fyd_setup.exe

Kidokopa

FlashDelivery (New Media Holdings Ltd)

The application fyd_setup.exe, “Kidokopa Setup ” by FlashDelivery (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from www.cycletagcurrent.com and multiple other hosts.
Publisher:
Cagifirop   (signed by FlashDelivery (New Media Holdings Ltd))

Product:
Kidokopa

Description:
Kidokopa Setup

Version:
4.6.5.2

MD5:
7c240973c7bf1e7f2b59491e0e626618

SHA-1:
babff828ed9efc9c9ac485d25a3f5e79991bb430

SHA-256:
1433efc238ab93439f57b9a06e6f003e96b595ac2c6caebd3ee28b6d949e190d

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/5/2024 10:35:43 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewMedia.NMH.Bundler (M)
16.6.21.12

File size:
965.2 KB (988,360 bytes)

Product version:
4.4.8

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\fyd_setup.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
3/16/2016 12:14:48 AM

Valid to:
6/26/2017 10:47:33 PM

Subject:
CN=FlashDelivery (New Media Holdings Ltd), O=FlashDelivery (New Media Holdings Ltd), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112107BDB832CA5BF7FCACBF752B12BBB5B7

File PE Metadata
Compilation timestamp:
6/20/1992 6:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:dyiphBkrapsTp+6XDgwpIjU30BoYS8I8aTiLq3KuR2:d7pDTQY6XnpO6iI8aTiLqauR2

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9334

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file fyd_setup.exe has been seen being distributed by the following 50 URLs.

http://www.cycletagcurrent.com/teg5253eG69Tq5JcTEcyDDebkQ64 QSTl5tJWMs5JoaFLbz1yvWoFICdFgF2djMrZUd KpcpReh8RzGyJxGEPNJiXzwUnnshpb43FuPFXGni7niMxih3c7eYBFsSae8GILsHnjCqQi LVUST_sOxgg1DQDDeGV02adnbTQA06fhdJz_Y9tI=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/ju4xSfAF3XQzdoLZw6e87brHoQw87wXyrQ8W8MX7LBNW1lBo1YTbjZMu4EpTCVujCVMTk3f5T5kOJ10aczlZJXtzKnqlvIwNbUN0oBzcxAEThLgsH9Q1UN6vD1impS_YuOSpz4KdEWLLcZ641aM6D1kljn3AkL6u5jjzQJQQcUzsvzdXyIhcA8MmWeBvG73zvAsCtd4i-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/3H2AerBVLgNjq7q0iV_KiJvbFU jIrCJqu6xN1LUqkOUIqnJvzINq75 rnj52otZjijz6MESZH_jZkKu0qaStmXupgc9AEGz_AH9ZvCZsWfc8Hg6Qg62lkhkp5v7gLzYOuZCgVg9Zd6IPVll0m2Esw25gr7BTvdpbBm_TDpMZ 13SNPsqyfl5mXzfqiDR4V9ao5Jfgfg-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/exxMPdAbNtiTiKzZ_ZPOarSX2XITZqsfuDhjlqGwWbRp6z_Gf7LVC129YOrDo3O9Dl2N5bBZymSUrd59uGHp85o t_jrGsdUv7eob_ydQ f7LnC5dlSJGaaomOXF23_di6Ke76Jm6SPvi0JIlw5QTisxxOv2IGf0UeEkEoO_GFNhFzXQwAQ=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/jBMDVht4 ChRhgSLhyuArlSUC8XmT5mVj1uWDIPFTq3l6cqEPKjQ1I2h63u4bVmc7nqLmqedNIxVhdRopD9_MyWvQmR9LjViWdpIqrj1CyVESbgg0jYV eJVS6fDiFC3TP9lNoNatdJz28n0DQxGgkcT58Ftlup1Epv_Ul7AkcvAhkrIWko=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/pBOjd2_RdTPDCVJTyv2S0MIBWGQYQLnnfg9Hvbkla lh4WC_IYHRgQkUDnlWFJu nh8_rLIWnvhcXbWtbKUQoSr7tQqMEGUEga4BccIreNC 3hNcrXuu5x4qZkX8A8R2 UKh0IlyR472xOjafdYmQyW54Km7zMNRg2NCfEh0H0alk5O2Xq_ol2rONLdGye6vY 7z4 UT-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/1YN2Anqo844YssotL_2M8O0BNtsGSIpRTvg6GRfx5YN0OE6EFjiamLf6KA48n1B7x9wb3b_ZHsjvJ2um8cvW9uXhsHlSSDRTWY27 v_qYveuWMEb8YAeJ30NRyWkeLYQm2L355GGwwFqfa 6BVyp9SBPPsk7A12iI1ZBL2yuExvu pB5sfcNVgOK8nMGqdkv46UzRLqy-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/T23uMyVLOH3A6xSf83x7BmP mFUwbDCWeIh dL9qj44vvpkOf4dpvfvGC9RUKJ79oTjg82Fq1GbZkRPIcy_zajuBABLyAFLCElOhICBBcgozqgvs5uy_zKndXXnbFurHERt3OllnoaeEv3m2LwMwwYdwQkm2nWhNpncyGl4TYQC1Gzh5K8M=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e?EsetProtoscanCtx=b430448

http://www.cycletagcurrent.com/xROI8fUSMy_EirE9DAC7LADtkYvYEW6GkJzT10Gj3a7bMhUNrkFFmyahvuT6VJsipeTxTmfnmgK6Z2xJsxYVvA2gu13iIG0GZsvbCQgrub3xHnJLvfOKietKrcuC1O2bAV33tS rJhQBaCqn9f0te45KrivRyWX8TlNgn5vRcW3AhjE3IYKMNowYlUfnhK0hbhUiTZ6B-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/D1FnPVxiaMpxv8ysOjl6ZghaSWPxQe558GUd_C11_btwqO0YP3VQmFaB0QHCflHK6mCzhYymrRYofqzfojHZb0jkZfSA9VwSqQ5DCGXyguspR562n99cEKNJawcwMI H1sAdgs57_WrXnfBrWd4qtbw3gNnDvK5ACjbiFHunn_JOXkhrJ5E=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/EO2tDJ0BR6Je1rV0qGcOhz4Ve3n5bTlgJccYPOkvI29oZVJ52p5vYJn_F9EqxGko93EpfMtFH ssjXyGD31uxyyvN2ibWHnOan7Fu9xBuIaeFroOWb22dPZjTUNPOGSAIp2bxjxTDFLRnzLD4VMxw5Ev_u2Q1ciEV6ByW03Xzs3i4b5td0tmezFuvw 3KO2vab DQRWd-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/Gjkm5scYZDsKFAtlG9BeXDH19gQAMCD paxrg60NsXrREY50DWhpI1e33VgMSsf18Pl5CSkCX6M7dAunLNDH91A8G xf8fzzRa04uhnhmHiEmYvL0gX5kU50f 0liy8g_qXMpmdnr2frgLH3HA3uxSbG_VDMs806mNdpdekpETMxz7ZvSUM=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/rKCZUxzV0 WJ2lWMP40fzn424fyb24eGu74QEW3t6tEPOzsn_v34LA_s 0GtoS0FDCmjedoyfXMlIa8YnoRtimxx8IVtKcM1eeFJCtrYnToLscDRdaD82k6Wz8BwJWJbwbuyPkn09JvzksRN ow7uny3mnoAfGpWyZFxISclpC12Fw7sBw rwDqmOYrt7BcrlBOP2XZ9-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/OHHH9QD EwJGVKw8RS0bnXrpBsjF3HdwtVSz8Krq4KVqi5RFwIM6GwqS6D2lyYobRPplu5162 S8XdJFxWGgjr1ND_3GHNwrGRclM64VmvbuKGaB7yjq0a_9Zg7nguwOd46ZGkwg_FpOir51BSr Y6Gr20ftq3SZ5vcVtavzFLLb169jaKHPmbcM28Phb6smTYq QrDP-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/ix2UDTINChTMTRBp_lfFnT12p6mQPgQIU1OKF20ETQ5orfn4NQJG u9YA7LNbDn8Q42Ryl7vblXA9JP_Uxnir_6j3v9701_7bAn2Xc9BlNZguOjUcwa2B2YUcovG4_r8a68IXiN SncU_08mpjzL7RrUUrz3qJE6ucz6iD020Cw5WsSrdAQJmZC93O9jDs2NDf0aUPwU-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/qMjbkZRy qkJ5mpvCImuTcUP_1KpANKrg2NPF4X3zLH8LzdZDt4K37QjxhLe5r47MgilCnoBtP _u3uyo0YH9UWhDNYkuePbL ARovfURMBJAVVUZd0_5VfAqjcxGgRz2OAnGKsNadxNIU0anE7v7DyR9kU_mLvb70YtOLZCHY9MAMEfmdjkocEyrQmRlNTyJUz878NV-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/Ln_6UFvdxiceLcUoVvmzR_hurd48998jeGvNyYTN1nQ9e2OOY7wii4q2yLwcArZZYWc4GDHJl36hjIja2qxuz1PFMM4dBCOp3sb_AB9H0SXFPFODAfjjHp6XNi3sWM_x2BrjzMSekPGRSXh9l2BbiR7hu3RMclPjXwLiSHDanNCYVFXZFC3zx3K09x1wZK5z3wS3oPst-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/WwnHebv0N5lG3IEKfLBWAD3T BFwFwNwWcD d49JXa6KI2IQ5HCjxMiM29txGTkKq8yjJoMQf_s5EiA 7x46chcOijJKJzYrpEEQtiv0zeU06ITbjfHpuiTsTomCkvEMGae0qKaNpDvmT SvV35 yiAV4_dm5_0GpI0fvJ8RSaqDHMnnR2TXJ9oxH395oJiWcxJC5ZqC-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/BKshb0mKWx5I_FGx0kOfu8OD13Fx6URRXmP Ny1pZ_c9jWN4K3KyNyP90x3MS4zWeVpW51ly CvjLaGsZxue2trlJNO0RFywEsRFuWqfn5fSOw_a7KuAFeQHpXPKUi7oTC RKivzdFc2 gbzxAqZPTzJJD4OFjD9fQP64oWtCutb8lhwlOA=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/ I x1A L807S6A36yAENJPuipCcR098o4OoWcMlmRxSEAh8mNYFDne_fWMTd IoaEJCtLD5occgxdQkCncvtysdH2DCqIo752IvaV9NGpSbzqMYA3eyQm8FqAntcFWDjWNlwUdcbrqRQmXc58K45CUkIuGqbRxrtErIpSDtBAPqT8QeU48c=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/RdXbfOe9AcVcSMKilhzgNP7nokm6Wq60lyeg288TKJDDNdw6SaqM8_zqKpG4pq05tx moqtHeqgYjjGx9PAwp5f 9SAjXHajDdU87HA0IcLPfVlbwcXraNJWffRP3sa4l jJeowjIf_dZZ5lucCCYG9YSed_KEF3AxafI4DMcAOQnm4ZOm4=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/_Yj3GK9 Sxk4oB5sXfADMYlWsanhtSUMxgDD 0qLlOWnqv9KX_URv2ovrpxkgirV47JnpbG9WM5JX_26TlXXSjxqVEWxVPOx7GDAQZ_QuUtemiX98IaMDSr1dUq 9eqPPlemhF1UG5tMdmoMnX82c6NKBtrdbZBk9DyuWsYzWH3CnFyYNO_x_nvjwxQRSNMSCRWhj6US-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/5X0uTB IibFIX l7040zAa0vTRLznz_rzw5O1GZpKMJPRxmz8IA5P3_OkJ9YEeEdl761nzXTej6nSxZ0JvXmPQRv8raapYBSXj7knKZGEN2lBqqj7jD8vVrk8bvLrtXeaF_rh5 Oyc6608_Af_qCkm9aLEpZjCMXbVFINzP N0yYh3JqHac=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/ch _XiQbuLbkjlyitL1AnTIZL8UEsPyx9TNUuPPAA QPQxdIZTYrWrZVPvS5U2MzRQRKwhz5vFsW_SmXYBucxpx YuUiGdnE5SILqa0KCvynpF0qFG4y4PTHAaMJdK9l48pqzl0AnobS7qPr0 b4gcb14GekfnrNrx9y0fJND6_oXUXdA9QZhClskyTDtPWT3ttP IWz-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/X1QF0Jz0mSjcHUq4qKdxvbxViAmcE74WrlWYpO2ww2W2him3Z1N_Za5BxNH8HTwkRFR9YQvxm7FZNBuzcBGGRfC6DCQMpYH_qJGRrYULJqmEYz89p8ZNulVom5YTyk9KNCJTO8pIzU3XYfVgXv78E4J5CvWTOmCOuQRfmLOKABoZGdK8SQs=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/1ZB4yxaLJJiCx3ttkhmHdIXi_Ge_ed24tYfhr2TwS7UU9LQGLsG P0mqjTDiXT1icDVVGs 5A4Q6LFGS2BvkX524P 6osynApCh3Mkx6X4opyNx7WC9R2AXCXyF9yScGAuy_eYd6qu8Ffqhs1zDKl3hHhM1BR2kxgrysxSTailUPuG7NcO4=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/Pfw1gw_F3JatJy5awGvtMVC6tb5W_k9ow4a8lLg5Pad GA8J8hPyGwP91FaXcHPqvJiEc6zGOMxaDHIRPi5WV1XTZg9KPJ1uBdB9qi6cTazRQUmKVfM9r0a0KCdrrEl9i0x7FlVvd vrJtdceDLXpUHXUIPR447ayJEgLlrFhmDYZSa_pyMX7TlosN9zWI5WYazb1Rny-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/QWcBEVefN878Fh0XseyGX5V i NuY2gufzHoz5AV4PBzabiGUcFdzrBbDHv4HKJ1Q13HFAGli_zu1YRD7MCNQXWnSE0n8 dFzX205xVu_gqFwkK1jo59gI5q9n8LD_NiiL nSXYKIC4eSaDjsXe8aF0iQ4Yy_QB1B0gQ85r GlkSLe8VHqG1GY3SfYRmS2vRcY3KqbyH-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/YjarSWw2i 3mi3bWiKgGY0pIACM3jIUQtBp7cTJ_JRdCw1_U 72few6OCRuYuaaKhajdwTUtcb0spS1tnrLDOI8Jy7IndZ_1zNr3cEPCgFBx0bbTwXJv5YBGTps5Ob91wVFgcFFAErfZh55lf4_T82L1qIaQsv_XsWVWWdKNdXm4izrqQuA=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/C0CRiAslTG63hBp_SlEIBZFSZq2gPZdIo4vjvcJu9PPpHcWS53ucLsSwAIEeWViFH2oleT3oAWzxwlXLnhPDvtRoA8ad_0hSD9Ze9Gz9CUGHjNayzDNmQVOXPK4INOQTmgfRDjdykE_px7fh71B2p_xPg1PUh7xxZRDuFjEnxE56SOOkqig=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

Latest 30 of 404 download URLs

Remove fyd_setup.exe - Powered by Reason Core Security