home

fyd_setup.exe

Gofuge

Criteria Quality (Alpha Criteria Ltd.)

The application fyd_setup.exe, “Gofuge Setup ” by Criteria Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.cycletagcurrent.com and multiple other hosts.
Publisher:
Criteria Quality (Alpha Criteria Ltd.)  (signed and verified)

Product:
Gofuge

Description:
Gofuge Setup

MD5:
50d128a22e5044220df5688adbde7798

SHA-1:
9de80d0c93a374ea95ce28dbd5ca3af1ae81b7ba

SHA-256:
96a597fa7b489614a831cfc02e9a0cdcb7eb924078b69f413cb8294e9a046244

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/27/2024 5:09:36 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC.Installer (M)
16.6.22.15

File size:
951.2 KB (974,024 bytes)

Product version:
4.6.0

Copyright:
Lite application

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\fyd_setup.exe

Digital Signature
Signed by:
Criteria Quality (Alpha Criteria Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
12/31/2015 6:14:57 PM

Valid to:
8/3/2016 9:13:33 PM

Subject:
CN=Criteria Quality (Alpha Criteria Ltd.), O=Criteria Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216B914C61A8F4896BFAF26489B9954D2A

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:RpHln5QH+yZ7eCrqXwp3WIAMNoTfzAB8I9OhhHBGIuG:RpF5e+yIpXw5AMNoo8CSVBVH

Entry address:
0xAA98

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
40.5 KB (41,472 bytes)

The file fyd_setup.exe has been seen being distributed by the following 50 URLs.

http://www.cycletagcurrent.com/GfezcIjYlVgG6br95FcTR8wKLmt29kfnRw5VDZlcZPpEMnzn8Tcz59eo3H7eYe EngxXW3kX3SP9_XK9Qd20Lh41985x6TevNm268s72bRfmsZkIVorZ2doDjEijA 5jpjH_BqnkG7wB2oDoPpyFPnuIJYFyhwXujN5GdiD6tjdsdxDES3YpJwBFlElawbI7kS81uNNK-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/mc6JOCE58ABXTcqgMHux2dv97ctK25tWhih7ubTADN_ZE0dK Q5w3TTKL2vywc9U07I bECsoeWjufbcuTmb7kHBMlVn4hjCEByB3SQh9VZ5r1rVNavWeZ31aNjgYr2JgQeFmXfy_khwge V74jDKIVTcUaqTLZcqA1N_SpS1dyITrwgAeU=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/IICfix8lJTKqIjYPladzMqC038HRS1UKzfVX3h5skYL_AVppE_KzheMOIahfMT7PrCNqym xgqsugVMQCUcUyWX0kGSwGXaN0JMuvUaPjkqBKlGR1YaK7HN10ipSZqU_PlSndTL6HDXqqJ9JHiIw1IZa5Pj36vw3iVB34ilOYt09xH0WfAA=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/9mwGtPsHVc5U zW0K_t6P057Vs2nL0KD4WVbRwHr59zR91MPcbfW9kV5qJGQRV2efy839Qx_8RILGyCeLVQoa6Ka97yYjuhjWCyAKMVWHFl7rItrmKRPVWKUTcmJ_XsHBLswwGmHUlFCUmV9UnnIKLIZBYo5kJB7sYk5sOtFNlyLPwpfddmGNbSJ_E2Sx9z75uPLdpxa-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/FqsOw5halkPaAlHDZ294297WRxuua9bMqMl23Z4N3zcYLoHvm91B8cKPV5QNauyvhRjVNYKjHCBNrufHOR9vpxkU9sGA5qAO7i00W Uz5sYRIP1ZJRMXCE_2xWSoOd15gLmdWjT_2jZ33JSyIU3mZH5bzYxtG7TUnwgAEY9u2 cjUROgcrE=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/9osOICjp7P_Xo69Ira88DPaz2oFEEKwcNYtm5yIt7QvhLIpGCVUfxycA8Pv Vy3AdDIqOZKq6xMDLNUAb1iucxHU9yfrF9IkJZkCWogG9bm95WRtq0sWZS4_c S_3zl u50JgDqmSjZiFpkzGnD2CZRs8KFQ6Y8aaiCSf0eF0_8vFOwnnZ59Tn0Kp5EiutsKpOi4ZGaO-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/CHkDf5IauduKVdkXoVSOxsWDur4_MAR9KwHQZ4XGDzArcGIzTVGHKU9rRMlyIUXS9P4Y6dwNJ5939HtqMdiBMdoOwLAAirCrgzN7xDmHNvbMm3LQOos8g0FCGMTbRiCrA3kYYqZapQJPoBFrqYLBdP6QsSV 4vh 5dccwqPY02Gn6GiAZcJXEOY2BI784VGe7KRFf06p-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/iMAA3rzQonYTufAZ8wjWNM2AW3eg52BYydsErj86Vqgq3UcvyJYmTJG1 rCBGVlK0bRMruzo4sX5wviWKPwU45WnYbGsjyrM2gt5imRWkaOdT8Ds9UrPHrxqMN6hHATCYxVbDOd2n96L5H5hVAelggEgcnDE1E2kVJtP0ho1v27wESQRirgHRo87h7NRK2gkVbM8Y1Sf-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/t5WIk8ifnwFJSSJeMJSQSIW5qV3jRVLLRAZiq8zlFI4SvEt3LGCyQlMB7oSoq8B_c01j0Ykzcs8Lg_5n9qZEpgvcKAx4mM1monf108BMkgQigIx2u oi_D8TtSCDPKJk2h9FC_xCud1cffdiARyAD999tYEd4dMJA11NspBdm2mjXDG85BTSmTR2It4EGGTfh9TkwR3X-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/0S9Pu6Iksp907cYEt7OaoIPGzOaAYBYKYoby5DvN3HIzCXp2QJqC15Tz4ti9ELY2DwLccMdfFfNFBhYprxENgcvM1Q7udhxcDshwxqDDfGkvQZWJio_ytr8_NigfBs5NkMta3PCeLz8TKeLm2rT7ZCWg kxFnw0lwLt_ZiLCWMO7W9 KH QQ25gLbrsXcECXC_ MOBMS-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/qss7yOoKFrkqCiCCw WkYRp6be_yUOnl49xQ6WzB9r4CVB8UxQ2w7HnAyH6G_sw84b09rrBcDd9RWGfIZKSDjWugNY2DGN1TGIPDh0t2epeI12qQzKvmZOx9pMMSMCR8Y2pf3BmX3qzZgCOfQ7MulKqn0vh HpU7vW3_kpQ PsAtP1XIS6ub3sNedJBXlQLoOP4i3omv-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/HUfx FUGombNZt12nVweX13cHt7jD92un8H4x6s5jGvVZUqoPyZqoks4MjVmimOusfrcArQ5LWS4CzTjdqnC9U2L1ViwwRlvGp_pOV3uDhe7ZKPBxaNJGTeEKACPzMYjNQep8yZscDjVayGZ1Zibd_3AGEQJio9SwKVUYeMPklTaXAPqq1o5DTfF6HB6h6Pmi3J5vKTT-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/Fy5VMH45EOrKY4g9Uj6YL2NPB8CCEmpkaAy4IfWnULDb1BgSe6KS1cTZzlF4PWyEB58L3OeXimSFKCQSzm3lENHzwUt126VgpVYrh0JMHw4cgqZ7cbvNiZlISH5NqUROIbcQHMsmbyUZDlu hYZ9BaiqQZTy gkM6_yjoEOY523XRrP8tfA=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/pv RQPyNzZIooqE0GdNCLUKF6cEWl9HZfFZfX7s6hAsjFAE0eyNLGK F pzXMpfYz U9mdcxMjubRFYpR2O7wRcBcm66igkJ KFxlKRUYS6ksOt7cWGF4YvuYLGrXUjyeeQEaEGx_R9AvK_9lOScqgu7N3zGefqVf8DTITuUyFD1YrJwUxc=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/8nwOv2OSBA5H1kf6u6F10roufbv7O8R7p_p8FWZFH mHrKYecZzIzCFsce1oXS3xOKgskn7g1zmWVFh4jdKqeAn TuEcdwXKlPOl1_COdr2liJQ7z0qFHI60hkLpBENC5nPPNgakvzu2QhekmhFPtvRHf NqrQ==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/tiOsokyojIQeo8O2rgcJ09AJ6GXioCRk4Zokf3hPLuqBicpOkCh0j8N84qKggyYEwDS4 YJla4WJT_Gq0vFoTNAhWdfgxW LMmMB3XdxtXpu haH7CF_qw7PRcMFqM9rTmqHtH6dJztWdlgcPxIEj_DEsor7DsrZy4ulp2s2kkKxVCNYhVE=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/qmyooXqqYlgY3MdgLvkin 8MQinKugcBy6W EngrqnIPpM84UwDCea7Nn_E_OGKe2yRqtlMH Glhj_YWZ70itBCB4KxOk0FutFLnSn3Y4t5JrBF0YQe3ldEJ3GT Dovlag1_Kjmm5Xh2C7IxsvjsFCU7nFUtjhslCXHs3YClXtJ4X40xtW_k46mUFp5jAa02Z7xF5 MX-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/B78eQ5lXz6Fb1BbyYp1Lx yFAf_JCHRkASvNgegvUZR_ARc5EFTCyJDXTujcrbY Fvl9IiaTrfWot8lnTbCoYU3AnVTGOzqHk1nPCfDJmbltcahAoDEBJ8k4dBwIzXj3p8DKMdlMk BBOXrKOH_KMXH9au9JJn_jASx1DnrRW3R0zcjw5DM=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/qDgfURh coPtG5zFZCWF ITg78qApCGWpUWLEss6BkXLShei1f7so3eEMY5kiq0JkSSj6_NVVeFCUuqaPHVnWG4hlIRjbgP4uFDbnwrIkOzrl3mF52HSIS6kcYSvFYFmHU1kbNKeZthEUX0ptOiXJ6uGwCsxkGHj8lESLMDJfwTYoT3Ayt0=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/4cU9eZ9yT2lAyAyXzeF1Q 0KmbRjAST1UsXNN_0Z4TT0gL7nmGhKG4iUDtJa9i5wylWCveblUc9ykP7rbPLtw C0 XV_hn XSyWbWVQqd6teisxBO4yQuwQw4s_ytgBqqwrF1MMyRCVsraXZSRzY6Li5jfj_TY52CByrQhMGTf68xlFruVM=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/YR RA1MV5K6ZsiEarXKNU05igeRR0p1HPaVpW6Zm6EWpU7Mbv48cj1PgtBFiZ6vO5GUmSNNEhZHAoZZ9 kUdJY7UXvuZXMvaNjaS83hI j1l30zothssFLqQjQwb9ar0FpuJ8kEnXG6JBuM1XasW3Nwpy7kxFb38r8ZM6ZmPlPXrEgLZRfr9dpdp 9xmrodQUbIPD7vp-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/IwC9bBtXUcDSA4XaB3c6FahqQgwfE8a4PCSYtNBltNjqVGa960injRjp uHOx6SSXVMX Qj5n4rfaMgXbjvcBHCuDAyopOHpGk1YOkaXIiHmH0PDR4uBKYHjXwzwPC9B3IkvEvSwO9drbbcNELOkDbJcmuBikLpyGxj5xdnVgVLn Rp6jhQ8SYi69Q9EMNSaF0qnzr49-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/8T2btsPOdmRatVCgT rHxERZ9dvbkBZ_ir7IR4ovp26RvdlEJ8_W5zFCz_HjebIpriNbWdMlRv_4iXBAiy5FD8V4ymRXlX8XS WXaTn0qfRdBcTswkM6W65p48Tps0UOWtfwXV1YUvcz97EvUAShhHQEQqKTTHEq99t4Yjk_GB h2hnnIGY=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/Xi6OjNVVR5bCJUpZ66i9vFIKYfJeMePITs5 R_7p4D255Yblel9X8 ZGfDeOu3U2b_TOhKjFz0C4d9E 5bB7UKLLYN gWemprlokXqtSA227bjZCmfw9SqH0CvZliE8pXW2Mg7CFos5e5YC2FCoG8pPffVcM_py0F9WrsYsJCuAQ3vklldU=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/Is7TM59C49dwGOrYS8yKIstZpkxjUeqWFQYgqs76QtTk31V4Dm9Vlb_O_S40Owzof3kSVYTX50HX0eQsUJQFhlpZcVLbN80z1sXc3I3VAfJ11rQWg4PWSQZoRtmy7jgWG6MI7Hzs qX6LlNC5WzwEi_77nXJZPhraTYP1UBJ Pge 4j 9HWy7T5p SDNTJ_JJsSULwrm-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/4ihVUHxqz2CWTJJKrNFdxDkxHtsXA8rCLqFslIbCGq27 41MNiy1oCfFtZ0HmiA3vLmYHsblefbV97_ruQ_Ow1lmcCKcpsgMwO50A78OMXBc9afupFJRr9D_eEusHwwkHUur3RDurojw__FICHDnu_1EXpFYNRp02MfF9E2GOCaXVRivD00=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/ CtFepa3JtqHa nxdd4MtMHmEZDjgqEfdWNStvMiIDf_dRuOSI0kDmYe_kV2iRKXuzjKGuBKYTyEgheCSBWd_m57bzsQU77XPYitYOZ83ua6ZclbaTA8CiiSETmG1uYWke76qEgbSu67ubKcTCFUDz4iQtfF4mWYqDIo11iFkdcEtivwoD5bjXpEn qtLsm GNM6IVMo-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/X18BYacuqcKK6livoE13jhOlakxDA03SwHV6RJgz4eVETwCPaeWu8UypI GASdT_QguOvO92o_Axl22wEF_FUmc_Zs6_qQoWnr2K9KAWpVSvP9qnUVfeoXsL8od3bh0CBvuMvBgubXkHbDZQA_QUmQ7XgmhCO86LQL4Eayx9t53142mk3t9eondazP5Bgae26Z9pzKvK-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/7vpy_ZEGSUOL5V3A93LGi7vgW3YYl0N7igSOZcyMnG pMvo_NvQtD0fSw_NkKqSJkLZYo2gpVC5CsQ_CDyaTRVGRrDksDRefR8JYRHG0hK_RHYWDzD6o09oZ3A4GzK0Eaidb7EcUYofjXtSq5NnfSxDTOo5by05rgQ1T3RAE59z5lzKZ_1sGHLb8xIutkitX1APOyfuY-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/80XsDgaDCFO4sn9J0nwbpAw71ue2vFL6ezzm2iKrk9ffdny rsMGvmh6eb8CilfBUlFty4wr7xsMsFPUHk7iI9FoFVKI wrYF1O43qPMfN8uHh80akwHcoJBJTZwe_OHaeXADCIJZRws5HSj4KsDhoFTHrQrheJmE3QQQkPn0GIV PHXN2s=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

Latest 30 of 1,193 download URLs

Remove fyd_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.