» happy_wheels.exe
Overview
Analysis
File Details
Downloads (3)

happy_wheels.exe

Hukur

SpeedySetup (Alpha Criteria Ltd.)

The application happy_wheels.exe, “Hukur Setup ” by SpeedySetup (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.bundlessendquick.com and multiple other hosts.

File name:

happy_wheels.exe

Publisher:

SpeedySetup (Alpha Criteria Ltd.) (signed and verified)

Product:

Hukur

Description:

Hukur Setup

MD5:

682eda99dfa753d588cda67248f5becd

SHA-1:

6051e41cb1b0b0167c9673d23d48ec54d39b3ad8

SHA-256:

3c78137e4fdc3fdc94ff469649e92a161ff5128b990dca37b28797c05e2232db

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

12/28/2024 1:43:30 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC (M)

16.8.7.7

File size:

1022.9 KB (1,047,496 bytes)

Product version:

1.4.1

Program

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\happy_wheels.exe

Digital Signature

Signed by:

SpeedySetup (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

1/6/2016 9:43:41 AM

Valid to:

8/20/2016 10:07:00 AM

Subject:

CN=SpeedySetup (Alpha Criteria Ltd.), O=SpeedySetup (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11216B7B9B1E7ABF6047433BDBCDE9234400

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:aa1lP0Hq9f51nrrAH9FC5RxA+Zk85wKFWJ2wmpMxs0mUCy:aaz1Bt3AdclZbVMeL0

Entry address:

0xAA98

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9109

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

40.5 KB (41,472 bytes)

The file happy_wheels.exe has been seen being distributed by the following 3 URLs.

http://www.bundlessendquick.com/1V18Ybdu X8WhXX_59ZaahLEfD LTpwMBCk6R3sH8pdKKgGwXuCaBJsF2Qf8S 9CMPTPLtd6MXluvSuJoWgfo6we5zuzK62nSuL0cMGfC1yb7vtoSn6cb1Q4Sbbslk16Oa4l8CuMc4cFsUe5lBassEXaA6Oq v9gfUwwYtSOtUMJQH 02MYQqgEN9mL3eOAE15qSHjJlIg8WzjT6uCh6Xd4y7pYeefe 0WE53oFqzuWLFBIAKvadWkSDJxZ4TS1X X0KwGU1otj3GgEXyXetPV3kmL2Lym4c3FIGzzwQ WE1svb75X00S1TZxbAebH3LTiACVBzKHf 44Ew PDaS LM5CMEQIW8smEFaXewrXIlKAdQniToTzjFK9fkuuZuPavIiPbOhuhgISB9gefwVEIu0 _QhcL95H48TJAO1OXRFf_xf98VaeytXYZ7y0HaqgPJ4UJJfOh2KmYs7cRCyVnszD8blHKUBDlKd5X2RPgqOKxaHGUiApo9IYBsoSEs4R631PSRNphjTLfRFGNTTPW76DuC6tvyH87u0iNFcQPt8vWjiot0=-GzEAAERPFhPKY70JNuE2wCEHfEBtK0kwIAs2xs4VlMhvrAEFVgghbHKjzbMrsuV8Ag==

http://www.bundlessendquick.com/HwoOlb7487FfJkJ106JqcfYyd1MTXI9oO5Bi0rW_YBr12lKxVqgzJx9va2Z_BeG8K57z4YeIK 3iYLhpfxOO2fW72onuhfrbHvpwzbFQzqSnnSbezO0c5 7Y9z3LxwIG0Pcb0BFHT72ceOBm0roWqf7MWn7vvuSZrurU8ZzPfz0p9YOjhFI0LimcWRXky4vXcKaT dM3VedyvnIFZMDq7iMfJT6j0f4fk_l8cui_80d5DVDmcS0V_xOmDw6ImZRXRCcT08L8iryse0MCp0ZbKbyp4Y48h rTJQHzK3z3HnUJ4PlDQ 49TgepTR4lCNkudRq5XQVS0gYLUxQdP5U6mJEcDpabRqs2WMM07rGp46ZOanPUXDRB_X81u73_KWFZlv5LA7O5ZoCFYySBR6OAwTz4Im8fgCKeX78IWzncJVFMUKIYAz8fd1U8lT xCcDcd7sq4rQuhf5ZfGMIXWSceZuEJrbKXpHuiPAYLNXvoD5HXPLBByviPrAyLExd R5YmS6xNsmvKpLXjMFrgCebK bDD0rCqbKvaWqLjUvZjCebdMenr4s=-GzEAAERPFhPKY70JNuE2wCEHfEBtK0kwIAs2xs4VlMhvrAEFVgghbHKjzbMrsuV8Ag==

http://www.bundlessendquick.com/S 4hRD_07NDz6OLanrj3djXNA30MrSroKpZuPFNPMJ3lliOWRZgNu zB1OxYTSRyscI6SknsqkQ4V4mkF5X2WskPg9_JuMy_PxlEu1SMOCtf81geHUYYIfiSaBj4d0acWXGvQ41_qyJs EiBo_b8IGwMg3COzZgC9iui1oOpuZhMpWH6bAMTpZP3QnAdpeaGzIV890vguyBl5hTrIdUACxsvqQCP3tfue5mECIjulPa5AOlYThS4if4VOYYCIs9bhFIXrKF4ZWdbO2f0AAjGD9JunP0QZ5kxAVwNIyQuTrijwCeE0FBDkpp9FiTbv MXBfFmjlWVM1WoB7m0W7M3G8gtA07GHawezG9vWcpMh8BS6a8N4VdS3SBUHier D1WsFEfZLersdM1S59U036CVQBXmqsCAzB_ffmONWl0jmF WkfOtqbFG4rkltgnQE_3txP8xPdiGygsZBH8a fUPVRN3d9k2He__mZS7Ww67zZ6qQBcAf8DdcoP5BFOa5rlnjRKtt7534RcbZk00PFKkduSYXPYKz3p67T36CfMtxGel8OLTQ=-GzEAAERPFhPKY70JNuE2wCEHfEBtK0kwIAs2xs4VlMhvrAEFVgghbHKjzbMrsuV8Ag==

Remove happy_wheels.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.