» five-nights-at-freddys.exe
Overview
Analysis
File Details
Downloads (10)

five-nights-at-freddys.exe

Rofahodec

Quality Install (Alpha Criteria Ltd.)

The application five-nights-at-freddys.exe, “Rofahodec Setup ” by Quality Install (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.downloadclearbest.com and multiple other hosts.

File name:

Publisher:

Henedoho (signed by Quality Install (Alpha Criteria Ltd.))

Product:

Rofahodec

Description:

Rofahodec Setup

MD5:

57f6260e75c669a39ff80c2ffe4f6811

SHA-1:

177923288ea779d303a27f7d791130dda716d4a0

SHA-256:

50ad7a21c4ea4863e6497479a140648949f7c3f077a16d343902a01ddee7ccdf

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

5/12/2024 11:05:01 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC.Installer (M)

16.6.27.20

File size:

1007.8 KB (1,032,008 bytes)

Product version:

4.2

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\five-nights-at-freddys.exe

Digital Signature

Signed by:

Quality Install (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

1/6/2016 7:14:15 AM

Valid to:

8/4/2016 9:59:05 AM

Subject:

CN=Quality Install (Alpha Criteria Ltd.), O=Quality Install (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121BA484E4C31175E4A844ED055428DEC42

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:ybl7mOxyccnc6FUxSRDlmSOwxk2y/30v8pIYW:y5rcnhRDJzF002

Entry address:

0xAA98

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9248

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

40.5 KB (41,472 bytes)

The file five-nights-at-freddys.exe has been seen being distributed by the following 10 URLs.

http://www.downloadclearbest.com/c?x=QdWLohPe66rMarDqi125ixqLQk0TAI/B3klIGirQyQo=&c=X5QJni75DQS73nuSEGtvhC34mi/uKyMt/L46ArV00lYoCOqoZhltDUX8Ps3St6asekBXd46v51VNLzHk5fyWRwZqyYGkHTnYOvHFfqsUnpQgbouB6n/q7T8h0zb1pCQkTJQsXLn49cSWfBnjZMLjkladRMNB5d70MQjFeuz5RME=&e=0&downloadAs=Five-Nights-at-Freddys.exe&fallback_url=http://softdownload3.com/s4m/.../five-nights-at-freddys.exe

http://www.downloadclearbest.com/c?x=zFL6d1lsXd8e zhuJiL5BkyhhC9DnamWahYwXsgJ2pw=&c=w4rV0U1Q5QYeS1q1k9gM/6oYJc6rfAwbB7Xf2U0m pa9UAeaUp907rDkL9FHZ2e99xrVaQlYd3DyRK7kmz9QjkWbettoBV3tHIJ7aqVs2o2 DoEnR1LX5yAHRxwo N0UUuQPEWtBl7zLlvSEUNtCTDvNv9FLVZgF6GZ5YHjY54o=&e=0&downloadAs=Five-Nights-at-Freddys.exe&fallback_url=http://softdownload3.com/s4m/.../five-nights-at-freddys.exe

http://www.downloadclearbest.com/c?x=beQc6csG11P/bmonk94c0WChQztiPkv/dm9pm0fSnpU=&c=vKzUTIXjgZQZVB/7KoGgd8FM2OJgGXYr8MXSYnsDscjoLySgh1DG/EsgRzsnG9NXSbod32cGFoVOIoyvhxexzjaJS2YTsmT3ayZZW6y0Ht8q6KwWeS3xSsXa0n8 yBV3L4EFUEwcvC4sXI1eZ32C ePdI0OAaTLPG4wy3Ouwvw4=&e=0&downloadAs=Five-Nights-at-Freddys.exe&fallback_url=http://softdownload3.com/s4m/.../five-nights-at-freddys.exe

http://www.downloadclearbest.com/c?x=9AFiMiyHXkSeZXEnjff3ka0FAg4WO6ZxQ1KgtrqfV4I=&c=hWvKcX uU8QrxJGSNTEDYlxCWIoLpVcvLkGASjGKMrEA5xSGK610aTmNej3xfuNT6Wb4izfBKHahkPpH1YIezY5Oo4dW5z0MK/pr6X11jBEd fDOJ55ZUpHMT2wQkH5aU967Xg x4dEsPI19iO0UStlr0z2VrtvAeEyF8Jgehsc=&e=0&downloadAs=Five-Nights-at-Freddys.exe&fallback_url=http://softdownload3.com/s4m/.../five-nights-at-freddys.exe

http://www.downloadclearbest.com/c?x=FMP2b6TIgVNE7u8pJTKDnBj8ia2OXDziQ15tNgLQfZ0=&c=5/yx8HE/XziojOAU9XGMn9Q7bBtsPQnAG/jgb84fTRhym2AB8SR 0gs52LZFpXEBu4T1zhTwVZ9EfBl6jHKQ1iHJGiVPwh5akIjW9lL9rKyCB31qsSPJWhOsE1SMpEUqdoTYuR91PBvW/W1EbbqE2zSYcnqYcV2dZLMjlTv5nRY=&e=0&downloadAs=Five-Nights-at-Freddys.exe&fallback_url=http://softdownload3.com/s4m/.../five-nights-at-freddys.exe

http://www.downloadclearbest.com/c?x=rVQv5cwmbnQXZnY4cQPla/n6c1WbRtWyGcDTNKoRi A=&c=3z6 jqbKR4lCVoMEb/XCZ7M 7MNN6l06DUkyDHVwbTlcl88um8Ka4pTRWNsKHtTrz6rCHIIBpMgxlEBEUNIY1p/ SIzTjcqC/NcldwyncuDtFcaxJqyy8TD8tOxIZTazUgEnWh54mc/IR8w6YINBTFpDheZoWSwiyGpF 8JtSow=&e=0&downloadAs=Five-Nights-at-Freddys.exe&fallback_url=http://softdownload3.com/s4m/.../five-nights-at-freddys.exe

http://www.downloadclearbest.com/c?x=nNwy7ekUECKF8L/Yrk5PC15mYmW/XRXLYrnsn RNY2Y=&c=twbzsj0h5lTrMVcI1t5xDMAn5 Ny9I 78eB3iYclaHyXHje/3en/r7oHmnanGbLJWvJ6P/ROWPNM9A9ENs9rYZU9pw6/iOtUZD3RBAVNPzUQ BzSbsY/3 ddK3W3qol42NZ7ZXHu6vV6 35 8gU6wyk4BMOzPXeqtDujzl7IEmI=&e=0&downloadAs=Five-Nights-at-Freddys.exe&fallback_url=http://softdownload3.com/s4m/.../five-nights-at-freddys.exe

http://www.downloadclearbest.com/c?x=Q C0VpErfLb67pECKsEWlS4rlvdkBKH4PJD5lR5dkd8=&c=VG4k7u/YjEfZTOI8c3gpPfn5Gjeds5dfgz kyULdfchqWvGEPMDx5tTnEOb/mNVYwH1HRUPQaWMRRz7ItOdINl9IeUMWbrIRTP73JIUuiRlCNh3Gj4/FjMRKE/39UHSjERPOmOghJFkqqLgi2tmmnmDMKYCgWGK3lxnvzK S93g=&e=0&downloadAs=Five-Nights-at-Freddys.exe&fallback_url=http://softdownload3.com/s4m/.../five-nights-at-freddys.exe

http://www.downloadclearbest.com/c?x=4zZ oBJYf7belGnA3Nh4Sza9cmeYYHYo4A0LqF0CfUA=&c=xwzWTXFn8GC22DbuwrcfeaqnKFFCXza9uCDgdn7rUD010QdLGJanYYMVumcpwxbGRTkmZ/5zSpd/2Wl8X4FSYNUUS58CloV2v7WXE0bbJCNbu1AL8mHJtNuN5B11JaOoCIgZRt2pEf2qLyBh1FgUxUSaKwOy1AChmxyp1kOJtyQ=&e=0&downloadAs=Five-Nights-at-Freddys.exe&fallback_url=http://softdownload3.com/s4m/.../five-nights-at-freddys.exe

http://www.downloadclearbest.com/c?x=wh7kRRZkSQeBnxPc3F3WCoaNZ1eDQ/Oo5OaZgWT9kqw=&c=/XhL3E5Dc3fTuclgV mI4 INpzmZUVD7/Z0k/tV9p75yMv6uUkOnx63bXQntParrGSPJRcIwEiKsG/PdaMbCezTyu3rIgsAoB4m7dkkzjGY3uFrmyqTP/Hr8kh0xvaIf4gXG6CcTRl9jJsIhBbYIDJ77lgMMhzaXrfTWYwY0qdY=&e=0&downloadAs=Five-Nights-at-Freddys.exe&fallback_url=http://softdownload3.com/s4m/.../five-nights-at-freddys.exe

Remove five-nights-at-freddys.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.