downloadersetup20.exe

Online Games Downloader

Cheng Du VTools Information Technology

The executable downloadersetup20.exe, “Online Games Downloader Setup ” by Cheng Du VTools Information Technology has been known to be a potentially unwanted program. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
Publisher:
VTools   (signed by Cheng Du VTools Information Technology)

Product:
Online Games Downloader

Description:
Online Games Downloader Setup

Version:
2.0.0.0

MD5:
686d1f6a34a1982e29d7a480f5ead107

SHA-1:
3474495d7168f7e9574701c9d7192032edebefc6

SHA-256:
bf837fae17d6460cdea6b1a7515c82791c5a18869d455f5639672ed92eead9d3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

False Positives:
A number of engines detected this file but were erroneous detections (false positives).

Analysis date:
12/25/2024 1:42:42 AM UTC  (today)

File size:
2.6 MB (2,726,072 bytes)

Product version:
2.0.0.0

Copyright:
Copyright(C) 2005-2011

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\downloadersetup20.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
1/26/2010 1:00:00 AM

Valid to:
1/27/2012 12:59:59 AM

Subject:
CN=Cheng Du VTools Information Technology, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Cheng Du VTools Information Technology, L=ChengDu, S=SiChuan, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
74ABEBE80CBD793FD40D60CBD6D03A38

File PE Metadata
Compilation timestamp:
11/14/2009 3:27:49 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:JhwNDpKVU12M3UFnYfjq5Kvo/scB7CaVmSjgXmsH9Hi7sIG6y8QvWEbi:Jmc6EFcjq5CoftVmSjg2s9RI3DQfW

Entry address:
0x163C4

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, E8, 54, 41, 00, E8, 70, 04, FF, FF, 33, C0, 55, 68, 91, 6A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 4D, 6A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 3A, EF, FF, FF, E8, 45, EA, FF, FF, 8D, 55, EC, 33, C0, E8, FB, 87, FF, FF, 8B, 55, EC, B8, A8, D6, 41, 00, E8, A6, EA, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, A8, D6, 41, 00, B2, 01...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
85 KB (87,040 bytes)

The file downloadersetup20.exe has been seen being distributed by the following 20 URLs.

http://gsf-cf.softonic.com/347/449/.../file?SD_used=0&channel=WEB&fdh=no&id_file=117447&instance=softonic_es&type=PROGRAM&Expires=1474634008&Signature=YXQl~Sv7cmuPlr7lHJqZ1xTKegxsUuWBxwSgyBBUMfo213ZPRixase4ldcxpiA52dCJlgd19SoZbw77~ZnewVERCntZJebcAC1q3rzuiHuDfPQrVFQGtL6qUtDvoTBiNom2X1sBEz-bdiPI~LJcOo7z0Cip-FoGQw8NhxStZ9RU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=downloadersetup.exe

http://gsf-cf.softonic.com/347/449/.../file?SD_used=0&channel=WEB&fdh=no&id_file=117447&instance=softonic_pl&type=PROGRAM&Expires=1478927699&Signature=hBbPTb~kjWTzeHdtW3XtN-3AW9NN3sQmc1iYMzkYMYa8IFS-r5Kg5xX4hFnLJTKL3moC7d-C49wVnZuub1aDFJIjBiXLDLwJRA1lupIvoN-vqilVaow1BytWsKjOSkL4vFtqX-7H~Tv9LhWNhDg0ETufplkEhRO69b6dF3hG84w_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=downloadersetup.exe

http://online-games-downloader.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAPJuuM5I3KISU3UPMYypoWV JXLL2TiXlCLg5bM0v6R/SvZ56PWylf/mOqXnEAEGbQPO6J/MnjEKcM5oftTzFb24A2Td3WBb6sBT0WG LVes4E 3kvfZ9D0/V8SEbOA8EloSNbDxJ2RjH/YKJoCEwhG0x2irnRrBKbfHVtOezfpgiarQse6rW0M0B8vIQxHPZEME9I14QdIoOp4kSN29y1Q6nwg701D3iGQ 8lFRjQksbcWoKiiGXU4qMTnVVnxPLJNKOdkiN7P6TvN6YCRswBuP4TL7Ndud75ojqadDRbxwvDK 3uQIv krpPkqEcDV3pqiK8HX5xo1zxBI4uNqY80FyvqPf5PMpuqTMZa geqeWgG/.../25CjZT28CBZWqn T0TXIBe7FZ9ZDf 2q5aVtrOmpvhNrE8C5LXuSXYCs9ScCBPhrhFmx9i1WbVgFXS0CudTY lCTXA12mDVSESSdRcaf1kGZHQ9le6paR9e jLjqOOZG9sRFzi qbuAakkfT3cflOGPhB9 nDBrf18uiJCgoOCjNzhYb9lvmJa0bduKBUm2MtFXOfdV9Oz5N3i2sP3jMvOSVbNOsQQu RUd4py2eQdMPk2V3cUhcu0TDJEiFOoKeaUXw=

http://gsf-cf.softonic.com/347/449/.../file?SD_used=0&channel=WEB&fdh=no&id_file=117447&instance=softonic_pl&type=PROGRAM&Expires=1454487608&Signature=cbb4Syxz9T~Zw4TOelT1bauEjKtx1ysv8XV6OJiZnF78SxQrMzRjU7evhd8NH-MeO0c6wJyVq~cdsayVVsWBRIEcxz0GnmqxbnHge1nI6JCOVLwSVEeKT6NufoueGlCv3x21Qw11cGFoXKMztrimc7Agv6Iau~ihkiclBoIQdpg_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=downloadersetup.exe

http://gsf-cf.softonic.com/347/449/.../file?SD_used=0&channel=WEB&fdh=no&id_file=117447&instance=softonic_pl&type=PROGRAM&Expires=1463377043&Signature=OyR~m3ELySQepwFFYLmy-M9cBSyXI9UaHgINWNzOGV-509X~GQ~eHgOeCW87j-2CalBr8iKGFAxfDJPvEKiP6-XNuuZNQDUc7ubjlZUw95tisCq0hWtL-J2H8Qo-PoA3mB1s0nI~elVbmN4VdWY0Ngz-NgFdNOs~mpoVBBUfchE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=downloadersetup.exe

http://dw.uptodown.com/dwn/bN71dZmMFdQ5mqISlSaZFEgfoSRuPAr6MkF2jmkNtEoTTuuUBFsl744PPLg1NIJi0B95pPcnojc0qvkXSvYd-mlzsUQSEEzjM5L8BRxRb0VMyuqSVXH8HmbOl8uL1gYI/m9_tt_x1i90HjWDRg-W7F-mKkcE_foCTIMoWIsS6TSQScNgA1-jteetAkTrJ9KYcXe0PIIkGwkkIdYPDNMirISBCwurguCLXP5GF01ar969m4haeepB-VKm324TBbmUC/AjDJjVNxJNFGPdLZnXOrDCJKFAQyL-Lz2DeH3eWhZtHhxt8ZtTjZxeVm6NfFMZfnh21iIkAht3mJRQ4q21c66-GjBITU7PLEURgRR0Uc-PUwH1PPE-JNIuV6rDLDfK51/.../