secret_shared_zip_pdf_downloader.exe

Bicycle Installer

Goldencalf LLC

The application secret_shared_zip_pdf_downloader.exe by Goldencalf has been detected as a potentially unwanted program by 18 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from dll513.yourfd.net.
Publisher:
Bicycle Corporation  (signed by Goldencalf LLC)

Product:
Bicycle Installer

Version:
1, 0, 608, 1

MD5:
ec35b7d5b15640bac626d2a8eb675857

SHA-1:
d161bf556d4b06c26af88012b41ff09e1442f10b

SHA-256:
773af56abb01891c698fc8d6af7af9c08d1e187bdbe1d84bd0bbd7237e7c3ee2

Scanner detections:
18 / 68

Status:
Potentially unwanted

Analysis date:
11/14/2024 9:03:36 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Mikey.10506
6187663

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.YourFileDownloader
2015.04.30

avast!
Win32:Adware-gen [Adw]
2014.9-150403

AVG
Downloader
2016.0.3151

Bitdefender
Gen:Variant.Mikey.10506
1.0.20.465

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Downware.11073, Adware.Downware.10707
9.0.1.093

Emsisoft Anti-Malware
Gen:Variant.Mikey.10506
9.0.0.4799

ESET NOD32
Win32/ExpressDownloader.K potentially unwanted application
9.7.0.302.0

F-Secure
Gen:Variant.Mikey.10506
11.2015-03-04_6

G Data
Gen:Variant.Mikey.10506
15.4.25

IKARUS anti.virus
PUA.Expressdownloader
t3scan.1.8.9.0

K7 AntiVirus
Adware
13.203.15755

MicroWorld eScan
Gen:Variant.Mikey.10506
16.0.0.279

Reason Heuristics
PUP.Installer.Goldencalf
15.4.11.23

VIPRE Antivirus
Threat.4150696
39486

File size:
4.2 MB (4,446,432 bytes)

Product version:
1.0.0.1

Copyright:
Copyright Bicycle Inc (C) 2015

Original file name:
BicycleDownloaderInstaller.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\downloads\secret_shared_zip_pdf_downloader.exe

Digital Signature
Signed by:

Authority:
Goldencalf LLC

Valid from:
3/27/2015 7:56:58 PM

Valid to:
3/26/2016 7:56:58 PM

Subject:
CN=Goldencalf LLC, OU=Goldencalf LLC, O=Goldencalf LLC, S=London, C=UK

Issuer:
CN=Goldencalf LLC, C=UK, S=London, L=London, E=admin@goldencalf.com, OU=Goldencalf LLC, O=Goldencalf LLC

Serial number:
100001

File PE Metadata
Compilation timestamp:
3/30/2015 3:57:37 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:tsBUte5Cdc19j4xMHEnk/dBoJrwKeI1fsdLkAqhRlN:uBUU58c1l4xsKwoJs8ckphRlN

Entry address:
0x8314C3

Entry point:
E9, 7C, 54, FF, FF, B1, 37, 29, 4A, 98, A6, 9F, 94, DE, C2, 60, F4, AC, A6, 0A, 82, FC, 7C, DE, 52, B8, 24, 82, A4, F8, 86, EA, 08, 90, B2, 94, 9E, 26, 48, 9E, E6, 1A, 1A, F4, 5D, 4F, BF, 0D, 46, CC, CA, ED, 36, E1, EB, 17, DA, E2, FE, 38, 0C, 2C, 56, C2, E8, 40, 68, B2, 38, 7B, 38, 76, E6, D6, 7C, 28, AB, 3A, 84, BF, 56, 77, A7, ED, 6D, A1, D3, 83, AE, A0, 46, 47, 58, 13, 94, D2, 12, DF, 00, 3E, B8, A9, 3B, 6B, E7, E3, D3, 59, D7, 33, BD, 97, 91, 01, 9B, 6E, CC, B0, C6, 8A, 70, 93, FE, 33, 85, F9, 5E, EF...
 
[+]

Entropy:
7.9220

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
796.5 KB (815,616 bytes)

The file secret_shared_zip_pdf_downloader.exe has been seen being distributed by the following URL.

Remove secret_shared_zip_pdf_downloader.exe - Powered by Reason Core Security