the_evil_within_b.exe

Dikesele

SpeedySetup (Alpha Criteria Ltd.)

The application the_evil_within_b.exe, “Dikesele Setup ” by SpeedySetup (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.farmupdatecity.com.
Publisher:
Dopud   (signed by SpeedySetup (Alpha Criteria Ltd.))

Product:
Dikesele

Description:
Dikesele Setup

Version:
4.0.3.4

MD5:
2804c622531cd74461218c2c1ec80bf4

SHA-1:
19ff3f7e611f5bc58b569d517a9831d56d14af7d

SHA-256:
203a432881e91b66d6332f0689947590ee671c5c25cf30ef88e6017d241ce5b7

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/3/2024 5:01:53 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
16.8.10.7

File size:
968.8 KB (992,080 bytes)

Product version:
2.3.4

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\the_evil_within_b.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
1/6/2016 1:43:41 PM

Valid to:
8/20/2016 12:07:00 PM

Subject:
CN=SpeedySetup (Alpha Criteria Ltd.), O=SpeedySetup (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216B7B9B1E7ABF6047433BDBCDE9234400

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:biRnRLOC11cdZtSXrK2kl1F9rrijlvcAb+H7:OlRj+ZUErWeAk

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file the_evil_within_b.exe has been seen being distributed by the following URL.

Remove the_evil_within_b.exe - Powered by Reason Core Security