fyd_setup.exe

Dedepe

Criteria Quality (Alpha Criteria Ltd.)

The application fyd_setup.exe, “Dedepe Setup ” by Criteria Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.currenthostingsigns.com and multiple other hosts.
Publisher:

Product:
Dedepe

Description:
Dedepe Setup

MD5:
b4984361aa138688a8ff3f74b3412224

SHA-1:
d189edb7ee434289d88e78fd292e5f29c82318c8

SHA-256:
145a075900d36d71b27335794841f26030a5c045bc142e305445194825525e17

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/24/2024 12:51:57 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
16.7.30.18

File size:
948.1 KB (970,896 bytes)

Product version:
1.7

Copyright:
Stub Internet Lite

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\fyd_setup.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/31/2015 5:14:57 AM

Valid to:
8/3/2016 8:13:33 AM

Subject:
CN=Criteria Quality (Alpha Criteria Ltd.), O=Criteria Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216B914C61A8F4896BFAF26489B9954D2A

File PE Metadata
Compilation timestamp:
6/19/1992 4:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:4p7B2Ne25YpeLTLAXXsaDg1iKVr+Fk6xcJ4oBWY:4BB9sbjaDCh+FnxJ

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9329

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file fyd_setup.exe has been seen being distributed by the following 8 URLs.

http://www.currenthostingsigns.com/IgDmZho6s7yInLbyIxWDGpdBKKUxkTVqP9wMTiMinxUuqokcd6jTWNdd2CK05TP175SeJaBpn2qEK1PCVsN58zPBdYAi7JKZEFx5Gf8KQSFazHFX6_TVCmfOmGcYbc1Rnbig2mbh0LwPq8PNgTgPR lSvlbWQ==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/k2zxGqK9cVeislJ8komOICGuM5u3_b17mfQZ_xN13d6fcwAFxg 5ZwfSZQ0yFOk7h6WaHnY4CkZ54TV_wtqEv 01UQAFcySI78YQV7WWjkja7o8HsKNi31VLhrEu0lPw4fWn011LjRSxAVxm4Upm499oONpFcA==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/3i7B7QUb76ETerqVThHKAh8SZdTcctwZxJ9m9Mqkudn3I3kQNhaUpCPX YhRBS7jLT zs2GB1oKfjsQug_LIObHjg b5FwvpXfZjI PgTnfqS5xn2mo2chJ48dgWeStpiRWdIHEcIo0H4x7 rED 2Ot_nOdkoA==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/0PgvrM2w4bnc6l7zNUXaGcCJ_rP7SDor1xSbK1MrrDjrJ pkgmOYJtUsOAtlhgknbVlKWC1eWFB_KtPonL5FlBwDCv4lfGabDkwwYzZbnhr TjzE_XxOYplpPr6XGHr3f0eawkiUO9ZTaEMm2eT amK5nANVrg==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/ikfEKz3vM8XrBa g2igN03oa RRYn1QNzs0Jc0wzyaMocV uPBNgn6v6D 4Rv2gbw0IKZHhmiv_Z_LnCdOSgcZ2qTyvJSU_G8ESA15Uik4EvTopzSvZmO9ATcGv5wZ4YeeSqZVl6L6kzbQ0xAtqZV015IlazoQ==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/vrfOMg2QuB_Sji WfanZZpRBppGZZnkixtPC6BNra5gXyC9BXW7LEXCqm3T5Hfxpyt3EwcpQnhBKAI HtljhTJhXc3WT2vyFHUegog VBgXAdiNvz_ScnClsmAnbT2b620e5okmcmiocwHAxzPJCklq4yQ4m5A==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/hJ_7M8wbEkdOM2ZUH19SQ5EMbmw1UL0KOSEr1EWGTx8FqI0xFy7KM Cb7ysvlmrNARjbqnDCkSIy7QpTmiSk0RAIy 3klN4U3N2zTTJ7k7sOMT4CZEYqID3BB5rtesxfYzf1Sm8NrPsrjtt2hElDY49H60foCQ==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

Remove fyd_setup.exe - Powered by Reason Core Security