home

iwatch_dvr_windows_phone_downloader.exe

Bicycle Installer

Goldencalf LLC

The application iwatch_dvr_windows_phone_downloader.exe by Goldencalf has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from dll513.yourfd.net.
Publisher:
Bicycle Corporation  (signed by Goldencalf LLC)

Product:
Bicycle Installer

Version:
1, 0, 608, 1

MD5:
7c356a0be409e4cae74d5107fbe06d80

SHA-1:
eee25791742266d7bb69e478543b92a36fb9fe49

SHA-256:
6c23ab599f800a95f5ac6364b990c37f248d7e3af50a00a344c8327ddba595de

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/14/2024 9:10:17 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.7.21.13

File size:
4.2 MB (4,429,720 bytes)

Product version:
1.0.0.1

Copyright:
Copyright Bicycle Inc (C) 2015

Original file name:
BicycleDownloaderInstaller.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\iwatch_dvr_windows_phone_downloader.exe

Digital Signature
Signed by:
Goldencalf LLC

Authority:
Goldencalf LLC

Valid from:
3/27/2015 10:26:58 PM

Valid to:
3/26/2016 10:26:58 PM

Subject:
CN=Goldencalf LLC, OU=Goldencalf LLC, O=Goldencalf LLC, S=London, C=UK

Issuer:
CN=Goldencalf LLC, C=UK, S=London, L=London, E=admin@goldencalf.com, OU=Goldencalf LLC, O=Goldencalf LLC

Serial number:
100001

File PE Metadata
Compilation timestamp:
3/30/2015 6:27:37 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:OsBUte5Cdc19j4xMHEnk/dBoJrwKeI1fsdLkAqhRl1:PBUU58c1l4xsKwoJs8ckphRl1

Entry address:
0x8314C3

Entry point:
E9, 7C, 54, FF, FF, B1, 37, 29, 4A, 98, A6, 9F, 94, DE, C2, 60, F4, AC, A6, 0A, 82, FC, 7C, DE, 52, B8, 24, 82, A4, F8, 86, EA, 08, 90, B2, 94, 9E, 26, 48, 9E, E6, 1A, 1A, F4, 5D, 4F, BF, 0D, 46, CC, CA, ED, 36, E1, EB, 17, DA, E2, FE, 38, 0C, 2C, 56, C2, E8, 40, 68, B2, 38, 7B, 38, 76, E6, D6, 7C, 28, AB, 3A, 84, BF, 56, 77, A7, ED, 6D, A1, D3, 83, AE, A0, 46, 47, 58, 13, 94, D2, 12, DF, 00, 3E, B8, A9, 3B, 6B, E7, E3, D3, 59, D7, 33, BD, 97, 91, 01, 9B, 6E, CC, B0, C6, 8A, 70, 93, FE, 33, 85, F9, 5E, EF...
 
[+]

Entropy:
7.9214

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
796.5 KB (815,616 bytes)

The file iwatch_dvr_windows_phone_downloader.exe has been seen being distributed by the following URL.

http://dll513.yourfd.net/j5GsQGPEqlMt0LtNIc 4LWrTojQ5sLEkeKH7O2n10Gcs 91iF LdbwCnmD1DvMxSHuzBVgbT3xtXlokBX5peGlrRNlE2gmgdIJ1uID6BYeZzyTPkPml64Gs1O/s e377MX9RqhZ4TPoCZ0P6HjZSzAM6QcMBf1rEA0pJ3QMVFeRYXiDW7m8q1 9XJuDkV2zzqEgxtM0pKfandWzhqH1T/al8S GVdhy6 TwMrMJlSNOaa0fVg1VI3YMCHomKW7mSiFm2zvRCsMijQ 7M Ru3dq9B1k/07P42s q7bLv8nD7vqtVljfTceJLLxHvXqpdRj/LRGsOZiB3EgskSko6qVoeR9Q9k1PALMYysCDqAsnJvirR/.../eiXxvn97roVjf6o=

Remove iwatch_dvr_windows_phone_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.