fyd_setup.exe

Motepodud

FlashFunnel (Alpha Criteria Ltd.)

The application fyd_setup.exe, “Motepodud Setup ” by FlashFunnel (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.currenthostingsigns.com and multiple other hosts.
Publisher:
Nam   (signed by FlashFunnel (Alpha Criteria Ltd.))

Product:
Motepodud

Description:
Motepodud Setup

Version:
5.7.1.8

MD5:
f8868de8043188d28aecf17201ea10ae

SHA-1:
e671d74460fe6ae99ea1f7797dfd30437734e7ee

SHA-256:
719090d930e474f1f2614a0232b35cf3b91bca691b7e18f2c842f80cd76be382

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/24/2024 5:56:29 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
16.8.1.16

File size:
953.6 KB (976,528 bytes)

Product version:
5.3.1

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
1/6/2016 9:33:56 PM

Valid to:
8/20/2016 8:41:12 PM

Subject:
CN=FlashFunnel (Alpha Criteria Ltd.), O=FlashFunnel (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121E4C7AF870B5B414237A93853C74D7486

File PE Metadata
Compilation timestamp:
6/20/1992 4:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:Hl4QhV1GsgvGeHBnQrFddE+sRlvcAb+H:Fthq5vGvBPEzReA

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9292

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file fyd_setup.exe has been seen being distributed by the following 48 URLs.

http://www.currenthostingsigns.com/Q5AQjo8goaiiEtygBCnacmKpd0_LVoCJY9Fy4FIAa9W64b_IX9T tlKhL0VEcsHNcSphYSWDrobPKip yWx5TawkuE1uXOPFEAARi85zUsGAOcI_wPQLWjIfPR2WOaJ1Sa1pl1QabOo41lcoGPo vZq2cuf7Cw==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.todaystockcentral.com/pxTEIvG3wj0kvpguRaAcBoIPwVjHY0sAtBPl9I5QgbWqHLvq1QjDYck2Z4No4eFxR2DJ2ca1YFL4EGAqW5rymG8_bL15tba8r5pwtU7wwp73DJyUjnS9Zmmfly5sUZCm2qssWN s L2 8idvn88_T0i0SYGoAw==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/nKWmL9nP1J5KgIVfzFWImc vxfBr8Oh2QcjjANyMDmJVWNtQbDLJOe8ymow4U9ET6mlDvlDPrRANgN51MJPIx_Jj SuE6xBJ_DhKcOATZnQM54SBkqgAR_CNITW2__JLJFauvCoNH4SvTTzkPphSvL31r22Q5A==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.todaystockcentral.com/tZrpOigcuCmbAbhSqLFd1JJ6kPA3FP3qKUeV92Yjt8FNr8lHMT2ARl216WFhWkiQqpu5lWaguPUq0GQj8q5e31qV75S0E0sR3hsFGh7ueVegzmBAP9RbWztr27hxi8McPUNIpTSj3ic_f2fZM5VIWTEHpUmqhA==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/BhWUAAGgXf9fw5TyCyWjdKGLpwaBTuwYIWJefRfDfnx__mmKgXwP1GgN7cVwdktK VJA_dC4lfXcWFP6nbD8PSgQwFNozUuChycDMb1VartzdD1giyaXWXCWep_AVlt6Zn7V4ku8kC9Z8TJcpxC7t0yTGRqTvQ==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.todaystockcentral.com/er3WxMZ6zCcTjsfkE7_CIUKvQh5Wc37z9eaANGgpLpFLlKBmTYfNGSyWjukeSW0mddBmOzSBWCBD6As43vggFkE2rv7TewSi3fj6 DNy6tE1hIZ9NIvOL WP3p_T7YRM9hjhlP7ImfzCkjYatj6z55cDwGS8Lw==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.todaystockcentral.com/Qj8XcSk0sBWF_P43rRKPhpxWxKoOu4xQJNO3KiTSou9xyDWRAH7NErZxh_6eQNoC9_q00F9scQo6b9Z4gO8DkKNP642Q9zhUAuBWH_71YNfBblX36AUukYr4eSl1YK3pZ3BVlDNEG_Jl_Ud3ghnc7jYsF8PRJw==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/trB8INQb0aWplKWLgAEUk8VcV7FYBL7FHCKXGLgCAEYxzsRTrk1dDSnd8IGMk6b7yINfXf QnAoM2wjy 0SeuKnTAtpiJNHL8maSzHQbbsZCycR3puHeaGuYDm2esJ3nm0ifyWhMnPPJuhD16bv jOPso5clvw==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/7dBdlUirw31MDgpCGRscgvDFPAfWYLkYNcMgSl80gJj8hoTxluEU_ZbMKTSzEjKkqQIWQd571GzUsSFCfJXjuOIT7GpVk8LUQUhVtlILHjHIP220LsbK3Li0rMGWCdZ4zR36ObzjAbjTRCSkCvwZrUCxVlplpA==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.todaystockcentral.com/KRAs64iB9UI6hJm7azYBOtaqf0Cd2ta6ywYTqvbeY0uYGfY UTLyHHifBsqG_4te3Yte eMr25FAJmxVhJbmeN71MMyB7bLJ47Sr2nT6e2fHLIrkESJ5DgG6wsKryyR4ReZt9Av_SwJxyFrRrsbzB9ynhPGWgA==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/bebBoc5RRIuZ_DHNGBOEdHXmSUbpIZ7tjIHVDuI0blFnvxqxmritfl3eof55NHP8XQrnrcuyZ8pAhpzuvW7KBn1lh8jXZP2ohF1eQwPJ9u1h2RwldUDRwhpYdOtaW_olnJeK7ZsXoRa2usNsjGEZjMFORMaQuw==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/o5 8sw94tJZsgGwJx5CkqALj5M1dCFR2UIpCh4r8Ax_HZoAgv1Mr3X_t49vUPPq 2v6z6V ko_2pZd7vS4LnFb5YKm7CuYCHWixL9NPhqKCBzLV_XRJCvmk8dSSbqCE IIZ3p34z4xpfC8h31V2ww2741Fi7eA==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/2nrGzedSH1nxs1NncpyXo4rFS43 eio8168sTAMSb48y7R3NjN5F3N_rrbEMeXL_MK2rHvfhtvF6g2eajZs69 G2ZVyCNZZ3IuD8PelfrtscrzHM3D8th7L0809jEeClmw3l52EJp9brMShFv1S6YT3MDdoJiw==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/BoMTmzKy0_5JVz47BxgUlXHpz6N3OA1X2EMXIxqD3YVOY7CvOxChgjv2q_5 GWn aVD2kd6u L8EatHJoeORQEtl5_0RhRRs6Xd9IP46bt3zm0kQ5Z0MoXpxAGKhdCdKKCxCIM6VTb76NKiR3LSpGaXDAL_k9w==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/74eRWYhm0ceOtMrLn2P NCUkhlrJpIKYsevk5O6bpEFMFzTs0Jdppoa9 m8FkF9KqHfS2b5Zhz7EipZ2dKQ4XrYQe_lJBEg7M8JVb30v9thFwetBMYZc0a8jJlz5E6BNim0rJBoKCYA 75M0ApNLxFoap83A5A==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/EeqFQ67vqcoSLJu2_cwhY1zUG_7DouG6C WUBVQw8QpmMkwPz8bMhYlcbttszkXwGqJbvCPxP6 tbdQH31jEBl3raRAjNHOBnxkoxVqQc_9MrRP6ukqJ1mEf5xM7i1gGNJ 9PccJPHIGk0h1p1BAd7NTGanXZw==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/98fsaYG U3ja0hzPLaPMaSJM2oFST2KOa2NukvcqMPXooV7XP0UBBkLdzUaH6dBXfNMB3fnQNEGMHeMRYiLhGMzTqYDX0eVdGpep63VJ374cmNwz5_IYHtU9_ax3 NsFqM QX6x2OSxhPclGxSxhtAqAz0y1Mw==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/O3JmRVw x1v9MM2qbZxCyNzl3kbutDLS3bsy5uqg5dDWwlg0aA7kgteQg7tmLNCCrnvj4Zi4EPLkokUjUuqp_N_86ilYIH_nbggKCHqZV8kx5rJ v25GIUFTwdl2j_PjbG9Weo5GyA44ZJ2uOC63 Gbu_ZD4w==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.todaystockcentral.com/sY_XMAtaC4GyiiMRqLQ07 CFlXCB7dYWhXvVbW5e4PJ1klDSDG1yAw7xZAtKeyjx6s9mOziFvsSFl6rHK2ShKICjce2S8rSGXfoDhJ2e2XTNZ8MgemWP6NVM6sHWfzFa mqWhJhVuvZ7dFInR4Rjg1MvVhzGKw==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/Qb6N7Fp8y9_9GSdeN_CHW9t5Wr7E688l2wKsYs41UQXBh7BzfToUvn1qnSpeUIldeBYjbzdIn5R8CTJvuRLo8m4or9 uxatwXzaLZGRkE5zDxyOdJUxKqHW37Don3OzSmPKvSCHy jD 4suQGTrnXWRpB5kQkQ==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/1ppI69QmMSVNUcCPRgs1v3huc8Picnag0H4Ht0TeOm1RqDT25fkBUtAfiZDU3LRZqLUzu7HadLFPAeHyAPKSeXGRy1qnmiULbFOkbS5A_88AqUiV_SVQBkwT2D86e _f0oFD7A 9NSSzHESYyoCWgXDWODdgyQ==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/NqPgZwOW3zLLPzZbLMtkWpZxMN3Q8u2QICb8knA6insf24I78R0QZXQ_ YV5bDeUDbkWk8G S ce mqvLSklV5r3TbdUS3K2V0FuPFopuYigLR3jlCw_uXDZRbwI2en1wLUaoapgE5o4aFhIYLqVWgUMA73z2Q==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/YEganBYJr2Nv c2E731LkjZZ1tKkRdZgL11h09GS6AMS_9mBZ_JRa5Ys9H5QoA_RzFKBLNvdJEk1hrb6m8LCPh5DATb4Hqpq59uNq5YIhlyVlOorE8d77QC9CkqVJajPiy1eXRqQIsDMNKEn6SrpTQrq 8NEqQ==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/RWBDUC7F8IRQSQ5hEcm8uHgrcVMSDin1ECbWDlEIRPexKr_DOd6wlSiWESsFYzGZsYAj5G7bQrkXKCeCt5lL3TcTYqKrUY3T6E YOkLRMpkDLu8cGaLkWB03eY_pjpAfcEBV3 zrhGaEJcEumG2u4vNCV9lZQg==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/ACWaOGKt6j1SAyVNe1jLsxTdxo62D_fMphZHNYbuN0yF57ppncK7RpSvKlrdX3jswQm3hDGDVRT208lub2rYb6_5okUZ5HkFwnPitPL2AJI2Fb dupB0wxefmbASnrgOqvyupRq4G 3Y17VFV4kfe1kEA94AqA==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/Hc9ML6MPJ8CaAvoFZEwJOus4fUcQVwSQRfRMGQKqwiY4vk_baqpEx1yfMJsxZphu6IcwDa 0cgmHWNg4JbXUCcVNvB76iw1sMsLBwU W8fskBqZyRG_OnAf rVTjgJ3GIWY MfxRPJJuWVn4nDrhhmwrR61Ieg==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/vpgJ3r1amc35hUSg0jXdSOI2cl26dgzeF1r7eDUcy8qHthlAGObsok_Jc_gt6jSHLEc T2nCy9HjIy Byz0tn1jFmpK8lsVWqC9USQibNxExnjzYnKdS9OSs wREub3O_xLwFLY36zjEpYEf91Mg76EPLgCIEQ==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.todaystockcentral.com/VpGpEIBwqeQ1UH0rE9Tf_DDLJSZd1lvUxqK7sPvXzEqYQBN_cThs1H5NJfH2Uk_NiCnUh3CaMQJxSrjRiZNpehYzbPX8czdMuV fL2wH3Gp8dBbsJIWCwoICt UD71k7 NTg8h3v33 JrAfTZPfndqWpDi6MUw==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/YzXSMj6ci0_lUWOx8k0otNs4pheIRKl3QCtju 3DPfn7AlbRrye1FymBb1iA XeonDfJMfzr60cIlYCqSGY4 d7o8tpMc1siS47_G9BPRqbkAS1QIjjo13dFHChOp_hxk rP 8NoP0hDy9OLdfSFPgOis4DGRw==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.currenthostingsigns.com/AIz2qRx12KzKsScfXbkwoxa1fKOmqbpEgd_5sGKsQt8ntqrYIc7awtoZTkw9HZROBOBaD27htILEbpOYq4m0jZujsuGtCmahq_XCklrvn7l75MzlWt_OgS2G1_qvFxHC87q0CqJAOM2hD6PJmiIwvhH6uM3AsA==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

Latest 30 of 48 download URLs

Remove fyd_setup.exe - Powered by Reason Core Security