home

fyd_setup.exe

Len

Criteria Quality (Alpha Criteria Ltd.)

The application fyd_setup.exe, “Len Setup ” by Criteria Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.bitsbinariestower.com and multiple other hosts.
Publisher:
Criteria Quality (Alpha Criteria Ltd.)  (signed and verified)

Product:
Len

Description:
Len Setup

MD5:
af3ad77d758c60e8518c4944871319f7

SHA-1:
167b3338b90b43deb426eafb9505ffa151137be0

SHA-256:
2a10318a43cb630098cebf5a81099859289bb3be9ebef9d8f96a1b90d9d2cef5

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/30/2024 3:29:06 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC.Installer (M)
16.7.4.7

File size:
948.5 KB (971,232 bytes)

Product version:
4.7.8

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\fyd_setup.exe

Digital Signature
Signed by:
Criteria Quality (Alpha Criteria Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
12/31/2015 4:44:57 PM

Valid to:
8/3/2016 7:43:33 PM

Subject:
CN=Criteria Quality (Alpha Criteria Ltd.), O=Criteria Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216B914C61A8F4896BFAF26489B9954D2A

File PE Metadata
Compilation timestamp:
6/20/1992 3:52:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:KiXHo9251eq0NCu23F2+veXkClKFN7vOiwFkJL2yt7dmfcW2r0gzyvQcPMlKhC2C:KiX0lV/sF2R9YVN2k7dxr0gmUsItD

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9319

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file fyd_setup.exe has been seen being distributed by the following 50 URLs.

http://www.bitsbinariestower.com/tfXmkNRTnV2FxakZMM7YsYBy2MJ3YKErkfGTHrdIUHkT4HM6jGJf3rRnIBp6g0duBUCL_SPgDlShzucTgVpv1AZIXz2cGtZQOP50WZKiWLxEdm_YWMEKZeDWcCBqzXzewPFmIDAl89PKxR4HdiHfKZLSPR1R8 MUNUZ7maYl7fqAlfPHW0c=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.bitsbinariestower.com/vSjckvm1l34B24RMY07S2OGGX71E4bQnlS5xHBqcApB AJUcYGPEuohoLq r8tltIMBDTO1EYLUKbcFV6J7gGA5IyESKBD45ApC4ozIfPCMh2pRk_6HkrgAI0LVJk5KdXBPdnEudVlT6Ci4aG9Ejo20qC4et4CmoNGCFqm5qLeXCVg4GTm8cZCnjmKI06eS9V53YhbFW-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.bitsbinariestower.com/AZWMI tUb6m92wfY3YsarbXdE32AH01BHVSDCnyHwiz7a6t_p fhEAtgrKYuIZjS1iqwdpjqB41j0_0kWM0vsddwDN_cESHWS8_xyK2Qw5lYK8Ad ImmlqmLA2Wxh6UndPLAm ACrkkIzsHs3l4Q_fUeSndF7RoEISPwT7B 1xN8l7j8HjAS1MyqEcNtutyG2I4nEfNX-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.bitsbinariestower.com/Ml8vYTxZNd24tRC 3VIIw8naTGze6GxAshY361rwqdP24yEEbrXYZ G_ZADi5NyPK8Om3kDiOhUez_ZOFnIN7_MCRD00QJUQXgX_BEHZRuxV6hyp79Oz kjEU9zSf0XcHZXyGK2vRzYpUteQtr9LUWOx30Ax9309aUSju17nejQTBB9fDbumWwZK7eFAkhbheVFDr0oV-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.bitsbinariestower.com/NhjZtyPryJpO1Vpo_vYj1NTepU0bnoTGsWlTlenDYB9zJBO_Df_NjHGawpF5Mu6aETZcYULem58eI8LPdmUkjf8yu5 tJDZBiDbtcB5t4UM1QnzxXCS_fUOD lELdQhRls_7NhhYngCfuE0IwZD7isnOjZUo7nXMZDL7mGkyOMNDTXgfTj8BoD_J4qtcJrB5rSsDSPXx-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.bitsbinariestower.com/zMhbfhMz CyUlsC 4b3lq9ikt0X7ARmHVebrYL mqjOaQKeGwjakDnWVjbT7ehrbA_b4tpDL1advZdzeY8TB03KH_VCdSD0bXy1KG_6RzCx0STpmRFEn BNkoK5NtCtKmybGpiSNxWmFnH5x12QHHMAezVEmyLMmkQCN0iCpKuTZvPX4KcjLANfOdpgB7koIM8oWGt99-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.bitsbinariestower.com/1gBE02DbylcE7eUPmHFRWnru8MI8qcrEDJUfvue2IwhE CQ5U5KwYf_PR5Xv_Dndj64KgCzTNponIhtRMZmgxfbw4NAzbQuBcYTcsGSnNbVv_ loPEkc5r1RKFsvAcyntB9qn 0Mq7QjcDsXiEm7G0OCN9WNAm3CfUWkMNVacp3W4Rtzwfzmq8QnvePrVsEP3UcRSUqE-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.bitsbinariestower.com/Jw5Ru6nI7qz l1wMrlxY9SmmEIwWZUARWFskUg8gYy cSY6JsPNJKMYQTrjYt_Z5xvV4tcocKnqMSC96hyyzJvqnUvSmby2zqfddG3zqJKnsY8sBe40VS5V XkRbKjy3jbnuf95yj9 nBaErnkksTZmZWKPFjYHi59gf58hfdQ4sPL_Wwobi1ovFOKX4_Y9zqlNYWNXs-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.bitsbinariestower.com/ hOJqw6Q1RH83fvBcPZnWcGksC8nt8K3Yjsy_HRa8XQ_mPzQylkyvkrcKJ3uEVaKWfxm2r190LmCoj2fQ64ogCzaHyoryFp7XYQvEK7nEoOU9pr9EnIHankJCcPAxF_s_2nY61H IF4RJ5Xnh6S7fG6wF1TFQXTpp3IqmNjQDKRVtMhnVETDeeJpmxw9uSYQA5klINbI-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.bitsbinariestower.com/vYjsF_ MElZvvn1eGqKydSN9veB82_SNZSCQ6S4Ty8zN7onfmvNINICPqgatUzJG9lYq4qp33hX_FFAn pyV892ynipasPz14sITnQxikeZspkpbtqFNgT6WlNlDzSQP63vaf9yfHzy3IZkXi7kXs21lIA21G7VhfVLJgQ4TMaBLoua_Ae0=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.bitsbinariestower.com/ puJ7h3rvMmdItsXRcjePSEHfB5D9BLMITbQDIJh5ZuYpgY4Xil5lpMaOCdlsUU 6 mCM4JhZWbFIvYHYxUYU6QAlHezXcYNjNymWpnqeIToz 1EPt05CsQkmi4i6lYYPRmUVjWEIYoc5BUR5yCM7NogKi78Lg==-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.bitsbinariestower.com/U6KQDLZQmaWHViUOzKc4vsFYBS77gshrMWjYA3iWX7U7Y4ljUGhXza jo0vuZdote09glk o5C8RStiVCIodBjBb7OlEiplXLvX8FZ8xihsSkzhoZRkGa801U7z0X8PHwiVCiaM3MkhHmjv5mU7U1ltaAD gXUW2TDufiuHkxKcrIGvg65M=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.bitsbinariestower.com/HZp1JnI23dMhrTHr_C OYa1eL17aMRSP7dVm83RCS2bI8D8kDt2xXpRiKXHgfZL4ni81nzN0_MEj wcuasUuNy4RIFtNibBnbADmMbjcrloALknVL7PDwQqETjJsPCMOqJFbiO3HahCeWe71Qa4TXP4hMfvzpe7zxtdoff5X4u9gUbbkauHJ8Ytn1myQjFebzfMhcy d-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.bitsbinariestower.com/4OOF7j3KYwIjxxvmvDatiOJB_SW3vQmYJOWyA5UKBwzHso56aKXcS58sr21o5hcxOODtppqH9__Q4hFup1mXIHzjqdJC9GWi3oOaEwQYPJtcFFtDeG647DQ1IE1rz3GBfvqbvvhSZ35b3bvrKg91B1dyTF0R8tUUgs3ufZZxXXwRbbmyTPPIMZBtPqc1y_nuzKk0c9q0-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.bitsbinariestower.com/SBQZUdrz3k4mG32o4HTfKV7RRY8ZYvvVwzVTUWEebQKu4Vc4YYzvCS4laX6Q7QAGTzGHjkqcsZm5SmvWef6iLR5VHgf9hZX9HiN9WB1ChY6wQ1996XTOTotO4NXqnSQCoXb9jCk7xrtDAHPrZTbl27KR5mj1dFQ23VRLUhSaFVPDOS ITzo=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.bitsbinariestower.com/uppjtc6sqOfZXE1qladX20OSOpr77DV9v5uun5Atk BjDR9bDqgju8CEIwF8GEMYVcDT_W7iIdvtnQTeCYdx8xbFv6hoKMaMG0eBLAmcokLKD1A5OpmKHWHgX9YMU_ Nb2ZWlh0p4NsVJK972Lzw Q NEKz_KDyHYbwldo9DedeeJPyTVCA=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.bitsbinariestower.com/ODG6vbedykOHt2BalrS_pCm0GZIdItOlpGThxAOkI5dB7Nc3i6HVG2KW8fIuRT8lLUyiGR5WEPbuInTpWTOoX QZsopaGqx1rMwIUlM2pxjxU2z_ajxsqrVBIwSoHD_8g3BarYF2fbcSdxeyrPghodWjXgJ UIvTGbfFh2Pqa3u4Mzp3mFc=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.bitsbinariestower.com/0hQNOb1Kb1cQw fzahrrWensM6dmssKTSlnJAo7xFtnEquTnVkQmEhqDZzwvp8efQl0Y1qMFLFDl2EKzJvZSQfdXT9YSDBAyhiiCESsw_Y8LCyU1QDbb34qSOJxH_06XvEpm8tkApqi81HXl3q8hNVP9ij7BaARYXAT9w3MHGaiEgLzj6FhzReIbfbNKrXpm9KX0Fayz-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.bitsbinariestower.com/OSF8t6QmE9SgfDEudi0TFPa4ONa2_CQsvIUBdI9UYOeb2tcr1LDeFHZggzgd4NyhtQ8knHw3OQZ7XHCMBM5X5SqOJYDImKHkJ8AKcvXXz7Ad0guwIFJtcII0oy210a8NtbCK31FMfD0_A6SkZ8VC6brY0LxvzYmJ7GbGNn_ Ri6iFTsY4mI=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.bitsbinariestower.com/o000s89d7nS4b1y4 hYFXYIdVZa bk0OTecwy joM2Pu5nO9rfFZjQiml4pyDhJnY2H4soLU_EbYliSUJubjoPClgy mRbnV9BYqNNcmPS8DIG3GrdudyvqmBCE8ckYz2AKjVpP58Zrgm1FfTS5b_eEoXwc FClRqfMnFNV93BCRIyoJKOfAIA7tzbtV5XM4o0A6tvom-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.bitsbinariestower.com/Odh7PIZXXD752sFKsYT5dJt9_ETDiq3YJz9gD7mY2jm0yBVh8Fa98rm N01vcT7T6gmce5B9Qx1xZE5evFRwl36uZO eKI4aeN7esvYPc3GTQCWKqsRcKaXTRdkcHoYdQZ0lwJLpWomBMKyt8a5skBFjuqxF8JITybTdGKEK4WmJCW1NIOLeMvRpe42O9Dsfzn5jKIab-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.bitsbinariestower.com/H1aQb722ztbTSh2G8oZyAOJF E4VMjYgYiUSy1RjM AlgfFyJXQlHFQ91sPIYvwHElk0rZQoKiTQnC6092iqBSgJsrSQlK5D9HF5xYK5QeN1mavJfs6jTQYITcW4VRt7y76qoJ2TzzWrORXNGmXcL7DpOUJX5cpaZRzHo54TDyJatcMkh2E=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.bitsbinariestower.com/doPTZCzsGDnO3WyzqSE2Te0 JdTa2Ly C5_q un3OSPlGn_rgRPwJ5k_Tk504SmPT7TH3_tSdHPfnqCFdrn8NzsqNIA4QsmlLJT5Cmr4G217DF8AOm4zNtb4plG_iuLjHGFeFHqag3hoy9Uq1i6w2uxd2h8yjvjRDxUiOMxpIVoJM6lw5EY=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

http://www.bitsbinariestower.com/6dI0L0ok1W5njXGrPW NfYDiGrM1Ts4yDZN_1QmHCMvgMo0iaOA_aTpOsY3odbn84MTu5snc86G4ar3k8V2aLsx1nr6FjHOAQkdUiCvysMOPO IJgD5YPrKVfvhPCKjQGIwwXxS5rZudRqj9NFP8eg4xuGde19OTb8Che_qpIlrQfH9i0hGXvEMPRYEDuGX IOBEA3qr-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.bitsbinariestower.com/JZ7ha8MCyQOrVSi1djgttA8i6lrW3hT fTk8xxNj0rgf9tcNc qceiOLeFspdE4prZmzye4HkXN4bu9bMLoOPa DizJXTU7Uy8gIeAABVQ_Y5jSZB4hwlyk5Txrt5KYrIpOICY0pmhxq0CRPIizVYSsdmGIwtr8w6xKSMVxBD btd6pPJQwO gnlNApKEiOaB9H9GDlk-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.bitsbinariestower.com/3P5KeZjjYBVdiYGQ6mB2q9CEl1WX3vGYlu5BNAnfvkYXefCCgwx4nvbkxvCSym ZrZS5LbND4LqR2g XB ZL7Vgr1QrweZs_G228So2FhAGPEqNnzuc2jxK47SxaEb9RfspFE6cor_7IkQOylXySFqg31dG6yH7vSQh62iYNoRfDYdIia02ozd T_VST_eM_vOs2xdhJ-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.bitsbinariestower.com/I UVbqodlvodaXebhMKzCJZVNAtiY b7kac_nUUUafIrMjqKSQ8i5OVyXYhH PyDQGNKjqDGR7_15u2s7vqonIPv75DXN65WhuKN8jHvCnuhSxMXWajnJ3F2UGgIIh8Rc2IS0U5ORhmQ4ZDkeGPLlITzN5_lGqNxg0 9vib7WUw2xdvIljCVYLTNCTQl0iv2AM65lPac-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.bitsbinariestower.com/ULsSDSNUL9MtsPA8qMkMoulMttikgQaSRAMGDAlhCS66iUAYKru3k0V7YKuhBncI3QAyqnL6CJh5UuDZLa3GPPN1rg2XUJMQGrFtGMLz 6AlBUhDoj5L6s40LOJlp5DRnULIpIQ1Nf0DXcmL8WW0PPaIuDZS01ebYl1ahXJwTLNgKTdHoy Odlk9pn4HuG8IDby_abEV-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.bitsbinariestower.com/Q8Rs Joew2dgtUWagxKYFYhrDF81qCF3vfgBWmlwtIgk32 hZR1cO7ZGj8pgL8 1YFdGH4IlmI wGkEpZFqKKmdmUsLcssBg8CZ567goWaQjC_yYmRu3u5nsZ2V0dvTBv1ZBHCpxXSvP1PhK5 GoG29OcI4JAgyoPT1VyKm9U3dDBNgoKssltL1sQfjci2kGd0uxEvfM-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=

http://www.bitsbinariestower.com/Vx89tcst I9vmrWg7uiLdr2IyNuGm EOyNVl2KRdv_YWeFqEfLyyS5FYfABDUOVH83C0EJHW5WBf_ERiTNeuv0KsILwLF7W7PhGeHhDJhxrndy1q4EpfZzgCC0B5aUp4Ak VL5n0R4sj1DIDxK26rXBgOPiwU7ydwcliT7lql21OHhoCNJc=-GycAAAScYzmJqQvDes4PEzlwCijse2MceKLGlfsk_gEp zXMI7k=-e

Latest 30 of 1,227 download URLs

Remove fyd_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.