home

tus4pdf-xchange_viewer_pro_2.5_build_309.0___only.rar_downloader.exe

Bicycle Installer

Goldencalf LLC

The application tus4pdf-xchange_viewer_pro_2.5_build_309.0___only.rar_downloader.exe by Goldencalf has been detected as a potentially unwanted program by 17 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. According to AVG, this software downloads additional adware offers during setup.
Publisher:
Bicycle Corporation  (signed by Goldencalf LLC)

Product:
Bicycle Installer

Version:
1, 0, 608, 1

MD5:
8169c3d535aac896739206a3d77b6f19

SHA-1:
c256571cc277b53b046769b838768c2a9c8b7ed5

SHA-256:
4d9ab21592c6508c882ab31d09fd20cd1a4753dc048be9228d7ec27782a17a3d

Scanner detections:
17 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 12:22:59 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Mikey.10506
552

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.YourFileDownloader
2015.04.30

avast!
Win32:Adware-gen [Adw]
2014.9-150504

AVG
Downloader
2016.0.3120

Bitdefender
Gen:Variant.Mikey.10506
1.0.20.1070

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Downware.11073, Adware.Downware.10707
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Mikey.10506
8.15.08.02.08

ESET NOD32
Win32/ExpressDownloader.K potentially unwanted application
9.7.0.302.0

F-Secure
Gen:Variant.Mikey.10506
11.2015-04-05_2

herdProtect (fuzzy)
variant of 1fn3umglyo.tmp (PUP)
2015.8.2.8

IKARUS anti.virus
PUA.Expressdownloader
t3scan.1.8.9.0

K7 AntiVirus
Adware
13.203.15755

MicroWorld eScan
Gen:Variant.Mikey.10506
16.0.0.642

Reason Heuristics
PUP.Installer.Goldencalf
15.5.4.6

VIPRE Antivirus
Threat.4150696
39486

File size:
4.2 MB (4,439,680 bytes)

Product version:
1.0.0.1

Copyright:
Copyright Bicycle Inc (C) 2015

Original file name:
BicycleDownloaderInstaller.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\downloads\tus4pdf-xchange_viewer_pro_2.5_build_309.0___only.rar_downloader.exe

Digital Signature
Signed by:
Goldencalf LLC

Authority:
Goldencalf LLC

Valid from:
3/27/2015 2:26:58 PM

Valid to:
3/26/2016 2:26:58 PM

Subject:
CN=Goldencalf LLC, OU=Goldencalf LLC, O=Goldencalf LLC, S=London, C=UK

Issuer:
CN=Goldencalf LLC, C=UK, S=London, L=London, E=admin@goldencalf.com, OU=Goldencalf LLC, O=Goldencalf LLC

Serial number:
100001

File PE Metadata
Compilation timestamp:
3/30/2015 11:27:37 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:vsBUte5Cdc19j4xMHEnk/dBoJrwKeI1fsdLkAqhRlF:0BUU58c1l4xsKwoJs8ckphRlF

Entry address:
0x8314C3

Entry point:
E9, 7C, 54, FF, FF, B1, 37, 29, 4A, 98, A6, 9F, 94, DE, C2, 60, F4, AC, A6, 0A, 82, FC, 7C, DE, 52, B8, 24, 82, A4, F8, 86, EA, 08, 90, B2, 94, 9E, 26, 48, 9E, E6, 1A, 1A, F4, 5D, 4F, BF, 0D, 46, CC, CA, ED, 36, E1, EB, 17, DA, E2, FE, 38, 0C, 2C, 56, C2, E8, 40, 68, B2, 38, 7B, 38, 76, E6, D6, 7C, 28, AB, 3A, 84, BF, 56, 77, A7, ED, 6D, A1, D3, 83, AE, A0, 46, 47, 58, 13, 94, D2, 12, DF, 00, 3E, B8, A9, 3B, 6B, E7, E3, D3, 59, D7, 33, BD, 97, 91, 01, 9B, 6E, CC, B0, C6, 8A, 70, 93, FE, 33, 85, F9, 5E, EF...
 
[+]

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
796.5 KB (815,616 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.