vdownloader4oc.exe

VDownloader

Bonjoy Software

The application vdownloader4oc.exe, “VDownloader Setup Program” by Bonjoy Software has been detected as adware by 8 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
Publisher:
Vitzo Limited  (signed by Bonjoy Software)

Product:
VDownloader

Description:
VDownloader Setup Program

Version:
4.0

MD5:
7757fe5f32e0cda4b72742b2cbbcd032

SHA-1:
907b9765a90f45025487b09cc21c867809d4e82c

SHA-256:
7cd3807037f0dbf4f08e09c61c7942d3ef378ff00932852d6647738a6d1b5d21

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/24/2024 1:10:08 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.2997

Baidu Antivirus
Adware.Win32.OpenCandy
4.0.3.1594

Bkav FE
W32.HfsAdware
1.3.0.6979

Dr.Web
Adware.OpenCandy.171
9.0.1.0247

ESET NOD32
Win32/OpenCandy.E potentially unsafe (variant)
9.12199

Fortinet FortiGate
Riskware/OpenCandy
9/4/2015

Reason Heuristics
PUP.BonjoySoftware.Installer (M)
15.9.4.11

VIPRE Antivirus
Opencandy
43436

File size:
1.1 MB (1,167,360 bytes)

Product version:
4.0

Copyright:
Copyright © Vitzo Limited

Original file name:
VDownloaderSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
10/13/2014 1:00:00 AM

Valid to:
10/14/2015 12:59:59 AM

Subject:
CN=Bonjoy Software, O=Bonjoy Software, STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00DA993C13A7FD02A727397544A565C108

File PE Metadata
Compilation timestamp:
8/10/2015 5:29:20 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:AHeAFtCmYFV4wIETwOxEK0Y7aroGm8OzVi1:dUZOVnbTwy/V+cGQzU

Entry address:
0x575B4

Entry point:
E8, 75, 98, 00, 00, E9, 79, FE, FF, FF, CC, CC, 68, 90, 71, 45, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, B8, A2, 49, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 6A, 0C, 68, 10, 1A, 49, 00, E8, 9B, FF, FF, FF, 6A, 0E, E8, BC, 22, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08...
 
[+]

Entropy:
7.2676

Code size:
500 KB (512,000 bytes)

The file vdownloader4oc.exe has been seen being distributed by the following 50 URLs.

http://dw.uptodown.com/dwn/1KQF943Chh2wPfIZoxRTEmYEu1xiSzPicDu7uP4MJDmQ-KXm_a4AWQhJVyx0h7AieO4pcuU_OJnpJ9ziZNewQYbF7XIjZMa9Dg7611oLGAIkwO95I9NEXM3Ve_ESaVhG/1kKz0el5yyWhGlNkmdTF9BVG0oJumAJC4EP95havG9Q3_32mVHpBiPddtx_Hm49TQWBEw1mExGnDjG2cLzV2H9XwGW06zKxnydbapeOFzemZav9X1iI0EQYqjkt0TQaN/.../

http://dw.uptodown.com/dwn/4VI31HSbqIsIa3-S1AiqZf6VkbzWqs1f9E_JrPlxJdPD0M13xnzcuaZOWDe20dNoIG0BxUinFp_63lrtDwrGGWw9GgCCjoNuU_XCYpt6YRyyXn1duyaMG_kHi7EJL3rq/qVZeXPMJLNnD8uwWs3tv-sSUPP7V6lt2i5SLwq4IUPTOlPQS44BwnYkC9xbbfVbYkmazi5fmJ1WfP4dUylA5rrl6AC6TFBMA0g5aZlFbhw1JvzGKwu3HOJ3WQfKxZeWO/.../

http://www.programosy.pl/.../pobierz,vdownloader,2.html

http://vdownloader.com.br/download/.../?p=button

http://dw1.uptodown.com/dwn/3WsUKnP0xP4GLMSlaMR_nW132UZhdTinwAG9jIqA3GFvIpLgjP9Xw1XgPGI1L36pO7WuxyA0JQm-HWGoSjrshxDZNZ4ZSxXG5GaZCyp3ioFmnaUxLXjNprJuPRjaSe6q/D1lJFG2jSmpIMmpeNiUKqa0AyH4lD27y2v2WAWmitTVr4w9CFphuO9p-YBpp6aHn4WKXHkkfgXjMfZ66LZ2UPtbHRBhBFwOFdTvEeShaqYoYO6DbN0sFp2UrMx2Hivil/.../vdownloader-4-1-1512-multi-win.exe

http://dw.uptodown.com/dwn/viX6obRqojUiUU-3fZ2GXedZd_pNtj6mjJPPTCrORZR1AF-FpCxCMlG9vy1QAJnUALTnuW4dEU100bSnEsgEDq60kzKMwRICTcAGZOA4S2c38f0sJHFnnieMk7XSbzt_/IOtGj-B20sFxc-PaIXgIzO7sJ5jcaO4Apx4UPBx_kUGthSkUkpa-CfNqXOqOsjxxY3bV5aEoZ99NHKXUludneyUXeZU8imt13KUHA1riWb5PJFxPWU4wAMrgS-GhsmW1/.../

http://dw.uptodown.com/dwn/_QCh_tDHuT_aT0NY-LhCzrEtv_utctNPndgcBQoCK3NI3yxBSJxLZ_trqJ4GbQOPpQ7VrN3O22vVTHqGjIkcSzJ98c73QRShGFBTNafaL6FaKQL5chiyVpvL6R_TZeSg/qIcgqUvFwZmVlTw_ku0mSXlOieHuAd2iR81rxOisC4Tm-ZuZ-lDaLuCHTbML1e3qv6ICs5ElE6Z3LXnkfgToITDfCVQoHT0nypXmUcRxC8Wt4bXtSZtXvCuw6IdW2LEq/.../

http://dw.en.uptodown.com/dl/1447514089/.../vdownloader-4-1-1512-multi-win.exe

http://dw.uptodown.com/dwn/UW-nkSHxz-jR261apQu-RfGLH9yfPWQ8U_EZnvWz1wyaOM9OBi_VzDhAdWoAbnlozT1Q-E5LJx0yZp8ddU7epuxWKUJ2rR-cgICU6HhSMsO5i7-ysZPpp53TX7WuAz_A/IjZCqaJLkD6O8RJnGX61hKjUx5UvyE3M-4Lgj2dgmXk_JJfMkYA6V28fs0wM5ma-Q3E5hawMssF9jrD1tHXWMq5hG82ydEEVxDlYS76Sn_HNUGi_ulcKhFbjWv3c2F8y/.../

http://dw.uptodown.com/dwn/XE4eciiyoqrqV8yHqgyoJgjuIQxcF1EFLkk8vXD-GXeyL6kfCWshVAYnOyVdwFHIRo4SNDjsjknc112S74vd4dqGOdiCI00Hups2K9ODIymVYBXsWgp1egMX3YBZ9xdA/EKU0Ox29-7As96n01vAz-ptm2fsH8WWbjG74fw3p95NQD8vn9W8mxCPpxpuwcZqEb3AfHQesBgC_zTKBg02pyoDe_f8_Kt0oi9DHCnsw0eEEGYnN8Y40fqK2WKviSeGf/.../

http://dw.uptodown.com/dwn/idMLlrGbA4YMR6q5G5iKyTXpDbMnjF2R2TQ4RClfYUYAFE6CziyQDdTOobeu3iO_pf9H14FLrGCIRuiwVtyEYDSYZhrkirOa_pNAE_de36mGUN2p2djCUK_41lPwWNDO/ogYwJk8K2jEagSFenJqblY8JuSP2mnGXExdrV5Swvn8SBpZve9ZKce-IKuSPY8wkJw_A8va2UKFG_unbdc8YZNg8S2IXRGkh1GYwOR_vf8CWlaZenBkribObW4sri4ci/.../

http://dw.uptodown.com/dwn/tiNJxlGTQWeWE3qS3WaELv9AC7FnOKljuBIo5i9bnA9i3hHLwlYNskqE63tSYN5yDO4kGgelbImF59QxQ56BhAnbrZn2iL59-pLDoTINSuSy4V06-TlPcPbsvIRHcFqy/Z3EBLDq_49oPSSXMsiHg85kK9Yv6ZyQSrfhHLZvBgkH1RJewe8YrBBuWR9I-_O8hKrKajp2GNKkIQnFouiw7H0RUNfRAWa4_fsRB2sjNtjmcZ6vjIkjTxi0a7jXmCq9V/.../

http://dw.uptodown.com/dwn/dcnMW3AYWYWvBwjq_ND_hQkrcXORLpLMUzaCQ1-MdS6bYB_OhMlZ8o3Eh3EwvoE_oLApH_5-peGVB4yk_KJfivL6CdxQjuRufVAwdFcv_NcN7CEoXOiiht1nPZgDwlim/9cKg_CfxEdSGVKJHBje3uiZ7holE-D1K_Loy6RJ4LXeUV1IWsPyTMa_AOUvPezhWoMbwToMDO-uITq0tvrwhHbXQMWQiA9piVDE3KYZ2QOiRmq1WD3FxVYgOk9XKsJIy/.../

http://dw.uptodown.com/dwn/1MxNtWor68czZSO1OZYXO276btOLRNMa52kFEkfETXaPF9lbdS5KeBsWM1_f_aqAF9q8fjHKSA8fwlueI-LdzjJIdUz12ydHrC9-EZQu7nxYVK6LmnGHyYrR9xCcee76/ltTSIk8ArWZBQ1Yf-gASMOsJgvC69C0kygkS6i5j5qyxzS6gBjOBJEOBOAFRCIOPcLgH16DshmBhCDASSc3s-28naiy8qUofsEeptbNA1mSTyzhdC2ejNJ0WaU1q3VQ5/.../

http://www.softportal.com/getsoft-8418-vdownloader-1.html

http://dw.uptodown.com/dwn/fO2nVfwAD-8TawKZWJil5YwVcyb5mtb6tjG7kYQhz1bCL5HIa2pYw-0sd05duG1X4r_sD9R6YiqmaZykzvkqFR943Gv2_PUwR76fz4LC6NctHelJcYt8BgdBR9T6Fd7j/yuVQxipajhfaQ7boObe6guqZ3kN8kabt1KhnPtk0_6dYjEO58gmHQwTaVSmXHLwlQkqKNtIYEHxsyTCQQlto2-1m7j7KWrpNEjuzlPLdznnya32JRZTakGidez3U8J7m/XbHTwu8TSKfMUWo236nX_DVygA1S8rDccrYR6zreiln5FK5PGNbH34boeYhERrrPZ9VTS6ZaJnBvZrRRiSiY8qIx7QL_xY7cViOVZcDJHceV56cG7MQuZSunOjJm7KJK/.../

http://dw.uptodown.com/dwn/NVMeCkgThLLH_iqE5eqjtgINLbeehiExNhcrB6UCw7_OqpwdN4GMGdKL4JKzSbsuW98qHc99Mh7JKEEFtvEK30oBBojbuRPegfjDuWva1Y-UCLYFuC7Um6ygxVEzT-lV/2fhILCzswzmcMsz8Y-nCnrvhfMzvXrKe99-TDqJNCLnrwzv9DciZJbDYKEc7n9TSqsc0I3EXj555dvJOQ7FnzKtsuB7_MwzZSC40J-RllWmwOiRH6hpqfgg9S0Qise24/.../

http://dw.uptodown.com/dwn/FJcvVxNfAGkt_S537vGtd18LKp8OpBw7UE_tNl8E2IqdoQIVL20lSqw-WjRGsP2jLyeGdm7f1Fd4ipMjgcs8uERIUWOteIW24_SpvY32anTTk__YyMUpScbDyw1ZOHJW/mmNQ33eLGeBoWX15_j83R_4MNhkTBunV4fjafm4J0e5_ps-sCt85tP9t0R52EwB_VpaJXXdIHs4_5owUKXBMI43ktGS7jZ4vdZd1ybm8mepbkJgqHmxva7-CAKA_0P_M/.../

http://dw.uptodown.com/dwn/teurRzzJ8WAc9IJkH_lp7KvmTKW-qYGKsW3qkTYQ2vCOPf95G7qucM5BMx-jL8_6C58Wibkd-JgLMw-4glNoZtrW2xWBxF4sq_MxizSX_-Jh8gCZT-8hK6mG3z3EIDBY/XIobrths5zfNizNks7ULtUgNcByyeS3NMIiTBYdsXUqNlBCabGw2QE6CHLkFSCX_fr_HLNQ-S89Z5RpmsW64hiJZ6klfdP94NXyEUHeo9T_ZAQLApLtsLpopM27Hpt0I/e5VoazfpU9E8jKGUCQcKbubqdw2WjDsszTCyWnPPsUIboUcGd2pDHxay5G0WCqKCvzRigM8B3gqoNeM11Udt0BZyEqgmlZsfUsA3PVDYz7FaWaMfCcYL5cftIWTyxukC/.../

http://dw.uptodown.com/dwn/VFv3Vuzg7KYa7tt_LyUd1513gKt1pkTow7XOMbzfDLO4-IrscV0UIsTLgnDmYF1sG8FRM7zFC3_mH0thzXRmB5sbSOykFf2cNjb1LlvIHyYGYuoXihuSH23wbELOPIYi/qVM6bgDDiz_2lGNuYUJ9klQWAXGd4S68tCKcnjhMjofg2TaMUlZ9pT6712hWq3mKPxWYZFVVFjtH-BAfkunWryGtqxSyyTp-7olbFM_43t89C8wsbpzlg417bQctAcIQ/.../

http://vdownloader.com.br/.../?p=button

http://dw.uptodown.com/dwn/hmPsxtou3oWC4RU8wuZ2AOzBiy7NPN-ivTeSnDVBfxZnz2KbaHQJL2aerdZjQwOUn9-bWSc6j_KFezTEMDfAU6O3_MgaYUT2Na3Z6mUKyh2i5y9jOiba9dtr7zsQUIgv/658UDenwc2axpPesCFrXtZVnnsjfZH77VsElPjbwRimN6IpZT6CM6dBWO2QbxnqkkNs2MZY3CNQTE1MblTv4ZyXeEpDjrbWBb5lcmTtvIXB28cdHbHaQ11TT-mTeL0Dp/.../

Latest 30 of 75 download URLs

Remove vdownloader4oc.exe - Powered by Reason Core Security