fyd_setup.exe

Len

Criteria Quality (Alpha Criteria Ltd.)

The application fyd_setup.exe, “Len Setup ” by Criteria Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.bitsbinariestower.com.
Publisher:

Product:
Len

Description:
Len Setup

MD5:
f74ff4e6970d7a58a39a0daa37a7f9a7

SHA-1:
6604eaace6ea853be2c972e298611d2db20c3f9a

SHA-256:
09ed8c34fee56693cca25becd9ee486b1d735a5dea025de44eac69f07a56e906

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 10:36:27 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
17.3.4.3

File size:
1 MB (1,049,511 bytes)

Product version:
4.7.8

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\fyd_setup.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/31/2015 7:14:57 PM

Valid to:
8/3/2016 10:13:33 PM

Subject:
CN=Criteria Quality (Alpha Criteria Ltd.), O=Criteria Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216B914C61A8F4896BFAF26489B9954D2A

File PE Metadata
Compilation timestamp:
6/20/1992 6:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
E9, 6F, CE, FF, FF, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9379

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
39.5 KB (40,448 bytes)

The file fyd_setup.exe has been seen being distributed by the following URL.

http://www.bitsbinariestower.com/4t9Si5RLr7 uD9vFnxCJsjie_k7 iec2Q6zzM u9WRWa4HiTxM_mJUQiXOGFAATz4BUeH9jV8HoHuRlgvI4bB1AFqnKKPdG7OkE1Qn7163tHC5brQpilr_lw1dajhZhx_kJACiNtBl k5ItNwCRnaaMcdfmgRtcA1foJP92MMpXrPNZHDeMTGy8YkavJGK02Eqs1 cWj-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

Remove fyd_setup.exe - Powered by Reason Core Security