home

vdownloader_setup.exe

Hipefoci

Criteria Quality (Alpha Criteria Ltd.)

The application vdownloader_setup.exe, “Hipefoci Setup ” by Criteria Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.vaultbytehead.com and multiple other hosts.
Publisher:
Romerot   (signed by Criteria Quality (Alpha Criteria Ltd.))

Product:
Hipefoci

Description:
Hipefoci Setup

Version:
1.5.4.6

MD5:
b7a337deff7bd3bbdf936394c4406c88

SHA-1:
1fffdde7fd15b865e5c8579bffb0c5fd12256b3c

SHA-256:
a3290f8011bd98a271e470276ec87d9fa288be621481e8c54ffd7d8cd02ddc7d

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/5/2024 2:36:52 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC.Installer (M)
16.6.26.9

File size:
1.3 MB (1,356,536 bytes)

Product version:
4.8

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Digital Signature
Signed by:
Criteria Quality (Alpha Criteria Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
12/31/2015 7:14:57 PM

Valid to:
8/3/2016 10:13:33 PM

Subject:
CN=Criteria Quality (Alpha Criteria Ltd.), O=Criteria Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216B914C61A8F4896BFAF26489B9954D2A

File PE Metadata
Compilation timestamp:
6/20/1992 6:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:21yqR+OTsS8yxgPhtFidak7+x+ePJx/7+LCoUDq8tIBYbM:2gEs0g5tFP8+FhxKLCnDaBIM

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.3553

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file vdownloader_setup.exe has been seen being distributed by the following 50 URLs.

http://www.vaultbytehead.com/z57L1r 8NxE701zy8t0FR3TtRvhO03X3sPEgesOy_759M_UMu7eaaSR52iK IgYULBICA_2EIaCoLb7hCvJ2y6FGtg9EhkiuU1B2MBGBmS3v5r_tuxMWBQ4nlrCqWEMHeJH1vUZ_7KCC4f1A5ZSNARdACzfITKvU21vccwk2VzzB0CgS7QRyFjaRf_DI A6XU_kSF9pE-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/ohwNoyrEMzZ9LaUXmeqpZ 5qlXjn6trsqS7C7HG5lX0O8tAZPRQkB17B1F0sagiBlqalP75kY1 Q3zitKaU17CZjl903BIuSztdmCmT9bpY0W7s iTFxfTiARVkSruIw0XdxhQ27aYmimFI_fWykCfr9NnVlSxIYIGTAZ0ps7ftvix4U4g4=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/pZ9jr8DilCfxtKbQX28Wh6Q6vrUJDiFyrzcOLK5GRe zFoe ORNoEr0oAoBYXXymfpvsKGubOD0xDk8y5XP3NdD1npxXVPfNtrhg7M5oMtQNTfCNI1ZL2Q_xJgoT4DxUEDgSi4GGS04qI0O8wYbEUbRY9vn JNniBn5F1_HilhYdZSHJe0o7wHzagmoB2AxFCrpJ2BWR-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/47Iri3T Pv8lgPfLcws65EGKs3SsI1rd2MrnfLj4_2HOHDXTzFFhJmYR2zJVNIQK8CR wmfY4am19Uxgnm4rg70JjXwPS0cNdB5fxA3auH9Lfgv4LqE5v9 34H3vHR7CtE4WsrTMWeZcUP0PB uqg4CrI1AtLwoXjsxMGx4UM72sf_M6TsGhxpSf1 6YwIhtOmisbdJW-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/TElriEYVp lHnvhCLseQagMJszuMhqZUV56w67oWx1 vAw6iZcFI9EoEnPAUetTE8QV0PF6WDTlrsuVFCoKpIzKWD1o6Tzoo81GezUCiKPRNf8_fpZUoCwGwtDtcyqnVAr7KLEEMqUHTiql8bRbO0oPpBvCQac9bT2lbrcm8T_fwOuwcRA0RzWXyZajj7bbdN390VOXN-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/zpYVnRQGhGhkm5w_mUYQHkp1mjxSE8XeT2iPpwNDJf0HXqPmGpstDZyEDth1xI3pkh2K boe7SME 7ihqME846VlkPL9PM8sLor1rBRekkmP uE9a0j8gZNPVZQjxdMplU1Y26h7wZRrIBy4q0FZ ap7ZQz dUBNyAe7HpNsHG1l98wu0jvNZHxeDO rYaTeMzYhJ5SC-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/P8rGTp0uCZoBtK7XeHDfgl1WsGg6q6SXcex9tg_kKOCBEuLWZ4G5X5GEHFRCcEQCtNlCWz2iHIdpwSbG3sgmVCIYtLjpSFVwmelYsjSSugrtIN07dInNq sRL8b9ZW5HXHJSCWDC2kvud9B1vM5jTE1TP4DWeT2ha7DudOK0jg1VA5dNPvP80cDeOs7_GjWV1GYz5Y8F-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://ec.ccm2.net/it.ccm.net/download/.../VDownloader_Setup-4.2.1970.exe

http://www.vaultbytehead.com/lfQ8dYbS3Q24PNUCnrdg4MFMJZ4s4UN9M6gAU3aW_EQqtPPsPVkmX HLGX9LmYiFzblPVPEOCF7JFnS GxzYOcXaTGHS5pMF72HnpEEk0eG8OzCUFB1OCW11b7C19TPm4fNvXi6edBbuUsn T nKYK0tJ1SeO b3VAUQmsBPFmYSxYphAsskjsgISdCgfnyRfgZdqsDv-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/WVl6OTRQVGRrVEdadlZFVkxTamh0WjJSalVYSmthM1E1UlVKU2RuRjZVekUxVEhSeU5IcFVSRU5UVVU1WlVXY2xNMFFtWXoxeFFuWmFURGhDUkVkemFWbElOVE5HZURkMk4wOXhSR3B3VDBNeVQzUkhkM0E1U0ZvM09FUXlka1p0V25NNGFHTnhhVzUxWlhKRFJYWnRjRk52Y0VKWmQwTmtjRXczY1dNeVdXd3hkMFJ1Um5wNWVIVkpSREI1U2xWWE5WRnZjMVVsTWtKUVJYcHVNRUpUU25wUWNGSXpURmRDUXpCRlQwSlNOMHR0VGtSaVVFRkZTMWR1YUZOV00zUkZhRTVvVUhZMFozTnNZa2xUZHlVelJDVXpSQ1psUFRBbVpHOTNibXh2WVdSQmN6MVdSRzkzYm14dllXUmxjbDlUWlhSMWNDNWxlR1VtWm1Gc2JHSmhZMnRmZFhKc1BXaDBkSEFsTTBFbE1rWWxNa1puWlhSMlpHOTNibXh2WVdSbGNpNWpiMjBsTWtZbE0wWndKVE5FY0d4MWN3PT0=

http://www.vaultbytehead.com/bYNC30on0MSmne369tYAftn6tFsvnDRhCVogKE8fER1ICpz82mlhs64E45wedPRhuhzo5bwoiD0cjwajM633pUoyCPKAxyKo9O17FM_xjPVlvllq8MLALkIP6DsjFUAM4tJqDMU8cb qQ3LbOGEJ7CkaH 4FSw7G4w4LZj2qfAL3iFN3Ths=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/lptbxKJ66tRMODaZ2kOoOm8H1V7 baxR dn8hHf3eBrWADgAOlAd G5KDIpiD uDu9f1HaoNrvDPDA qNwbaSMa6A2JqmUctQOQlIGqxFSRNvkwgDJ xEGIi2h2YNkMTcy8axMrW6S PTOfet0F9kzhBtcftzxC5G2F_H4tJuFrXWNBn5p4=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://ec.ccm2.net/www.commentcamarche.net/download/.../VDownloader_Setup-4.2.1970.0.exe

http://ec.ccm2.net/ccm.net/download/.../VDownloader_Setup-4.2.1970.exe

http://www.vaultbytehead.com/1CCgBKe_zrqBMkQKq28_rfWcOkvIxjOZp0C4ABtCh4exrUJ4033dDakKY7C9s9zz1hGPbpm67apWc8CnUDfcE_wuhbL0ykI0nQnsiQjyZ_yKHWFZhFVIPBWXl 3B5sgwutHA6l5VnMdEFKo0vvh3VFSXPyIRfawZrgB2 v8 cUuu57gxyhTc18AHEnoS2cePU k0SJ_zBLftzLWNwjZ lLOmlO94Aw==-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/DT164JNoT2 AMTC5AK3Khm5v4fHoL3HzvfRGY0laF APK5ddQ9Kg6Oqx9sjA8jDv78jBPHpyfPTU3x6ipJcsfvBnA3maHUM6ZhFTvPqQX8jTFnj7IIAbHl4Hc2OoMXxkuFJW9jNS9OdMD Z97oy1icEWbyItpqqHiDwJCF8Z1IfzghpipIQ=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/QODTzk2mqw018TAmi5j3UEhnBmTaP8EcOJAS89SBsXtEq8uHi5MmwR KhVrYMBqESYQpH_TNrLCYJP7V3n9Ymh9055pb67Z14JIL0PWj_WD_FwKYvrfCFgb15GEvlX rQ_LzTTmZFto45W KLYzOAPUVGbFNOkXuK4kt1ITF4R5k7OPvaQkmXPS8TgssP9m_6lt jNyo-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/kayH9ZswDbLGt6UfXKftYXLJQuzoGmY8elwl3Shu1pme2v_aT7RLW1J2bSPpomgVotu5NzRrCu6YDAdFhIhD3ptYe9oh3Rb4XGIYD0kTN8r0p 7_zw1cd629gxq6sbcmcgNxN5Xb2bOCXag8BLKDIQlutsA6KD_GR OFnb8XHwCWKy56Jz4=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/t2K21JxNFD0rgVgEDDkH0y_NS8mMVMJu1r0 IOrDVzyDB7pbLiKi2TPDKnGlUZ8rXBOZ BbFz1dEyqveXBO8QeiFhsJplfVASSW3cz5mnpeTBedIwdYSiEEARjyqRHH7c3vG73lgYx0jYV2Bnc1oVbZEcXjdCWst8nZrWGn9nBlxsEc5uJw=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/oxV2UeJjXGRpvzmkqhQMTmvDUfkfBbG7szjpX3sAKUZq6lShp0MWv237XoZcVvgpNkJM9Qa_jMmcmu7f1Hlgbx2yiQyvOINT82GUr1iq9izluR0OTgk_ffysBYALO7UrDoJTvvrr3xr68XxKFgijOLbT IdyGICgqjXLFDuNJKUX7bu e8M=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/ZeTyH4WdnvkHmdS2LCfEh02l7AZVsbDEnks5abuQ8afoLMwb0uMeTOJwr4VcFTWEZFeqLoSveHv2oVn4YfCIwT sQQVbrtR5udddGEdRC CZXJGhw yzvEZoUh qJiZnOlnS23fkogO39QKjsyBEtV4x8MKD1W9zzF6Bzwp3FDHSzK9YgTk=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/gyAvr0e1rFjPYhqMtiGY80kt3HU2BCZr uJd0WfTIz1bpIpvApK0BrY3AyEBk4Fk7G8DpaXRqkANhtpJf93 I7 9rH9Xc1YhFiFfBL1aCBFooVlcH7LFWQXqZrf1B128ILUIk UeUXXSxgipiY_IMGcTBPLysZpGPMLH51Hf2pyb2IzFhrrw9j1N5Irzntdbq6hR8MEI-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/ALld8P0CEKrCuh4JfV8z9fJdHfcRUmW7Iyn_NvFVI0myUFDquirkbQ_8vImzmpjjOKwJG0P2zZIEXaJMY sTRSN9cT71424UySF3TkodgNxqFbK3g mN3odLfDy5vdbE52kUWXYfwQT2n0CYc_B_X pooOwl5DYbZOwIhJ_DGssDWSwJ5uJxtGbyGgux kEXyiWfLD1S69jbuFRLL2pdwtGqJrvDIw==-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/jIEeGsdBrvjDQSa5Baa_klu5yQ0P95W5kwEf66dwvqahux22L5lnLcsrmU ut5TGkTQVHqYybLSTHTx3jPPPPbNLVrN3t4d6m7RXxxywA9UNtHtyIp5uLH6Litf0rIWnGhuhRCJe ooG5Z4A9K7OtbgWQR5wvKvdrXqXEZ0OsYyGtS1pBHpDiJ7nPAoMLpE3EOGZikS4-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/Sld90Pnk0mwOFQ7CZ5 wgqWhG2D5Gq9PXpnDx_EhyvtQnnKnGkKSalyzjmChZWV6zUAGmuVDKVsUYsDQAbvo4Zj0zRW1jkLnEVDCJE0ZAMPvi6Y00Lf81KLRImNMbu83Dx_Fz2gBLvYCdgf2Xx5nGYNnXuQJqYlko_kBQHf_0xpn4Z4TRxYArdzIbO2gAOyEl3Ael DO-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/nmP1g3KBc6VpN8ViQ6rX7qZ0LqIBS_ouxvXGK5zMzmufQzMLWOxskgZPJ29kh_nJc3kIXsed 7tasS9O0r3vsBy2SE1GlFvzWcm9bIZgHrwW04LQa4aW5VlkZuQL WpVeAuSfsTx4xr8RQ5ghDKRxBozmpONR4CekmvGYaLCENoJEk1SI0 V9PacK0fNECEGrkqug4yk-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/_oHYdEXqZVZD6BDq_N4KhtWuZ5XPBZBVzaYhjN4FTsVHcX_7z5x5kLkTM7sqdsE_o2RzFwkYZD_pc95Tmtv9953d7558VcA_HtCGRPa5Noj5t11hDrvm6TlUy3i1hX6WSPAM5CKplSTMG5F_mSallsfLB7vX4BeA2WKhipHmVfjEPhItaDUK3G1Mk6HUmCIgivggoDx -Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/ggmecdZpQf0Yuofu_WH0VDaGz8KMZtbdos0bMIWjpiPgQQPFmyLKUS66MJArOEfiLOTwoBAIaxD2dSyWZoUqMKpWzOE9iqDpbMrwwpXdZk7uRSxNnr0XiUo2ZMJrJe4oCeG9v5mEYEUk1yCXDvfSRa8W_kUoiWr_g8AF3rcBXLEdowSb4g0=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/7sxmMZt2 lvILjPhZkg255x8gis9di6y1jIzFhSbwnbUYD4xhC6iDkP593QGtLkMQEOshB6 5u1jmvBf6oJrFJytp46fAHNNAw Eb9YB7n0Pc2huMSsoIYCEpIJ7wkzoCFK8HiGyuN36qEBTAckQoklgT xIbLJEnPesXPQb5klDCot2lX0=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/5pgbraU8ePmWSJn0cdoFIJwlFlfDfO41FrJ3U XIzHzfbQQYC9AWbWKivkfwSWWxK2xIWpxWbQccOJFdj2udVUEVwqe1BZGmi5kXfXCRU1yETt_uF9MiFGzJCuQttvVSYGw5SDbOtdNdepyDj8QNrOwUDkO4ZkSKjQd6bfN1K_gBR7dwmwQ=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

Latest 30 of 53 download URLs

Remove vdownloader_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.