fyd_setup.exe

Motepodud

FlashFunnel (Alpha Criteria Ltd.)

The application fyd_setup.exe, “Motepodud Setup ” by FlashFunnel (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.currenthostingsigns.com and multiple other hosts.
Publisher:
Nam   (signed by FlashFunnel (Alpha Criteria Ltd.))

Product:
Motepodud

Description:
Motepodud Setup

Version:
5.7.1.8

MD5:
cbb7f7894a6f2f4aa4c7c0587b0ac849

SHA-1:
af2a12017f988ce1b424b7ffdcf6c1176b193343

SHA-256:
9b4fd8ed8a073449b6dfce23550d15c6225ed71e2fdd82f25ef6df864e17949f

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/24/2024 12:24:20 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
16.8.1.15

File size:
953.6 KB (976,528 bytes)

Product version:
5.3.1

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\fyd_setup.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
1/6/2016 11:33:56 PM

Valid to:
8/20/2016 10:41:12 PM

Subject:
CN=FlashFunnel (Alpha Criteria Ltd.), O=FlashFunnel (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121E4C7AF870B5B414237A93853C74D7486

File PE Metadata
Compilation timestamp:
6/20/1992 6:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:nl4QhV1GsgvGeHBnQrFddE+sRlvcAb+H:lthq5vGvBPEzReA

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9292

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file fyd_setup.exe has been seen being distributed by the following 50 URLs.

http://www.currenthostingsigns.com/Ti6D66DjyANCVEaVJ01GZv FR64fgV1ZSXagM32VmgB a6GnHcxzNFi6fQ7EBFoGpJAHNstZGbZ5z0bypPhDccmd0bJa6xJMQco Lrs3aYYs1DEmAkTlKSsfHiBUKfW8gOsp9mhe_pMICEnx_UxHqjIlw1IupWav0zzZXy 97IK3c FR hDmXtDEwRweWbE__pxHfQbc-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/Gfq9ArySLmqOB40wpglh_PtW6VdGLGJIcAQ _8 xPieafd_VKF4DFMuIUXMvMXtGsFKiPr08z2OtrWBA85kM_u27d6PA452MwaEdVDGYSF2_zCT919Ulvsl3WAjv B3x_nSRFJWDGW2V_VXAhHmqAX9EFo9BhXgiLirqAo4d 0h2R10RbwcuO0SXOu0ld6bj6LxHKBq9-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/OfXy8fUAGPBd04L9cIWm74aonZmtAEBgLC mRP5DYHb5oWX4BSlm3o9pV8OGXUz3p pnHSsWFTBZ96Di0q lXRiWlmbMsU_zglpjwMyOyG1glT6GWnY5mPY2xSBvj O3CCE_SWqJwjTKPj7qET_Uj_d855MQcexiCYXbBsKFDJjtbpq GFhXAdHEKVrX6E3s9q5BeNcC-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/cyFb_Eini0GQLeHODqoulYoOl4o87b4 AmMwG_nQr1_XdMo19WY_W3_v1jlSXY0Wpj4QzGDTcSu0npgMDkc3yy3vv5r5lzGfePiLt1EAmM0uv6uL062x6LQW ej8KDHL1t1wETOsOPpX2JHpHjaJ6EoHkbx9vXaYWWwEhFwNAQ8XDaPhrKo=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.todaystockcentral.com/wwBBu7IhIEjJYOxJ3zUCZopI3AVumT8COLKoJE1YpOgBBC0bJIhUj vPsT5lG2Tb63vOnJpU9Qvqe9Wzxx9awiAOb4j4Q0v8cUQ1 oF5Ub1hO7HncVI5Qe ECnCBTdgGyEAH36uauqJj6pZdih8ulShuyoT6pRel4 ejaUHPC2Qfd9i2e34=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.todaystockcentral.com/auD9JuphSOkCIqBh8BpXprwALao4G1HMrZTbL6 NmnTwVGb3gWOgMQq6RfOkhmJCn6SZxe64SsAwqyqrPhdUfDDQJ5ajVD3AEeeJfIXCVUgNc39Dx784yBrUvJIiwK9Ytqv1L3zpoPCrshtonp FOm t0_FX1FP6R60B18mRC9NbGwk5Qow=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.currenthostingsigns.com/MRWBBHw_yGngbtAPh6K6BpdGwluuIqGZxK9EaKxU8VhfjV4uBjYz5JsJhv7xBQqo5Zt7HIWt1fTgBkDQJ5t9oAqOVJUeJvG476N_iBxcHqQXjQhffD5gSI65aDacJPVaZB7 eRa_Ddj Pjog5uxRKJ9gI WBU5Ba8OZGAQDeSdpU1IBogznPDiVSACbR0MddzSNqT2af-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://192.168.43.1:33455/static/storage/emulated/0/Xender/.../FYD_Setup.exe

http://www.currenthostingsigns.com/ZsdDAuakemYwEwooVaLt7cyDQFqsT0NOJoXm2x FvE3v6Y0iXt07vyu58xhl5IZYBHCe_p9kyukn2qMQF0LsUPewfM2veJgea12n3fmw9cHKQCwu1PP1hak0TjSS_s4QKM2RWu6fvjkOk6sBWfZ8L 9_gJ5oX oqVjJXMkQL6QfnGaoyjH61RtDlHBRR59EXFWe9Ietm-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/ iQtJfd34qv2aDkDQ24CQYfztAfgKhEl4G4VSudxisNF240PWnUS18JPG2sZsgGJcAwvxCXe0QjW9TN0LPx05ZHK0gS9 YxnTmHAC2aoJzDhzIUICPeWYI2KEK5Y8Z37AAvJgYgTdHUHqVG60GUZw50TAS3k2exnElka486bgB0e FWML7VUx4esXEuBEdCa2uFVNYcD-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/412OuOi4CxYvwRUz1sUx9A1oN0YHTh46Pb3Ip9Cr7hi9UD49W6EZ__ iVviFC_3G jn067C1weq YIhEGX0NnqR1IdnB5F4nYMCB97_bvwwjmOMgOBP60yySEemYBTHOfgfr1pZnp3CYquj5HF9rdtQ4XoJIODaFV7cFalqUkYt71VRWV7I=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.currenthostingsigns.com/XSlBEcqLs0Gj4TLeVH1bMXYYHw5PDvMPHAeLMGvh3TrCWBVcTeByB_hxjsEf IXU1b9lWQhI4mpqT4XIjRx62JIVeIs9txu9c1OYo2gvjWHqXut086PcEwgt_m1ic KcM6aTGGP5nTj2EVA_xwvgdNl_dwpqb0sSxAprHRcNA_ZW0Q24lI9AF9v66IkKRfKekUh2Ab9T-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/n55K cQgLPFm8O5vQy9bWjgR0vaVPXiQvhVbIPS3YQh nFQZSlGzo3lS8JuJH_kF1A96Y7ldDyeoU6B9VNiphgoxo51j46F9A6M7vqHzaiPeDMJ7zqZ4Cio278hskJLY3ji_017y _BEUb1Ipjjd7gwkLIQsJ4OGQtgRzGEr04z9EMM1ffw=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.currenthostingsigns.com/1zltULIp60698jSo9se3_j7CjvTdRJIww6jvQm7w9GX686zbpZpXx_SIeQojfqowyrm5xJsuU5DlEe5murasbpgQaYh Dsc8COazSkTP9mN3_VV_AGQZvrGyyQ8LOmUvk5nnLHmCAFQaht1uNKpQB7dccSC5ATD0p69n2f2BMvr6ckFSRh7Pe4i9FLoETphZ_qM hKgS-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/8uabIoUYFj2XuVHNGBnyg2dRr3gP1miNYB9CgDCI174TJw7HhLvcrr B7vQQl2zBUPH_OS5p2eQvVUx_VzhiZ51TStcKWNfBf9KhTyIwqqrvv2Ygc3d4OlXJOBhBBLor9RklonoNhhhWzYicLunT5ynpvo430VnZOkv0Ct5fl4JVhwKGS_D9dZYKGzh_GA_cV9PLPh5W-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/jmKptYZVYA8rtqYuVXB1MSghUN TDkSJlthyTfZwELvrOVeZPjhQ8fu 00YD39yl NpFRIzvNXlmKlwurPt64wIAXJ4AOXkfKFCHWIECzuTR8nCj9dtcD7sAoERA DvudioSwcQbWIeH2Rp3YwwOEg4uvHS1Mpsvjow_2OXWV3Rh8tzhn2Y=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.currenthostingsigns.com/vEkY3h9XgJFyR68tSoHWnPpoBSgY2DIBSl_WEcSkYPRWySJjmDuPE6gD9fDeSODuNfFfPqCnDmDzWJPJbKsO96H cH3Hs3PtxiSy6EGPJAfEIKYfYFy7AjxM pe3onQeB3Vl_d3d0hL0pjoG_RcP5CDkLXblCbDSzPGCbwmSDbqxO70Yv8LmVv9zvZ2FL7xRrxPRjNMg-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/29jDHXjawVogztZ0dlcUeKXbKFfSDI12_CrTDX2i7ssIJshfs yDbR6oUOpdyRxEaK0 nk E2uvE5sS4R8LHeuUsd72LxXmKukFBgwHhrLjf3gcetMuwqgRWD_JlNcIXs5Z_Rz9Jdjg FJ7ARBg9w6jyJF03QcHbikID4o2rFzc zJtoZvM4PvveRO56awrrGRTsx8Sq-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/UEh_V5HXdP1jglUPq93CDvtXQ5F0iJsYQevIw0dnVFbsMHPST26_ nf7jEOFE5StWSiWMDdSuU2fAfZtAmuIQDAGj4PFNC4JhvADekpfz8Yc4Qr7Klq10gYj0CoveUANP9tuHI8zFGtPnl6Uo4mFOwEH4CWvlZaHiU8zRVCAyW7TwU_rLB8=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.todaystockcentral.com/UAlY FVJaZtg 4uZIEqE_x8QE9Rd5f 34Ray EbR_vezR77zTFhawuDWPICNyaANxfR5nwwAHW2UsRghnRmSBpnMFCmH_K l0JdAiNpsQ8rn2EaAznrdILl5xIqGpJWqEZueMgp3Vnoj9pVe07OkZoIF7ZvsJ7bU3vqTjhUGkrhnad2EG7bmR3gsNGudpYwiA8jtFnG3-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/Waa0AGKVk21pqecSyC5L l5RsKDPzNe0i9H_odUZxOTTHet2TXvqu7tm6hMxibwcItLkFn0FuRd2eXb49wGW0GBhSKcwUXOX4O2UOYImbyHXKUXBECUvw00cDQBmfEsi1ZjS2DfHzvN8X_l9n 1v2BOhnKDlZ_ Q3gw5tiEmvatFm5ozD43Av42bSLcbBQvTM5kL8Wca-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/ReCFlQ_IQr0na2cWyRlmq_Y43Z1fFrhUqWimgq_LFH8qaBB5c 8K_Un2h9_3qRUPSpo2_F2NTU2h_UnIV6oVtxfkgQTkF8sNA_7UpiMmAjdKfXpepySIGArrPn8RS5Ea6Gemv05FrR19oX7aAyg6Jtmz_Fo6xHql6Fu3Mbvh3pD8Ak7_u5P63cHWzJoVmvBsBEUZtYUN-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/mVj21e4RUd4fw1VJRLFf8TWEhaFW7aZdA1U1KHcPMnFjQHmNOv9SLNf24W0rXGv57nYv VlAIvgkBzpl0vf4KuCLCFQRl0q2PiHA41nOs11yY0KlOUHQVPkBw4KwsH5BGN35za6L9OqngH4R5lN7IrVHI ku3jllkMz4nSjPP8aNo6GgCkA_VqmIJkioXYSdMH8K_x4U-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.todaystockcentral.com/71DftXHYGXk6L_zgOioANQorwsYO0StqtCahP48mSL2TBMEJNb8z3F pLr62f1vG_Jdy0GyJinZ qDD9NksWY6Mg8gPiNtuJfwxFtExKirISCeXRDEezwZQymVv9kuLPA6glDpga1ERGss7bXBb TJszzBayG9ffbqUpJTzmdNS9KRwtIF0 tu9vRBOm5s_KpHdcZEbW-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/LnWszA_kTqDPZaEWBPsJWRhSDEBF7cocwNK0v zhzQQazp9SAvI4_ueFHGGXMONheryEo U03IQ5uMx51yuI5HPzjkN5e9QGTCxmy0ftQqoWB_kxLet4UWiFDkUQfRpr 2mZm00J ASCVvrZfQHQAeaaQ7O95uw4dKpGTklvaDjyvQQWiwiU2uazdDiBQo8rf9_yrwK5-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/ul5UNqLEYG3Ta m2 hfC9sRGKfsZSACV_ZH7PH12yGcsDiivDAnjGO4q308r3nQlEp7aSYLw6ZEhllmn3JFE_sFaAlK9e1HuYEzAKyJ2cwWJOonL9ARBn 77_LVqQL7eGICNcAvrnrEtWL7 DUtv60RXu9nQ4zsKd_s5bngOkpAJDocTbGqfubOddy0kLzD0eG7N_scj-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/fl16aXNggGiWN5Y7e0O_L7FwHByK6xF83DmN1nIgWyJVoGeIo5Dxcr7JiP0OMngZv1OIQO0RxBV0jq3ILTTeKjjn6OhySGsDrWnVXTXIEz2cF3eIk0m9039xWMEnaWU fHCezCDgUCERcD5UxVK3OH2SaQyP4uQgJFUeAfvfGZSFA9tOfxdmgXaJPg3IPOMEzxk2oASA-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/TN0rZvBYsTdFKjbwfddJEVzXkrWl484d 0dplc8iC3tzVGiRUOAsT8TjwYBq4iTKp yIoPh8AjijCLWhelZxLAGgYQJ471ByFiv5gJiW6EGAjQ6s WhSG2Oks1zLJfPhd_ fEdu2e3e1ZX1iQgQEbfZIQLn6zbpAlZObLmS7tUautTh_1c8=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.currenthostingsigns.com/39dDFs8UDn1fda YZUAeXUREmG2R1jmFiRmrrJg389LZYcpJ0Aja1m3Snw_m3 SO_aSsLmPGha5uz3CjjVf3rAPEkTp1CYNQnw34i9e8HRoVcFfMn 8zxBwBwBpO4271wDCbMgrmpYwtDapTXcIQJnTytzWaqazH8hgmoMVyODL9lXBEVA2vvZcwVXshM5508n 3YyUc-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.todaystockcentral.com/5J0lrln7VOaMOlvXHHtIetkUVq0mJvdTJ9wiQ5IDdBajY5HeUF78DS7D6pzL_7foNSqt1LWOCf4uAQryesc0B_unElf0Y3vAdUm236QzonpHQaRI_MBG7XyBU5fRt2jjjQKYw1NBRGwdE3FfuOu5LqSpJtATdLIJ1WIx7Evf6d1MyT b5mnspv1KgR J7kjotp5DKDDn-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

Latest 30 of 1,080 download URLs

Remove fyd_setup.exe - Powered by Reason Core Security