fyd_setup.exe

Nomam

FlashDelivery (New Media Holdings Ltd)

The application fyd_setup.exe, “Nomam Setup ” by FlashDelivery (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from www.cycletagcurrent.com and multiple other hosts.
Publisher:
Lones   (signed by FlashDelivery (New Media Holdings Ltd))

Product:
Nomam

Description:
Nomam Setup

Version:
3.0.2.8

MD5:
eb3ed36b512321561d8cfc44a7d43522

SHA-1:
c67bdf63a97866255a0c5867b6800fa45385968d

SHA-256:
a7ea60f0280ea5721ef383e527582fe2449ff7d5ff6c5083728051abd4eed7c2

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 12:30:39 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewMedia.NMH.Bundler (M)
16.6.6.8

File size:
947.5 KB (970,232 bytes)

Product version:
4.4.9

Copyright:
Internet

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\fyd_setup.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
3/16/2016 12:14:48 AM

Valid to:
6/26/2017 10:47:33 PM

Subject:
CN=FlashDelivery (New Media Holdings Ltd), O=FlashDelivery (New Media Holdings Ltd), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112107BDB832CA5BF7FCACBF752B12BBB5B7

File PE Metadata
Compilation timestamp:
6/20/1992 6:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:m7VlHKk/CjT2Bk7i2hVmGbw/izTJw/I3iIqy8v3NJnpvAGfYozMNAIw:m7Tq26SB4i2hUn/pA3zqys1vAdoIzw

Entry address:
0xAA98

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9314

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
40.5 KB (41,472 bytes)

The file fyd_setup.exe has been seen being distributed by the following 50 URLs.

http://www.cycletagcurrent.com/KZNthzFxWCPEfEIOtRSY3Fu8CvigdDUwqZHDgVUheGkqbfWhlWtEdaX86zj3MNWPA9Sl7pOneBM95riKMnSQ1UWccCw 0rBWoq9uTI4humO0YSci vxYUNEpH_WAfmffJleFAoWVDgu0p2qQn7c8buLYA2x2P3b4S3Yic84RsIfsnpfHcOLTUdwPtY5YygYg rlmODOW-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/nrYn TVFmTh4 c2Ghtllz6x2eHvlMDhkmnXnEGNk0bEnWyc24i9p_iDKXy49fLl9K7qUBe9ZAncII9rToXKpxJnwdkwFAVdZGbW2sYigT29xKJxhs_KaN3PxsQpzhqIbl0mcgZB5i4KzZx91l9IbtNcAEM2nZEhPH5CELqHvu1K8M4iOnFPBaVptYTfy2fJsBDrUAsVZ-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/c?x=w17LLecgHee/5xEsDS/UkNbF3pGx9xW84uDsMOUM6LM=&c=w4DsfoSJH0RVaC/zdRNMScJikL0pCT 3TKJZhPNfje5LT8vzqVlR2XLiptgSytI4UmScdMNjO44hrlnMBNqkKnfKNsQP02vUNBrVvtNH1sCwOIwy2wBIcrtanxcRv0XXj452bdiQMdKn4G6X7/qFkxJa0C7o0zMGqUQHq3ddTts=&e=0&downloadAs=FYD_Setup.exe&fallback_url=http://getyoutubedownloader.com?p=direct

http://www.cycletagcurrent.com/c?x=TlMX00ltUcvLXqWrj6JYFKsQH0zaHDiipnfKup5Ojtk=&c=qTJkxZXgSh6aPGJ//r3KGhv6SCeAZ/f9xgdDd00QTnzxgpmNReP2VEAYBzjZB/tbgwyJuL4sMhS6ZmaofVeG6phmM1D1B2j0UqFFj iXHdTgdRtklqLFup2fb4FWe0okUm7KYL4ZU2YYAniNS/ESr3cRxWDVNtX4z5XvDlT49K0=&e=0&downloadAs=FYD_Setup.exe&fallback_url=http://getyoutubedownloader.com?p=direct

http://www.cycletagcurrent.com/WVl6OTRQWGRYUjJWSlIweFBiSEExVnpnbE1rSmlZemxNUmpOUFZYSm5kMjVDWkc4ek5DVXlSakJqY1hrMlVGcGlkR1pSSlRORUptTTlTSGR3Vm5keFVGZzJaRWhwU1hKeFVrTlNSMmxsWWtZeVIxaFNWbGg2VVZvNWVIRmpPR1p2ZURZelIwRjNXRTRsTWtKb2VFZElWMmRFU1RWSU4xb2xNa1kwWTFZMVpscGhaMVFsTWtKTGFsQWxNa1pzT0ZGd1VtMVFTbUpaVW1Ka1RVbEtWMWtsTWtacFpUZDVRbVZ4Y1RjNU5XMVJjbGxVVlVOc1FscFFUMEZqWVZGbFRHZFdTRWgzYWpkMVNWaFlXbkJZWjBoMVFsWlRRMHdsTWtaQ1VtZG5KVE5FSlRORUptVTlNQ1prYjNkdWJHOWhaRUZ6UFVaWlJGOVRaWFIxY0M1bGVHVW1abUZzYkdKaFkydGZkWEpzUFdoMGRIQWxNMEVsTWtZbE1rWm5aWFI1YjNWMGRXSmxaRzkzYm14dllXUmxjaTVqYjIwbE0wWndKVE5FWkdseVpXTjA=

http://www.cycletagcurrent.com/WPUXrCq4bP2cKCUheZHyMr5Bb_TPwwUl2q8wrSbGiMG0DR1yhUncJ95D6sq57rALwgyljOl9diiqq631_OAjRWl NnPaThHaYH9aWa0DxEVg_FOQ_a2KBOU1vMypVh_ Q1ObyOOnZz7QAdMBLd5IEt2CxGZ8jlgxwHitK7VJPo3UK88qJDwEjKpc8qk9F1 K0kmXRMk-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/TkonDYln2zDLwpBX0B1oYhQY UvzpDINMrqkI8J9BGUeFdNiu5w78WhYdQqRfw8RWIsLDXEkKhGj4 W7aoeu3eIRoKR1SIfII0NRKcNq3J2gt79IuGqHHPzmNFUtfS7xWEWyp 3PMk1K_WRAkYtwZiZX1p9xn7JEzK5vqlJpEcxMQnzInFY=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/c?x=hVPJ1Z520ES I/4Dz4S6XUdH7ArOp87cIGU6jcF81fg=&c=TSKFngjZzi23HI36UGDNbIvCOD9mf/UJLzCgsyhPdC4qXDeCskxidDuWGbNKkBkMXlGsiz3WRrJjSJ q9Bi8cI2Sr28heOFLbiSNiuJzfnxGVURMc7LYlN Ts8bVPAqnI0/B0/Y42vSKpmVTa7X2Ig==&e=0&downloadAs=FYD_Setup.exe&fallback_url=http://getyoutubedownloader.com?p=direct

http://www.cycletagcurrent.com/c?x=0GHBzzRDQCXyf0r7XwSNxZ22PL5ZtSGmHxJJGWDddmU=&c=JtXyQHtkkmAvsPW1j5fxB9zddfY02Bb42b hQ9IB CsfW6nvrxkavy1WQAp/v82rZYci/cc3XbUb3KSbSpKacfxRVYC0FbWyWg f zeUXIqEuPmO5dyQ7uL2WvHiKiygcayZYDlbsZRKX4r3z7OpmMGqeornV7RuSuIwZUWj II=&e=0&downloadAs=FYD_Setup.exe&fallback_url=http://getyoutubedownloader.com?p=direct

http://www.cycletagcurrent.com/JiKnO5e lzO9mvK1zqTQvd9ve2HfKWXvpApGLbUKdN9GKMSBi4cAkX0KAIcB2WQfjRduHbJfOcpSonvCRzo2mVPJsHegZCRUJSTsiUGepLaLVO1mfayqTgCZ BjoEw AfSksrN5WoC9mZBsvr6emGlMYNaK0cc8tBq2qAo mGHNFzTYM66QFiynDyRopUeJbxLThy3xn-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/c?x=E5ZTSFBWDVbADUsvdf44ZGOO0nix1rgAKq18hH9MI5w=&c=HE GrbLMfdU6h679ib6g3DQdUBVJIx0ST04e5h3Ubfo1JNjuqySpZmwsZoKcOVH/Mh5gC5sw4s5VNTgcEnBopOnNBUJxCM1FJOsAXKoZF0 VXCRKVF2B9T2jWtQpJKD4/P/k3w2sY evFpJoqX2bQA==&e=0&downloadAs=FYD_Setup.exe&fallback_url=http://getyoutubedownloader.com?p=direct

http://www.cycletagcurrent.com/c?x=va3pV6EvvGvSlEnzaHPPGx/KQWkqiqe7vOKeVmh2Auo=&c=0lQFq52R2Te90kFFE5gD5EG15c1dxRwTQCVry8urqNS8WnBlxmowVIlUCLdemSFyJ/prV65ozCcn0Wqqg9H6Vm4C2pP4mE6 h9nfAZyJ7639Gll/kcIN0WXF S7eaIHyZvOKXpxQFqdj8mPihrVuoLovlUjrSjwUwGsfe2I29JE=&e=0&downloadAs=FYD_Setup.exe&fallback_url=http://getyoutubedownloader.com?p=direct

http://www.cycletagcurrent.com/VRRSBzXEqXMpJyTWeviW7zZdKumZ9FApfmkkeUBMYNNHRvmX_eoAW9_oRP3oTyI63asFKGBGfEegki3l7qYBSTocCUV47aMfJvUG7Eir3ZDc VyW4DMUR vRdGGqTwtjUHEKZRmLL37OyQ5lW9k1HVndTDbYiiWcogpc23SOXLDhn3hBlz0=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/RrgUo8hhz_6TsKjbJ99tKlnfUVpgegg3G922PRe6NkNEqlm1b QfhonAaGiuB9mwjI KCVLJH3CNVRdMKzfMX0fVNpfzVMrLPimi10fVpDRK8jQfkOhWr4mts3ukrGOQPOWMgGTndx_tZCZ2H3l3OrxwzIkfWdAmH OdnqY9NnYBVW7E9kc=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/lNnCp5ZXt 0wOBlKgUTYw1JMyN72hf5AKvJ7Oc5Gq_FnzPSRdIq8y_iieT6vyEggL8fR2WS0bpj f8ehK94D_I1Nei4emeKXTmYjr5DxG2fSh3GD9ullhEAxQL_g4iU5kpmwS3KAWzIDi5Z3QSYO3Rxzp40Qi_qtDD F7LgSbF 2_xE800c3eVLY26wWAOsw55__SuRw-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/sWhcSXQGnxYAjCCYADtDZMSFVfboO5_oStQilLZd3VIqsUCaHc9zxceyo_SzmitOtJMF99EUew89BsMgF448s_hb5BB0XxlbVI_Zb98Gf4JQ0kCsUEU3yvqs0ZKqgAEj_TUaYE3V5FmKch0twwB9jAU5yGy1GaKO5leWu0iT2iMxzkqMXQ MFVOuqUZEe1dlqgU5SxrS-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/FZ87L8oNCJ3RlI_50KM2EFbPBqz9jSe _YW6vgPUJSBUjm7YwlN6yFney6rE7TFDIYEhCB_se2feZT9kuBHXCmjjWo7kCSFOvvBoByioQ2BfDFyT3ilOUtVHEvN2ow1ewUCVjOQLONoTDjkwkouUCYQz9Opxy LPTamJHLMkXg _3aXGlZpVDFiRKfIhFrO2T2U1GmlsGEH2YxrLO6V5LfY1byQe6g==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/c?x=aEDOfzkGIJGUALLEdvM04x2mE7wFaypXk9AHtXHgegg=&c=SWzHZabkFFSPMRWq67bGmfAK7CWLbkZBqkTNJrYTvGveATXkxzC9wdZUHBJlDgCHZqDbrY3w5Av8Iw2 RBir4SgpDQdnS CCT43VbS Rxh5r0sYGKKXpKmFwiqMeGX443qbTwgTh9rfWxj3p7pCFvt7i8tg9QHucSyQ1FNvKmSU=&e=0&downloadAs=FYD_Setup.exe&fallback_url=http://getyoutubedownloader.com?p=direct

http://www.cycletagcurrent.com/DyyqLTaoEgoDZbwKGGG0FtMM9lWKslyjTdEX760fl5mTkjgst9WdJl6GSBIkmdT3Ck_8gnngQeC4vTwXc7jBe2OQINo0RnVbHqXHCvX9A36BWs_8mOO9gojAN8surBMwJnPRgcFH arIH99Q53RRC5e4PPBGK3sbsTjF0XvRtHkTt4aF5 JnMZudKxPMevNy0OvZgEcE-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/c?x=1tFNis/I2 8Yfr74BF3q1hnaFgi9vIBzLqFAIQCU8Zg=&c=qOgBd6S2Q6OqrKGXuf5LXllNHABMlYpsgAmlMqe5hXyGFYZuP/r0X95w5vBT6QOpe8rFTYPinCqXPobybIPo98BcLdJ5WYwpkFrTtMA3kkxxZpGALC/L/ 6LF9lfkO0ZDRpze/I6ZIlzsru3R3mnKtARemnLjhpDS7HYSwCZC6A=&e=0&downloadAs=FYD_Setup.exe&fallback_url=http://getyoutubedownloader.com?p=direct

http://www.cycletagcurrent.com/c?x=b 4YHL6pUjEqPYsv9kKRT4jE/nENv9aTHiQWS8LBPbI=&c=6NfhAdo8xlySZNGreMzNAEfVc8IyaauqXTtOhy83HGylExcJ2xeeYR0xcPH0aj5rNNnbmZlUnzEbA1qyPt1H2seURy3mCLO5QdNlthtUUdABqOZZ2yQ0BroN4CC11IpfOaNRG43tI9svMg5uTPoxVJ1trRsD9V8ikFd7Y4FQZAg=&e=0&downloadAs=FYD_Setup.exe&fallback_url=http://getyoutubedownloader.com?p=direct

http://www.cycletagcurrent.com/5jQVd6czo9UW9EpvyHkK5T5KP3Sn81XqVd3prpW62Adn1ar6WKYjXNtzlGgmsK2mrBJowFQz_kHCHNZ1vI90k7eVgF1jm3Oj5P1d7JlVhrSoJo TTyBBL44JTjOX1OeCLQhIKRMc OPVGPDqeDJXRZUnp3iGstpVxllhFtLURD9WclvIroZD63Lrm86mPYR6LxSpGoX2-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/fu3BXCOLql6BzBtJRtnl4glp9slf9onCUh6wmx5oqDDOCmKBm8r2HGn9MGyPcjitk0Bf5YE3o6x1pFdi9kiK6z 0M33GzVd5kVma9FR2qCSnTH1DjxHbiB XG_4ikhaWtx9secBRIUI_R9gvQkbFXLdZXdpbYsgdth Qm9gIAMyQUIAKkv0=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.cycletagcurrent.com/zsLcngUqcc9jNEZhFoI0yBY2mbAUx402IKPgoUjMePV1cQanvPKfQzLz7yqf9yXjyRSmyqdtiRtOVptA50nRSuw PNChcqWgSHvphBNg4BwYZVhyFH35RilB_RmK7RoZRYVbRADwoY5cQ2NtRwMwFIXjO4ddWLpapjBb7VVzalLSoTImnrxzkG LyzhOAOwoq1HpD8dw-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/25BoRbMzmF8_i6YUe_twyIFlxj5pJH3L2mreoRTt2Kg8418Gyhl1t0gqKMFAswKKCjnxakFaSjn5LBnp27LPeZB5oqgH77n5jJzbHpHslGL6mq9RMoognmXMIkE6qgd09vIawoJR3Go47K0TqXi197WUquof7JvToOm8Z4CJl6SrrWUHW8dBiDRo0lUmsH2gsUQAXeAv-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/WVl6OTRQWEphY0hGdmR6WXpWa2x1ZGtKelNuWk5Ta1F4YUhCR2NWQTRVemcxVTFKa1oxQjRlVE5rYlV4amNFMGxNMFFtWXoxclNESlBhVWczSlRKQ1UwdG9OMVZPVEdORVJUWmtVamRWV0RCYVRVdENVMnRRTkRGclIxQkNRMDF3UkRSMlNHbE1ZbFY0ZW1rNWRFVlNjV042ZVhGR01YVlVPV0kyZEVkNFFWRlJjVWhqY0hseWREQTFSbVpCYW5RMFpYbGlPRXRXVFhSUmJWVlpaVVJEWlcweU0xbFpla1JDVVZsalRraHFSR1V3WkZOclIxbHVXR3RGZUhsdkpUSkNkQ1V5UmxVbE1rWjZXVEZvWmxNMlFVRnBkeVV6UkNVelJDWmxQVEFtWkc5M2JteHZZV1JCY3oxR1dVUmZVMlYwZFhBdVpYaGxKbVpoYkd4aVlXTnJYM1Z5YkQxb2RIUndKVE5CSlRKR0pUSkdaMlYwZVc5MWRIVmlaV1J2ZDI1c2IyRmtaWEl1WTI5dEpUTkdjQ1V6UkdScGNtVmpkQT09

http://www.cycletagcurrent.com/c?x=/6BRNf/q8fm5mqPXKi4K02Sju5bA3v000FBWxbRqFwA=&c=jAMhEhMm5wpQ77F518e5Jj9KMcjaWsflgiDOF18H/AteiciADEoi2spi/0BuIJUbsNCz0t0MyYVdwi0CEBAqTLw GIx0/FJ5bFb8lGIpTf9XlJVmOVBbrUN2eOE6y9Cfi0azN8k4jWxXxr68ucjZZHTzq7M cvjYIdxGwNPYRSQ=&e=0&downloadAs=FYD_Setup.exe&fallback_url=http://getyoutubedownloader.com?p=direct

http://www.cycletagcurrent.com/bw9UYmIdhYzD7Ke3TAxwoi8honLAnGxSasFIRa5VnZKSxo21WaE8UrEk_uvlx0v40wMw34id 0hm0Ilymjh_gOUkyRaUWBBEnXKzzG6Re3J5dumOyAmKqvmvqrDI9_4gydBZMGoB1CMKzjCeiS7g4ic4IlODOJmCHptbJ26ALizZNB zyxyK3wZe57STVzuGknGQs0Eq-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.cycletagcurrent.com/c?x=HKYS6n10VkTz6w9yvgrpnF8ecvOhu9QBY5KV1mZHGOs=&c=0vQNlyiyp/JTknx0Rm3pitbmUN9u FXZTGgXKomMVDwYgV rUGmvY/SDhUx1rTKJ2jUGtKEa9R0t5/SnTanFqJvRpEFC0YEe67PQs4SnIhpzkMbsfmAtlhZTVbgqFERTF/egRQ6BajeR13j CKfpnUPl3e/K7QyyjRLZ09G1NzY=&e=0&downloadAs=FYD_Setup.exe&fallback_url=http://getyoutubedownloader.com?p=direct

http://www.cycletagcurrent.com/c?x=uLyl8MuH8yM5H9rq8bOmVegnhJx12 tL0BXIkLJLHtc=&c=mb/ojjMtBfZHzJey5inUW42y qh7LQIXtTbfk/gj9P0eufzfigYuhChF5xEeD3zWnhJNBE8LYpvxdhMwXiLER95EZmntolXcbQ2uTF3gVs5ceVAp1g2J8pVH/u75daD9qgqHSmc8tif/C0Zttndq9Q==&e=0&downloadAs=FYD_Setup.exe&fallback_url=http://getyoutubedownloader.com?p=direct

Latest 30 of 2,664 download URLs

Remove fyd_setup.exe - Powered by Reason Core Security