songr.exe

Bilocideh

SpeedyPrompt (Fried Cookie Ltd)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application songr.exe, “Bilocideh Setup ” by SpeedyPrompt (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
SpeedyPrompt (Fried Cookie Ltd)  (signed and verified)

Product:
Bilocideh

Description:
Bilocideh Setup

Version:
1.3.4.5

MD5:
c3d4410a88f37b240adead611e23740d

SHA-1:
4574b158673bb2ed5b0554b2706e3aa46dd83595

SHA-256:
67a99d387b8703c3fcf9955585d850e4061aad5067e2e9643d56a5ca76e9aca5

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 3:15:14 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.FC.Installer (M)
16.5.16.19

File size:
940.1 KB (962,688 bytes)

Product version:
3.8.9

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\songr.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/17/2015 12:03:52 PM

Valid to:
5/20/2016 1:07:50 PM

Subject:
CN=SpeedyPrompt (Fried Cookie Ltd), O=SpeedyPrompt (Fried Cookie Ltd), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121D77437A5B286B055B435AA59CB4BA265

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:WTZ/UNmp+F6Y/taNJPjYhVyP+a+8cMVTQAl/8nXoaY7Ab1a5Fnh2IUIjmm0ESlXL:WTZcQpqwJPP+a6IXUgAb1aXhxUT7lV

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file songr.exe has been seen being distributed by the following 50 URLs.

http://www.quicktowndl.com/c?x=CwiitaTSzoHJ/Szgk8XvJs0xraQ/eYIeRZ MGfy2Br8=&c=ug3Zk8IlFoHD0QO9sG7AWqFYWjOLhfz/JHCVfdbtRMRZ5AtBybPvi5fl5/IK4qgSQmRL38FpfuxM2lkvZXv7 qbe3rdoU2Pok0aVl Jehl/NvsFnVmGmXWPh1Q2IQq4M84A/bYP5j9/3gVWyluyFszPQ3j5ZFslxEXwD0/txQOo=&e=0&fallback_url=https://secure.innodl.com/.../songr.zip?st=Jrwlb9L0Nz3-Zi2csJhiMg&e=1464059661&downloadAs=songr.exe

http://www.quicktowndl.com/c?x=vHyNnwkpBIL4JRKzPR04mjw/RlJlTVJha/JJkM98bgc=&c=P45QJLKaXzvQ7QhC6jMjeElSvO29BaM1OsEa3j9FAPgO8W1tdqfj pFOqhfus2mF0nqxmlnovdFfy3W JhXEuubn9YrweSDK 5GnFY0Tj/Tdd55UoM1nY RRpt3riVPO0t7FlalS4OiEIv0bZIJoEpEwRaVUQHAQu9HrkefVx9YBGWEWZdxcc8JS2NfCFNMb&e=0&fallback_url=https://secure.innodl.com/.../songr.zip?st=jTZIlHoL-4P-iedbFSWPNA&e=1463871517&downloadAs=songr.exe

http://www.quicktowndl.com/c?x=9EjFR8ifkPBm3Bdw6s9BpVCyG4oKmaGyuLuvmQJtjrw=&c=HArSaciefUnyWsgJL/rA45TlCUPa7vgb9wFx qBgDlywqqEXC75W8sTVh bl3S3NF0TZ5aFt7eaJL1jtiqc0g4RH2FSL4q /zBkcCqhOBDrqlhy2oFglYhuMSUX35yY4m2jq2IJqoYRquhdmyNmZElF5rPB6hKbWUvrq dVb2mt snajDFZHAqOlruqY TBz&e=0&fallback_url=https://secure.innodl.com/.../songr.zip?st=qerU7Q7URUmIxtLU3Decgw&e=1464045718&downloadAs=songr.exe

http://www.quicktowndl.com/c?x=9wfUq8BjP9MfzTHxCeuJEmao8lrmzqG38zsrua4f/ZU=&c=YgWjT0L6T7phjF8qmXyA7TaJljDBhFrboItJhrZ1LWgnvfxZvRA7biJTLNDVO2bOFpO4SXGF0AGXiOhLQWlZKbz/d R5PE/xdi9mZSiFf5Srqul39JgXTzBCmcWJbfAYox8Fc/z1IAcOYjxySEwdFpx6 jx9EkAIQCiFQGQofas=&e=0&fallback_url=https://secure.innodl.com/.../songr.zip?st=fUQ12HJVLQzNpOwPHtackg&e=1463966250&downloadAs=songr.exe

http://www.downloadsbundleranch.com/c?x=vcTA619aJeuZsYgl4EXRZVhz6wp 5/W0lOpOUfaFsLk=&c=MpJyT qt4RsZ8vaD6AE6FtWkSYubF1gQ1ieplTMfCgV/OJ99si EZn2zI SyRSKy7wuusaO/FwzupU7ZIiR4QfjHOpQdQ6ZD/IZ73foLMUd8bA2W913DmI rGdy9ZyA0GXUvM1bzqjOWNSR14EylSd6Kg3cGb6pfrJlODd8OZZhB5UKbC/Mlr0yCYRjFEd69&e=0&fallback_url=https://secure.innodl.com/.../songr.zip?st=jOAimeaKmr9Z3EhoFW1pDw&e=1463514994&downloadAs=songr.exe

http://www.quicktowndl.com/c?x=m35ta2EYvmPcgENnokPIqMu 0FkEvyd e9OoEv/jhuM=&c=obM7zn6Ob12PSN1i49Q GEuUqCHn508kBFWKVcTR9YsnjvqxF3kQWgd7hNG6TNkgikCkL/Pc6ofviXgzZtyhLuitUoZumbXAMbmvwIFwaq9/RIUgS9BZefxTy6KK8WuRTYuiyCFyywvsBTJnND6I9t/1dX8TwToVxtBHUVik/Go=&e=0&fallback_url=https://secure.innodl.com/.../songr.zip?st=1bB291Ela3jbVOd4kmyrPw&e=1463960398&downloadAs=songr.exe

http://www.quicktowndl.com/c?x=Ng1kzZr8D1BMgb60jLcXCE5Z/PwYhq0MDJKR ca7 SI=&c=pEOkCjj1Btd25Gwf5pMBd1jcYJzeRsH6WbTfkZbFAnbW4f4J/Tar aG1lESBZzzi3rpDYXXirCNz64WZTJxpyw2wT4P0QsdKf1kgX6fQhUfHkKcXr ctxA fE20i2D6kNJHxBCzwMd4rm5NU9YlLo7/ykfjCgdadV5EXbxumP/NUXgxbiReOQ97BJp0OTkl/&e=0&fallback_url=https://secure.innodl.com/.../songr.zip?st=B0Mi9p4AMvjp9Beyvyi_Dg&e=1463947638&downloadAs=songr.exe

http://www.downloadsbundleranch.com/c?x=bdjOpUVU/wrl96PI2rOCqS3TVFR031pCmXQwurtxB1I=&c=TNBRjIj62IWy3BWUAsz/XueBwhSq4N iYihel5DAiruBnOUUpFEPYZCY9 lu8tJJFm/vY1TBtl6lCxft5ldzE6Pj5uh8RYn4tB68heVWl56N381PDg5ocYJoMIA10Om V7uz7DcSaaur26LPSgp3Ttzp4NgYnU6/9ggesY31Oy0=&e=0&fallback_url=https://secure.innodl.com/.../songr.zip?st=qDxryPWfMJsVExuyO5wt8Q&e=1463523990&downloadAs=songr.exe

http://www.quicktowndl.com/c?x=bJquq9wuBlYWSZLRwcQel5CNTU5gbsu93ro1YwLUAjE=&c=EvPOG8 8IlFZgld1 dgO/iitObg7/btecVLizpj9Sf4s9AIWh7CM5RR07oDzmWOMwweC//knD5XkhZMJwQ8v Nrc/208/r4Zg4m6ux847EPMUiJA5l3r9bDHS/D5hs1PzCuR1CfAvKpOpVWHo9DMnR90/ejBsudZlCO8o6Jd0elTK82sqmrgytCg7Sfcd/Jr&e=0&fallback_url=https://secure.innodl.com/.../songr.zip?st=ZeIHvNJX_G5E-qDaTbdBow&e=1464149362&downloadAs=songr.exe

http://www.quicktowndl.com/c?x=rjOpen yRo6t/g7lHWU WnlFZ/oAQCLpD9Lb96PXIns=&c=BAh61O7yC6kXhTcPMZPnVnmArEOG8ATFCs6pXAJhJEwy0jqQkHvUOiiM8pcHhzIPo/TfhsNIRODfVp5uQ4HNSjUomwcrsId/ivbN 1/Ob73gBF4/fJEIFSr5J6AxgKIAxn7Q/H9r2rvHBbO 91PNze3JGBa6sno/zqQboORnk rTKM8kGqnMMc7pnkpQ3Nnw&e=0&fallback_url=https://secure.innodl.com/.../songr.zip?st=l3iPduZXfiRH66LonskPQA&e=1463790059&downloadAs=songr.exe

http://www.quicktowndl.com/c?x=y1 J/FlSFYci0dB7vki65mBOCIxeP BeqjoEZeyTFIs=&c=E3UWWw6WkuHpGqVSmWvm8w1 Pv2SmbeLMQfNE0CBSF8DquT/0MGvKQLBlWZN4ECopsjMx03NEBrKtpJxZnf50Da4OfOnvj3Uzh2pFslI74mdGlgGBJwJEQZX/7Pwf58JWHWTDEfGevnt2jqSjqGws 8 n4Iwa1ZX/4nbqDa5VM9/YqCKamZfkkbUlrCQS82U&e=0&fallback_url=https://secure.innodl.com/.../songr.zip?st=bbgq8XEOtcBzfMtDr-Vhug&e=1464144865&downloadAs=songr.exe

http://www.quicktowndl.com/c?x=LBlOk3yxGO74s2dxfpT0Ygm6emHV5iH7s7erXGQGBdI=&c=yitIwYyFZZgUDRLmogGaw yQ/HkRg GTDltDazgvJIDCzjjm3r grIbyYUsoxwqSD/7FGaOEgaKnpA5N RN9Qzik/ NHRWnJWZikZWmcyjvjPEKF5RHtAZGtsLFmmq4Gt2E9A2OcD3UmS4ekr3m3txPr7pDu8ZrIfzHsZJS27V9hd992IjcgCki8GJFVcAw6&e=0&fallback_url=https://secure.innodl.com/.../songr.zip?st=8aBZonHaQTI8xO4Z2R_Vug&e=1463946329&downloadAs=songr.exe

http://www.quicktowndl.com/c?x=N/VnLp3EPNeL5geonNBIk2YiWdwf XVOuJV3zFEjMr8=&c=6FGlqgeV tdu/ UkbeqDJAX k5VEafJzAWDQGMGQbm8yYRJ0kYfJWVKVkzzsoPTFrgr5lEFy9eiY eZe2sdpCZC80b2X FnHanR41jdG4vqQrB/TnsxcihmxtnLh0LThVD HT/q0GnF789Uv4mRifajY1bQZ6ZAxiCbTKea kLL/1EmGcOFP1Z4c5771t3xD&e=0&fallback_url=https://secure.innodl.com/.../songr.zip?st=kk7QghTXXiG4w2WkfDccRQ&e=1464131452&downloadAs=songr.exe

http://www.quicktowndl.com/c?x=w4OQ1X6ZkaLBLeP HdtGrHNy8a5 IIeKxmwmFDvw JI=&c=TcZer8caJamjjN/JW75IQfTfNlzRVCv/nUf7fwunkOcvGDKg6P3jPAJQO5mLWow8WOfma0OlCXbu/HTStV97kJaMJFIi3O2h70yNkomAAxfMNvD8eTfwNNY6TXsek9CVW ppHkMSAfd2HZQ9tjlnn/zCEE7VfB4ap7aCBUuy8Jz/agfX1YWiKlEuXkZocywt&e=0&fallback_url=https://secure.innodl.com/.../songr.zip?st=5ZSQrz0_sl6K9PE5mJM_DA&e=1464028985&downloadAs=songr.exe

http://www.downloadsbundleranch.com/c?x= MUQn3EMvRp95zkznBP5 o jvrBArbQ3fIetewtHG9c=&c=KC/y3mKuCHEtsr3dENBoht/dS7NIY6Abq13NSgBf2hUp0az2ymIG2LvTm04qfuItrSutQO5HlyyzsskGcWg2LejTlVIMf0avBfePk2JN8ywDQ2O/JcfDvWwjuEXSUuYAJewuDxqM59FkM6yusBVyw20b7dhJTGIrceeQBQFBFRQOg3y3TxonQ2ysrfmvvEOe&e=0&fallback_url=https://secure.innodl.com/.../songr.zip?st=ovLmMc4HfdV7OTE7mpfQ4g&e=1463434797&downloadAs=songr.exe

http://www.quicktowndl.com/c?x=iTgeusq6eqsF/kItJlOPUpGMIYfqlTenNVc72Yhb18k=&c=A0XWP6qKer9okpmsvObXPl2d3WlXdfdIUi7vKZeURB3BWOV7/iOSHbUZ547SU6/hb/cBFPQqntxs51emm0oFdiUxJ sP60amS1zuMIvHpVEzXa/wdBXDTD0ah23n fi5Ro9e3Fjktjp bW/PbCxTDUAPn32YhOqH6HHpwwgjDa8=&e=0&fallback_url=https://secure.innodl.com/.../songr.zip?st=nwNpJn1argzASbfKOrSPlg&e=1463726735&downloadAs=songr.exe

Latest 30 of 61 download URLs

Remove songr.exe - Powered by Reason Core Security