five-nights-at-freddys.exe

Hukur

SpeedySetup (Alpha Criteria Ltd.)

The application five-nights-at-freddys.exe, “Hukur Setup ” by SpeedySetup (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.bundlessendquick.com and multiple other hosts.
Publisher:
SpeedySetup (Alpha Criteria Ltd.)  (signed and verified)

Product:
Hukur

Description:
Hukur Setup

MD5:
0f8c2ee96a9ab85c17ef0074028d9995

SHA-1:
306d563f59dcd06c69449048c865641a94fb565b

SHA-256:
eb64ffc91da3b1c507b7e0be6fe8bf6902b6da6706487d366178a92bd28ecba6

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
8/6/2025 12:46:05 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
16.8.4.16

File size:
1022.9 KB (1,047,496 bytes)

Product version:
1.4.1

Copyright:
Program

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\five-nights-at-freddys.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
1/6/2016 9:43:41 AM

Valid to:
8/20/2016 10:07:00 AM

Subject:
CN=SpeedySetup (Alpha Criteria Ltd.), O=SpeedySetup (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216B7B9B1E7ABF6047433BDBCDE9234400

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:Ca1lP0Hq9f51nrrAH9FC5RxA+Zk85wKFWJ2wmpMxs0mUCy:Caz1Bt3AdclZbVMeL0

Entry address:
0xAA98

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9109

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
40.5 KB (41,472 bytes)

The file five-nights-at-freddys.exe has been seen being distributed by the following 4 URLs.

http://www.bundlessendquick.com/rK7 WakeIJ91BPJfiwztpb jVcIGzZCSxVxzTkV0WCMXla55WLQELOUOo2MhUhvb1Mm51AL5xaGA5Fc5h2tlRYz_cpUZhvfNZ02J7vxAOqVAKx_6mio7_ ItHSuUFZ7mY6DAwB6WCIGYJ4vlYJQ4sCOd3M0Ct08hNecu6qFcoui4wPTngbLE__5VijdowfoVeBbFrrmXIyWP4zh8XkT7XztuEAfXKybrGZXnrQ09NNccko27Y2RXAcAygealZnwCivnRf07Xe6EowUXb1JK ryngEVwtUksYHgPTy2cO3FS7i675GvbIzownchClFZJWOIQFLvp1M6oiF3kYHHFV7GYI_Fy6izawI8qWnN6g7PxkH9w3XVhiGHgsTA7RSvD5vjT5FspDknO9R 61NZgdW20q7tZzTkeGwCKt1WaTDIOHGBu5G9UIkNltDgECGzryteVsf3xrwZMUHHeCxgtyMspsd3xImWTB13o3dRpX 2ICvYlFFpz51idYL47F_E7bXKdiPRjdQyoCzD2SS10bb2kgDY3IAvDqLw0Qg1jYvZVP2iQJyY9HPHbYw0hU_3yqJUFTiTJ_rf82fETdun7nRnByZc8zIA==-GzsAAERPFtMpj8WGKlzAMQ54QL1eFhvHG9s8kG7MgAwLhSB2et0oYE2IRX2fL6sr

http://www.bundlessendquick.com/z5U3KSwg7axsQdMMZF4uYKxFgi9QR5cx7o2y60GHgD94w__KRZ9uIuYYekGvLz2otKQNW_lj1VB_nAxoBUdl_Pd8QQEeBksTyqLWKsIdJth8dp2SJ6XGlhJLH6uNtQ_xGvmBqyzchZ37bwSTECd__zYrKIEN7WBNuboqFEi8dFg9u8Nc UJwGs0dy_MU_hO6c9XutMufJ0KYpgEa4W3yKYWASJDugyH4Dj6Fer0jNnHtRkf4ja p3vxkeYD53aTPXbnPXnxwBCUdDfJbzYAvvg84zyTTFN5nuSizV3hepmTxVHaTykRfUsEyElf5 bsqvJHcTr 7NqdO2GdC5gHjX0mbGKct31oGxy2KK4yY8qUSRk2FVixurllxKSQziTUnO8GRuSAZn0Br__1nRQ0eL3W5A9X8kf2d_unQGDZdprcooCX2uOGYbRwTejVaAwXAFo_jl8M7ipNMDU_AElddd_TMYCTTdJng1ilibqiIXHCqH4oEJN3Ni6EermDIodG24SyJe2OWPQO5bxZOail 2RV8vc6pb1JimUASdvXYg0dupxoUvghiyRFHTSWV7GKzrkbRkDE3Mnprpei2Hy5b eiyKkAsA==-GzsAAERPFtMpj8WGKlzAMQ54QL1eFhvHG9s8kG7MgAwLhSB2et0oYE2IRX2fL6sr

http://www.bundlessendquick.com/HBSIRzo7f1Tot0sj3TXAC1M0Kuz_Gen4r8T8KNWEB6Gognnu9z3lhK9POKHfJjtAciL3mwhGLI yFBqRSecXHIpZ8ki7mcYscr7sXJwXZ0efUd_ubTThRaDlO8E7ilAzOlfu4jjCY8bULiHRL4DbsNzozypL J9oLVqrWhqkuDF5pJuQH0smlyRCr57MTsYukhg6grx6_L48USRlukF8B_jfcKmap F5d40Jy7e9SoJtJwD_VKHgGj2DGcUGqd_LQ9Hs51rOxe34IPej98AF1iAMuEKdoSdDhlvd2wxMnmJJFVDcEqj5oJG CST142eOQwyhqye6o2lsToNM2S2yFXitfI0wFtreSDBTm370tKH Ljb WipMZ_uDpZD_7eDydjXRD3NoRH9YumyV00WVpbdXuWzDNFLIbnyubGFKqwqpm x84fDKLUPelguSHwWHWm otb8UaTnRVaK9eVOcA7MOtqCdcIIlf22jOr hEVmR4RAoA9UMfavQrQUMroVR_eLIjGpeLxMRN0S9cv4Y8YQY9M0UBqydlass6WdW25xV9SUVqJ5I04_EhhHdRfdwmdZ4eCBVqniE7flxAOXWhXCPgdm34Q==-GzsAAERPFtMpj8WGKlzAMQ54QL1eFhvHG9s8kG7MgAwLhSB2et0oYE2IRX2fL6sr

Remove five-nights-at-freddys.exe - Powered by Reason Core Security