» vdownloader_setup.exe
Overview
Analysis
File Details
Downloads (46)

vdownloader_setup.exe

Bil

Criteria Quality (Alpha Criteria Ltd.)

The application vdownloader_setup.exe, “Bil Setup ” by Criteria Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.capitalsharetours.com and multiple other hosts.

File name:

Publisher:

Nilerafel (signed by Criteria Quality (Alpha Criteria Ltd.))

Product:

Bil

Description:

Bil Setup

MD5:

300c09282d67543c6da77b2bee8520b5

SHA-1:

0eb028575b88352ac2f4d1424ffa1020beb994a4

SHA-256:

79bbbfadc1c0c5e4a6253714f923efde3bb060fc446ba6ad3f68b084c44c2368

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/24/2024 2:10:38 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC.Installer (M)

16.7.5.17

File size:

1.2 MB (1,258,888 bytes)

Product version:

2.4.0

Stub

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Common path:

C:\users\{user}\downloads\vdownloader_setup.exe

Digital Signature

Signed by:

Criteria Quality (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

12/31/2015 2:14:57 PM

Valid to:

8/3/2016 5:13:33 PM

Subject:

CN=Criteria Quality (Alpha Criteria Ltd.), O=Criteria Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11216B914C61A8F4896BFAF26489B9954D2A

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:14ibFx6IGDjLPuDc1bSfjdsx6sm3fNtoUIElvcAb+H:1VKtD2g4bybaXleA

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.2910

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file vdownloader_setup.exe has been seen being distributed by the following 46 URLs.

http://www.capitalsharetours.com/tPJFWjouoV0QO_TXZokax8WuY57Pn8E_hnOPm c13P2VxPxCEYWY aGGgFQx SqpNRGsppynBGR1ptIysH9BEONbw1Cl7EWpDCKsXBlSEApc1SXNsn qhDtPIhfjYbXZX65jltflR8wh2rUTsxdFWOhl6U0v1AWgHVN1uEfXqXGaDVPxvDayHXAb lZsPhnhUm8A Wh1-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/O_2MPiQCLXPpq2dAWSqpGbX1Vx8owblLpWmkLIImDZKdupqSyKl2UOaiE1fLONa1pkHhLIlb8RhHS_sRTbjcNkyjrC7yDE8uAjzATMIC1nZMSu8LT24XpYSPzq1Swk0JyP_fsi6OpMhX7dIYuiwJ17IMi d8hyy6sj TKUPI1CZ tVE1ZI0=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/2cJp6ueF3YQcWfiNGW ue5kfK6WhN5AlT1v41dlMFPk41PjsgJIp3cHHQqVApDZxYJD2p1d_V_gXivR8RuJatIFuyDfIcFDGbHNSCtWgHU rPRmO0_HDKz5VmLpPDn4LxGHDKichOJSXJ1MIiufStfHRrb4TMoGWo_Jp6C9SSgCOG8m0XvUzSlKx0KxilsNt05ba_XhF-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/sSiOlxSa3Fs28xRL OV4a9RyLU4KEPKDMtRab2MHh8FYNbjgS4dz89qWajEgZvnugQYDKNZn7V5E12YeTN4mHwTzUWjJY VfnJd2biD55ArbIkj4W_Y3pGYswPrjlroeWERr_28E3_oXtHWesPbadeUj1XW56WTtLry51eOc9VC7jrFh9gg=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/ywrziYIqKSe3mnhlmjxAY2MVGHwJv066OZh7JEW_l5PLIroysUnA6nqO4BGEt3mNvjLnp7xCB vuFxEsddwtbG885w97zu5UrpaeYjcfo3ohkzcHShsr1r5swDsThDjQIP wHhS27iwRv9ipfhY1A4FOUtOQbPcrfjiE3NZtfgt8KeVa _M=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/laT6cADLX2gyCXsFzZDIrbFqWbEq5Mt2rKmIHvgIamgKmTx9xkKQIVV47eYC7U3qEKPXaen2W3YUDLQI1uqFifyFwYpUx vYZpYweFKcPdVWPus9v3muST0iyLVjsgc87nC0Xl81e2DXToPWOqAzhPK8ZF2xUonbmK_21ZQRLutJ85WUsdXSD7YCChHvY65bPfhTRYDo-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/WS0raiOdIQXSJRgSnx3vwdjMKNo_B8AQfAOpPvPR7 KVQ0XhzqpQfPzhdi9ruvu1ZZ_sJOCwqKV7Wr7aqfvX3kGJU909oriXOtzjuk5C2Eg0zPcVOJxhQ2E3DcIoJSDphuRW4HZ0iO32GUwNzqg80CSHvD8s6eZxT1SpUkEMajkydyjoBwo=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/oi471sxHWBpb1dayL85unWsDL5Ocv8 ED97mv_oVDQfbZFHNHJiYh dqUNYL6Hr9tmF9RRV_iRYN3sRzn6BHWQiJGyCt5W8bFRPER Mx701AbiWUJ12O1AjZZ Va9is7jj 32_8 OPyk1APbkRiIKDgdZwH7AA5OnXi0izUHuwNKBchGrxg=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/5LrzUsriaTsypcpeKQZc3Wq5POPnFVtgfaCiYOoDih5L4YwxwzgI2UKU0W7R7VXBBdHFj0oFihnTed3 AHOpjjv_8j0w4BVnTD8noQNdbyLFX6MnoFwmI3Z1vR5yHDgtpWUDcCWbVe_cTkMplaL_EqXY4mS02P1F1mh_eAlKvz_eAmHE9Hk=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/2CbOjVHX7IE41P5Dxg7Pxp9lI_21qnlhwoJ_Vrih8_K2_wtJdQ6rX9xs5QKeeqIPV9xj7JNc5ouIhD4xr6A_2vO4aCqDMYUiIZI0PQQxzxQbi9Qdp38UFyfnReZiM0gTIeku8maiBhTlxO6z59oh0GmytAXzVl ypaGskml8Oi4aaoKDQ3gDkLotmVmM7MVOEQSWWxdq-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/bBWG_ttecRh1XqfHRiaOxuEjxg NAOvy9zo1WVytkvBLcwg94EInkcQOCLt_xRHoL25zVwmuf7zDjaiGRqvbNY4X7xdfBBdOsXigH24aszqSCQIpxhyGuWGvHiS5pjTkOMVvOLE0lACg6z0yma4p_TIWC C7FYI48ZL0qa48sNAqh3uLOPRA4yg1ZUKVHccKGcNWvAIw-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/nE8rWQoI06L1xIc yzP7II99 JutvAo06hEi8xDmBCfsrb7E ot_VnePcJMCBDpR6t5EKs8tx3M4rMYhy54XL87mB7xFsr9p29PuT8kvWcRl5zsfPUq_j4Tn K4q7ctVjGRgr246D23KnR_n _zamnLB2emrTr3WEKc 1l105FGLDaQxj3qizXMuElHlbkTHM7Gq8fhv-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/KF6xEw 4BSq3aTsP6wMpSN1k taKpoVFIXHR598IhBjbnjgo5AWmwbVMfrTuC0_yuw6lfTwO 0SoKiNUQnksJcHCPWw XS6pv1Da2I5nhzjFhLqY9eT2HzFlZHlxqw7mb_qtaqHMusw9zSemLfuJPu9mH3LtVDeM TXU_bzIY9TCsryNzUk=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/ 3LGTE0iMjFnEXxH8aQZ9 EILkuNuSQSg5FpIFDPhuxR5tEPIyAYCVTd2MfeKJcaLE06cirj54lMyMULHhWX6MLreVLrUMCj1rvZvyvcBJSI MgDqcKPSdcb9EpEW05m7HyOr51CbsAnGrSiAMQA6EdOz40mLgoBfxI5DFBnkkT9eh6UlALPkS0nZtrlVboVfJzL47X-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/AYc9kztlSED5qSLYEtQoMw2vBB0lNSniAroedtFA8oaT0bV871IT8p99cgMRex54JN06ZRHoSsLYbBuDgcpeKhAAp_AQcqbWyMGzT2wha qVQWO8JMrNbzViZItuvMbPsml8w315ZKWXR8m6EZG8ec6wGgTJ5K_3KG7mJidj_BUIrc_eHXcdxR72OHOCDS95x0Be4wiq-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/NgE7uFrRIBdQFaKNki996Dqi6yT3LIay0yCQOmhPIRXNsJ6LgyTm7toWgjBYuAQO dmjZCZ VFcSyN7fFdk7lsEE5PVwAd mXo_qMk2RpEMl0V1ubDFfKambW9GLqrEjx5LcHWwWAIG5XEznwStfU4VLQAITQFQKlWeKolwKOWz Y3oV8_Ra 3XyA_m4HpkukT QJGF-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/9DKLt9EJiRbG4PG9T0aVvHJdf_3vUI4MDu35bNCBfgCtWDaZi1KwVHQts9pRgg_VBorxgrakEFMih17sYbhR31k1 7nBBk2qKw8pnyfNlPBiyCAHrUUck4l M9R8Xp9zqWDro48w4jPGdmsNbmYWtMF8tYExHTmcRNmASYsxeCO6zATlY4PUZgvZsiUMrrj5Z0FJPbeF-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/z1bmgZ9XW lifofxfJ78dvaZjgv zJ5bODP7k4ERoQRoCTCF7H9ylh6uyrNV43N 5xL jvfQ0AJJPf5CUlYhT7f5jG1MJxQemeExFTk_2iOhsiXr9rcTGjUXvoXKbjb_NFQb Dh260B5T8DDxir xQTi86AyI enuGlA5IH1TavQEnDCAZM=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/8pJ62VX3rvRTHE2KO8Ej7U1 gH_FNO8zqnJqXOpp9UEweG1CvnyU21gB6vR2ELBeO49B5oWXajnwMg7GO1FcMIidntkaMB nUEZSWx5b2Ztw56oZJ29wmVlGqrQ471h l SP3X2jmJa4tieKi7YNGWxYZW8fWdgcmazU5u33XvBLtLBA16s=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/CfxUks217Wacaa VGU6J_l8nipL3ow2t4JEiqLLi8ue7q95oP_1sOz0jcdpSBV1fCnGdVWThiOmDJUgFCrcQPd29eJ_edUf00gaIw40nVnl0LlXZlXyvfxCZmmqCGnhVF_mn5nW0k5yKvZzJvyQjCJtslyzWnkzdUGo O3loMNJ DStqcI8=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/DqsijaPEt1x1XRwCZX zNtkhE3i3u0yyBvz1pjcF36EVI8UVFvJ_vyXN4AU79l68sky_K_TaEEbHppANo66rPDXYVqiWaewew0f5ObTUtb0liSzBm9mk6_COTCGcMK6TvjAToQd9xPy0AWi0AszwhPqZXHGIKBrS4SLY588PUkCNwXqQH_8nwp_EXKUVIlg_z 0USpCT-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/R GuKOputXCB2UFSfO7pYagbUWrC5mnM6JlG7cLk5GEOZ0ziFDPyiLOWsoSTv3Kqi7N5Hz6ckRtnIiwtv1TnM8u CVA26FnABsVc_QjrYeC7cHSwnQOdyaMUQ4Y_P1F7JguKzWRW4KZZyWjxymTAl6e55Xf_fFV5SqSL8KqYyOAMpPQb3hRunjkpsPBsEbVXxZu2DCF9-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/HfCHfwf4dl_TFAs7twfi8W1hFv7FxWXrmKcGnNuggxTu0t hpLM8sPWMndtakUUtK G0H1tTBGFq4DA79QTncPcsbOJeSpf2jeQcaqzjLn4sSSl Ba0qDBk50h28dyPJTnveJrNk1wZWTQlvKtip1CDwDkEHp3lx7rQruVGOTciFnTdRVbED62JlZ3_Vj91xQhXAoS19-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/tZOC z090SU9OBI0QkFC3CM_H5enCoy amyWCD2A_GIc0q396qUqKddLq OHShRHtyM9kRZkYL09CFhdc1MWw4I3YlE6z7h3_XyCtpUYGc1J K3pDxDi5q1NesIMATusH1M_WZcoBZMnuLYn_PNA2V2FsSNbNZI5fzllOX8WS46xzMGUHlLdpVJ9nA_OUASXlVaS3jQg-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/HqhIH9cf1PSKenRn04WERYBVBG3_hXdN8fKsFq0cs2OACwS_AdY2q 6zmpJNZ0sHzS846YMRqhg9_bFsValwlsWEFwotYBpiZObqUiBloeyouuDpPSLEi91ZR_AqEVlEwzImGk3KCRmz2z5EmdsdaUY8pwb3twXpjns_8hqqrE4MziJW9vA=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/v0w_SixPWv4X2VktL9Fk1435K77bx_P6KkHX5FCul87H5ZF4aF 8PU0OPvZzqjcgjODDe2lHGN0XgX_esruW2v_a4 FUX7dVJakll4TPWlKlVEqC4ephLo8s5FOuMShKVNEOuc6MrChPmDC6tv0t RaIHgAunlnkjoaLR8yMEzKZWp0b0vhBh6pyrDzLJaX244_J6AbN-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/MNrS_xn0PWeYAKGZvZCQU8G5bBCBuskURhU23gbL6UtFhZMXA4BNPYVWfdME3 orLFSKING8NVus_OUT01et5RjYufd6j2U8amWDVj4XThPctS0g7lvQN0rwjM77HXKCGXdgXeKJkMV0hfffXY QqEE AYZvTXdFVHOdE8_lxkj E_UC_1FvnyWitmiwv6xVmszhm 4-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/d0nXoSk3yTCfkdjTxNDHZZslk itOHSiBaOUH_lYOmCRWS_6xhcVrb49JhAbbBYfGFcmRHc2jiIJE85Irrs_ZbdCD_uCQx86IA4hADV7rDkL3wp5XWsjlNrklWmwSUscPcWAlRM_cm5iQywuQ TNETtCoODCt74afFVvpmnjhn1kjSZDxIQqmNy8TFjCvdbkEHoWKDdc-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/YqUo0E6eU0Z4MD479thc_Y86_9azNQzOMUY 5zAFaUuf1lrH7qgazh s0_t5QcRRrYmKaf3Ku1yX7Qyv1CMq4rGYRIMomj5ZU0Kr2jZbblbNm5vSq_H_UvygywlF_sWnaLmBt10yBhx xytNXQeXE3MmvKytF0_drXPZMum3D5ZZA5whc0_plJtmh RyaVz1NfuvEq9Z-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/tbJXwJYNltngleuAgLJFzcPJgbNle23__ckND9RN3 EJm8gu3Bn847XjuZD8F3_dtq4GCqi7vgTGJuV3 VkxPoYs9kb4WCri98JS8E3T59hgleRSHpKUGk09jokjLg_WEqVXuWjKMgJ5MoqvQTRwTVzs1mKXLiFIU91QGov8x7or4zXW9 maW71iPe3iL6CnYKk4X5Ax-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

Latest 30 of 46 download URLs

Remove vdownloader_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.