcCsYZlEVtWJXv696OuGewjgXVmPD8_tar9zU2h66ttRGi2RVviXRLxILxvlmHsRZr3meWn4mCoWmVQdiWTy9P4-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/ck1R2blMvNqIjmdQ ZNSVSw_OgH1wc0iB_NGZxpEpai5uwUsongdQ3uYLWI8Fy5CejFPwkBRJFABbk_Itw2C5effw0ts5yse73uSYqfDliGDzvofExDh9YWjNODVbgGNRCBMyt7OEdMhZIeV7sJT5mvE_QvgAC9L_WrFN0gQH1vnkV7zEYJLVfBqvCsJ1eSdPfCgaYqg-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/ FD4_mqhiZiXJUr4GUs1o01KsQNrzAYGqSYKEk96GJ Fgt8wCOvc9X7JX VTQOQ01bEzMtzJKCshqjle_1M3lCo2wun1Ywa1vNbF Rr4eWEvMu5Eirl 4OpWYoV4r4R480SDk1ufZlhi9i1Xyiv3CK0mpifT9724IhwGiBEmDBBejX8BXOmjfGJN3J4TDTfPsw7CVeNe-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/5xJv8tYMFYw0eoycUJ9rztSfrGsKfeIWIMIK26VQwPj3JXhwzmO585BMA4pyUfyS4BSEKLOsmOWUIlVLu6Ofc NIFZL5vBIZek1x5L80c7DNbGxL8d_mDNYnh0D2YJeq8Ku9Zn9lL3 yr8JUMs6UsC 16pECpmKMO3d3zMd7QPosE9fG3w0=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.currenthostingsigns.com/ARBvY9w4jEfPN_P42aljWsdpgaA5x93yyesWH0tX8Jm7vLlMhhHwFVL3 _BhdOPf5_azT4bVmK8W_0EfHqAJrjIU5EXORt2tyJPOgbujSk 4S4HytXRWGF0LVNmCdF3ZTu7_Wp3OTqr0zsPoOAemGANZXdR1 aLc2dFv65w9y_f0tctzhOrzOYIlYnkjeOKEBY2tZvRF-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/NzBPeA0NsRgpVAonPtsDWdd3hwQQAozUFd_Nhj71qres3io0M26OPbdvqhFz7isV6DU1iQW364ALvMp89F7DXDm4rl1GX5Kva9J85HEC a2LGJMnYxDDJ5HthIUQCQ1dsirdqIFuGq59UFWIb ZlUzFQsbHbjYr9ZRtYPFGqwDbM8VTDei2z71Kt09pQQKUhzaIEzfnu-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/EUga JNZWyDaG9Em0vKb826_tcR7BtAcu1Yyq dOgfi1biTwdIpOKpVfnHTXobZp1Tw3j1H00ZqTUDFas_BSgLVjdmYUqp2ZHwDVeOFW6IRFkfbbny2EY3z8 p1PAxQjI0NgN8u8maY1i3XCpI6CmElMLCVbLKifdQhlfwb493T7nGEXxBn903vx_Iw1LFzzypsEnJ8h-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/E1c5DiaL6adLBTbd957ylCtqgs_s 9Wsji_6PfzxEO_7vJMBpR8ELo3v44MxKYaW5qpdO2hNHTjQszRLmL_YIdjFtoqwz_TBIuMuqmw9XBpPSdDRLWMQFNY3rApgLh6VOjTDZyd_yykXBO45vzDvMNATGfplMipX3MWuWLrqE NqNtm2Gwi6EcDMxJthIk81bD3x1hFx-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/CZF9S7GtqPV5czEALWD0bNqWJgSXta5Tqn1jYIpprMFUlx_QPu25IcKVB6sGo99fAXK_4prvvh_x7DhWhPl7SLHMRX7MH3oxB6GN5WRDgTzITjMvJBR9kIE30tr43 s32DB8YNB2TiVR3HDr7arQydpillYGRZRvm1ncSTUr1aSRWY TbkVZ1cXYa0HrL1NV6302fo3f-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/_1Ht2pCktr0bkJp_lL2hBIGOzrHXPYVlZIAIedm0Z5uH6lb84M0pgY7cFAajbJB_Nup8MrRtaq4ZETd2Ae18F7RXAVDLXdbX62yWScKBpRJVbH2equf43j pxPZSJtd9ItEwsDq6NvndkwdDMIaG 88vbn5NnLdlUkBE_M3GfLqaV7bRkIdJMjbitj7t Pa39u SlyWc-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/ARr9gXYlKf_n1hPVBvCp_nlQISOQfLSA0NQZ1iHyC1flPOpxCRI6HD3z4SAqOKrwEMK_yFEGFfYjd9X82aOlQl6ml8SuoNz0GrlAR8L9h_m dE5_NYFQe7w92S nRzEnlhGNCPzHtniWi6Pxpt5UPY5Ui4wPzcWSJdLrFjtQY7nhN_rL9dKgyQ84yTYs gRaprBiiz6b-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/dTziN_VUDty8VmqSD106JB0dxYP3mHh_v4z27k3W7rpN3f9 4NeK OtaD qj YpokRgxLQb8QaYfd5bRr0QO7iRkMOdYrhsqpVD0PwRKIW_2Q5I0SMKqMqDjiE1W1RzGGDONU179AqO3DIacLi7 FNpAKHdv5A58q 4ihFgLzu7OPhFinUE=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.currenthostingsigns.com/TFOzdrvG4pg5wqGXYpiLevM YRqSzoOp9tPnWaF 4zOvLoPKSSSy47sE4vDFBQB0xtNYfx6NMX7UgH4aPCLPIDOTkikABaaijEYq9q8rHW7q70HrgZXjaBU206dLtVYisrHSOf_0Vc5M6oHUespg4ub0pBCBatkMV0xj9PoX29tpxOm2gw94qte_oDsG MTAKyW16Hub-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/Rit9rdz2qEZBaQKk97b_xqa9K2mR4r2iaexC6JDCCyNFV6hwGmReE3jg9be30 Dm2XD_bnhl1jbB_xe1EleBHNysB5 hWxW s6e8Mr1qzK6G2L5CWdrW1casa4Bz7IhOrURSu_eZo YvzQdIUUErXwiLFbZCBl4NLrwIUg TVAR3eVuwe_0=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.currenthostingsigns.com/WLuHWm8PKWb6FOPDl225W0OsNSzBddosBN KHQVeWpxIh9b6K9tyvAF7UOxh12uaukuoqrZizbF36r_GECoJ1ks245GFpLPv7LEFcmQ12yT2Csd3stQl1AH48VxWFFj2WIPW4iT1oAFad3L9J8L62IJJyzKt6RchC0H7382DATMWSGf9JBM=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

Latest 30 of 218 download URLs

Remove fyd_setup.exe - Powered by Reason Core Security