home

pivot_gun_pack_downloader.exe

Bicycle Installer

Goldencalf LLC

The application pivot_gun_pack_downloader.exe by Goldencalf has been detected as a potentially unwanted program by 11 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from dll513.yourfd.net.
Publisher:
Bicycle Corporation  (signed by Goldencalf LLC)

Product:
Bicycle Installer

Version:
1, 0, 608, 1

MD5:
e1b596d5a141d1027a00a85407ba875b

SHA-1:
ffe8abdb2445cd1fca5d0a571cbd247903baa9f8

SHA-256:
7f2fa685d133e2cbfcec86048b0c66042a4064dc11c189dde49d9d2a82d6c999

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
5/19/2024 9:06:15 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.YourFileDownloader
2015.05.24

Avira AntiVirus
PUA/EDownloader.Gen
8.3.1.6

avast!
Win32:Adware-gen [Adw]
150521-0

AVG
Downloader
2016.0.3100

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Downware.11073, Adware.Downware.10707
9.0.1.05190

ESET NOD32
Win32/ExpressDownloader.K potentially unwanted application
7.0.302.0

IKARUS anti.virus
PUA.Expressdownloader
t3scan.1.8.9.0

K7 AntiVirus
Adware
13.204.16011

Reason Heuristics
PUP.Installer.Goldencalf
15.5.23.20

File size:
4.3 MB (4,550,384 bytes)

Product version:
1.0.0.1

Copyright:
Copyright Bicycle Inc (C) 2015

Original file name:
BicycleDownloaderInstaller.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\downloads\pivot_gun_pack_downloader.exe

Digital Signature
Signed by:
Goldencalf LLC

Authority:
Goldencalf LLC

Valid from:
3/28/2015 3:26:58 AM

Valid to:
3/27/2016 3:26:58 AM

Subject:
CN=Goldencalf LLC, OU=Goldencalf LLC, O=Goldencalf LLC, S=London, C=UK

Issuer:
CN=Goldencalf LLC, C=UK, S=London, L=London, E=admin@goldencalf.com, OU=Goldencalf LLC, O=Goldencalf LLC

Serial number:
100001

File PE Metadata
Compilation timestamp:
3/30/2015 11:27:37 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:ZsBUte5Cdc19j4xMHEnk/dBoJrwKeI1fsdLkAqhRly:aBUU58c1l4xsKwoJs8ckphRly

Entry address:
0x8314C3

Entry point:
E9, 7C, 54, FF, FF, B1, 37, 29, 4A, 98, A6, 9F, 94, DE, C2, 60, F4, AC, A6, 0A, 82, FC, 7C, DE, 52, B8, 24, 82, A4, F8, 86, EA, 08, 90, B2, 94, 9E, 26, 48, 9E, E6, 1A, 1A, F4, 5D, 4F, BF, 0D, 46, CC, CA, ED, 36, E1, EB, 17, DA, E2, FE, 38, 0C, 2C, 56, C2, E8, 40, 68, B2, 38, 7B, 38, 76, E6, D6, 7C, 28, AB, 3A, 84, BF, 56, 77, A7, ED, 6D, A1, D3, 83, AE, A0, 46, 47, 58, 13, 94, D2, 12, DF, 00, 3E, B8, A9, 3B, 6B, E7, E3, D3, 59, D7, 33, BD, 97, 91, 01, 9B, 6E, CC, B0, C6, 8A, 70, 93, FE, 33, 85, F9, 5E, EF...
 
[+]

Entropy:
7.9239

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
796.5 KB (815,616 bytes)

The file pivot_gun_pack_downloader.exe has been seen being distributed by the following URL.

http://dll513.yourfd.net/j5GVXnTfvWRBwaNgWtmyKCjIpnoj9Ot8IfLkei79xyBrrowzH HZaxLl3mkMqJARWrKQFW2JnVYFwokdW45nGl2zcQ4ylTRDYJdhFimTLLJoiHH0DWh2 CI5aec/aUXgMGlRuQF/RL0ScF7ACXdEzRpuTJo8eh/ZE0VR8BlEKNAVcyvYvwBvz JHEtb6BWPxvBJk8qZua/ihamz5rW4UssEkBKTKbV7swzdV68s RtCYbEfSilBI24BUTtmDXeCWjFzgx/.../8PTvYL79wmeB5cEq0LbbeojwkC7fr4kFmqHdAZnFwBaVko0WmZ71V8 doFZhgfwMMYGsXjmI4yc72uQlJKK8fw==

Remove pivot_gun_pack_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.