» vdownloader_setup.exe
Overview
Analysis
File Details
Downloads (114)

vdownloader_setup.exe

Dedatilo

FlashDelivery (New Media Holdings Ltd)

The application vdownloader_setup.exe, “Dedatilo Setup ” by FlashDelivery (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from www.vaultbytehead.com and multiple other hosts.

File name:

Publisher:

FlashDelivery (New Media Holdings Ltd) (signed and verified)

Product:

Dedatilo

Description:

Dedatilo Setup

Version:

4.6.5.7

MD5:

aeca69a461cbde62973b828f42c3a8ee

SHA-1:

30f35cd5105f7534d72b7ed228a8864c3d4c7b68

SHA-256:

0a6ad6ad54cff573526f210bb85395a0ee8099e292aaa0080cc0d5a73058bc3a

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/5/2024 2:20:42 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.NewMedia.NMH.Bundler (M)

16.6.13.17

File size:

1.3 MB (1,362,664 bytes)

Product version:

4.1

Internet Stub Web

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Digital Signature

Signed by:

FlashDelivery (New Media Holdings Ltd)

Authority:

GlobalSign nv-sa

Valid from:

3/15/2016 11:44:48 AM

Valid to:

6/26/2017 10:17:33 AM

Subject:

CN=FlashDelivery (New Media Holdings Ltd), O=FlashDelivery (New Media Holdings Ltd), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112107BDB832CA5BF7FCACBF752B12BBB5B7

File PE Metadata

Compilation timestamp:

6/19/1992 5:52:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:uSu7Qlr44bUbQ/iUI5t2/KrmLHDfLk5kifEGPqOEqg:u3UlZbUbQ/Dot4qiDf4ywPqO1g

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file vdownloader_setup.exe has been seen being distributed by the following 50 URLs.

http://www.vaultbytehead.com/KXdmawhcAn2nJLBGPG3CntafdgyfQ7f4lGrTn7VeKUU8D cQ0w7 T1Wxf_0mfM XJP0gRYnJHI xHa9BdliAiYy_DKR8R0ZFK3popKbFGtPRJ1r2uozycjqZJqO7sS4QLkOZBYtHfxbg0zsEBEqvQ7UqTk9HjRrnSC2TZVyGVARzF8kEqMPh9HqJsdz41JgUZKtaB5Qg-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/sV_OtTkCoKyZpP2R64A9_hyvHw4uEgc38izRQcn7wK_rLNKPiY7T6kcm5oHagqdNqO3TZhsh0QC6C jAFZ2B_juPRw26Jf8LJgHGvUoqNIFfIloegATeW97Juc9d_zks7IQ6QRCbCWj5VXeHg8Jlhr4vlpDJA9x4PjHdmY7ConaEZ6NpZqa2DKiPS_VFL 9KWh1Zjqq-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/ObdAP5FUF9cQPLCNXCN2GXxxXCZAIAhM1Vo0noi7h3_iD6XERW7vldId8WmNysWj4KdAXzkEQ SkRXvMXSTb496zj_4BG1GIFnoJItUU8f1kY2WF8yAiGd3IlRLIM7cZeDiBErafCi_eceW0E3WBEdL7G51ETgrkhDQdP17go2 g0lclwwo=-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB-e

http://www.vaultbytehead.com/tG oNTjPIQNj6DIieuAwi4VVt1JL_legkrOYZv 5m2Dw9E4vll9Cbkx n pAA1Q8n4gIg3gLrGVqDrOfs9NbFUGcN_C5Tdq1H_P7VFwkid5Rj burIXLtXaP7619GN_qKUgz__5VRTlhGTS_ubbmYelI3NdPLx_FBzuAByUW4V9eh2Q02jMe3zCiT znKZ5_MyBgTVSH-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/bs0vvlBcseS0XbM18rW86Bscp s4yuM2NYtmSJf2FYhDhx44DaauUXPorFg3rnvElpg_ sW3yzVAutQ41KwK6OZ1xL 77NDS77A5Ot0awYcTnhbWpH0focqDsH193 5VWymTvtnumtnOMFCXQl7IbX9qiN1HFKq4chW KQ8TNJPac9szpupJoreuDcngg21PaPUf1WWH-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://getvdownloader.com/VDownloader_Setup.exe

http://www.vaultbytehead.com/HDM 2j6cSR_fHyjp32SzqZKWCQoMrFou9s_Qvl7VgP8xSyV0Fvr PO4b065u3gb1PgPbbKa7o xrvWgtbD9TqquP9Bu X7SBz1v5hYOEx4nFZBxR0YrtVGXUM32bR8UoBhPmFt7 CQAK7FC0wTlxWAwcxBKn_x POPjyybLXyWNtAb ao0E=-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB-e

http://www.vaultbytehead.com/0qFmWe9oOi9lVW8Ck8Dj0J8P7olb8dGdwOMu8ID6O57dy1BzHULXrowFLfkKqDU3Jbn6 0RtPj2J5y9Tkw7R5lXg THhsEr6HwzA854LK10zm8RZzhWS1qmry 3B09YF DB2cmefiPcoLO_hdKfoAgpzpKUcjEql79gk5zYd02G3Bh_vC1zOEwJWUbv6ncGnWprVi_3a-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/HWEfk90Cp0pAl_YKXg5EtStwJ97kWa3liTtohFidrdzT5V1PuE9UoNJVt_HQ2wjGnmIJgmBdMQ_PzEXnOE00MKTnC9f1b5dTphY_9Y1bKTX6q6hmJK 7aiO9qYiZHpFpu4ZFI3TINmnZtYBMvmHrNG5z3zPtTb04U9HaZqaGqGCmvUJZM5Y=-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB-e

http://www.vaultbytehead.com/3 e7dsE1G5iqBAbTPwYHYgWMdEGolIVZXV4RlaWCKMFlptjSkVfa4CM4awmHGypT7E6kpYArHdpSckASeaxUFB6HtEerze9ZVLb8NaDynEO4nnzlUJvxrDYTUWM6nI74tS1Ar4mK7iqnR3GZh6odHNl84zj uon7I6a8djzZrtwCmM2ZXtA=-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB-e

http://www.vaultbytehead.com/OzWhZlljBH8gBFCC gztd6roqO9zB7WFGtwF58MEKjdLbTDVIx9K_3uzVfONFec_niJPkvG7HBaHODn9RO3WdOcfuAouIt4dKAhcfveFiE3joAcmwexZThAKBkwROhKKViHl3KD1oLnH8AJOLpjZh89qclr_L5L81WNIQRvPqouNPrdkNJnxSc5dXyzpXn4TEctjRn8_-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/aDZx58CV01BE7NLU_Ah6ZRKPA5 GlrrB1UXpS4FF_bkRLdvjmfi5qrCkW1eLB5iD5AA3jh_7LpFMb25YNnTDGENb1IBOxtPiyZWC6YO0uDtcAs6zoq9nXnn2wnte2Y3Y8_ao2a_z8hVVyM7E1n6kGveSSYEiGwUaoKylQ3w6bupaMI26XKgUYIPMLxU32N3348EK42t4-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/ZtVp7HETjMosj w1LpeE4iBlJPVGnRDXvn6crpzy6RpP iRMZAgaNJYrhOncZvVLBHoOF91p_NQZehWKc8OMS31jYKsR VLb4OxF5ZuTBB8Lrf66fJuP0KpxKo_UVKSRwManeEHd_x7Y0Eck5cb11IIqbargdFLah5tmOCYja9fHw7mAw2QHNA6kope6oYCpVW3hguCi-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/xxUwFvn8He5O8QC7HkR5HiJrRqOFv8XwBKkUJLpZH7NGAIocXZEcf7fZhvhlQS8ufBoKOFwQOGeRzZFPAdpC23XwCfPKU62xtu20 0uBofroYmV7L7V6p_jDi dAUuUtVMTfYxs926BvzX5PwwUK oOak72TJNtt3e8YfqZQiagbwkxhb6q5iA UpvmMkwkHPiWwkmiW-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/wdxrM_1nyMbaCYTQoQUV6i91cLvi8CoQo8Hd60PBnO9opr2DXgKzXZ bgpXUed3 GMsz4fvrdKD66GtfuZU0xVn2JLZzQCQ1at_XF8qLM4Pobc6H0glleXUiAK1RgyUswDmNSUUBgxXxKzWXixXZSlr2_k17KC93AtpEUbnq4KSSmHWHh8s7UiS3HP7DmwSVCOWcNVDB-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/snX 6OTK b351CnF51_N1 3rkBDVlVm7icJqY6 XmwDLymjpbs8V Jza8HfmY6IKzcXBfvpvOpttytIomnpXwAlIVCL6eqG8UYrNL2 pqQGFC7BYFXyOhT_Q4d lSjZrBfmfB1Gn6AjXt x3kPOHl fRZzeD6Rn8yBTaGEfCWrYrdSHVqm8=-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB-e

http://www.vaultbytehead.com/FhlVf6zt9vupB CPrlPGBRxmiFnnzDkEezbJPhL2yLZejsYn dnzaIBWOLbxHrWMxZovg1dKUdZGdngIYjlNdX4X7_tTJrbYri5kRwjcCVgIawjv3lO6hBVHnWlHearc3BC940jKIHkZY3T0Y2izv8QkpMo_0_jYAE_ZomZSmCCHNSS2C_1Oq1l7YPHuqYCpJjCF VhF-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/hbeD4W0ArumwDjXtsiTkR8fEbqPR55rL5Fav6vSi09fYAAPdGCNfmmV8FwUBM uG5lwrpCf6i60KQ0KetYwQCWdjG5 ill5wa7lw1bA1t_HWF 8edINujvK0f0NTP6 Ed8BFIztpsp4uh239IKBNRf50O8KuNc3xtlo_Ad2T0vppHdSVHF4=-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB-e

http://www.vaultbytehead.com/5m_sbSdmswFJZVfCjayp_ CFhXgjYjjAOwGYQFrT 4fPYPmNvCUeeiUwhiqnnbmSCapRENyzHZ80piL_az3Yp fYqnqM6Nwsd8D0TRMwDFQd58PUyx34xA_IEvX08uoQ81Y05cBtYf91dIeZcGMg6eApFnGfy_2BYGqum2OwARRh9Y_4WtU dXIi83WsCYXPN6mxoI1m-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/VeMOQOQ2Lz5Mt 9soBS6KHmL46vcTY6besERrzj7fNpB 3 LXa7p91COHl_YgrL2a2llAKSuxjUzWPJ9Wgqzr9AE92fDQcSpkgs_8F4xJpLCQwAzN8IfhqI3A_S0o_x3McgS 1Xf2xnS0HA5giYKEPUSnyX1rxW3VHgckze6P6Skkii4ca_xJ0EsaMMOliTO5e56YKQr-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/JhdoC12RLiFBvEVD54gXx0EsnvnlDsoZnvp1_pI3s8MgahFE7wMIJ2BfgJK4bou0KK it_P2 wlso8ZkU6biWOS0h99ky49wlHMaT_BR95oyY7chQzKJ5knrAVWVaq7o6wiyLelGvfFSfWX0gfA qItl9Co54hFp9w9wvIuz9tTsajEu0YpmBKKjZVnp1OaHV1PgC35m-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/ySBFZFaP9scA0SRxPHFKWzMPaEuKY WOZEvuU15K48FpEkapyxdCvwWz72T0YddQqkOXEYDquudiPuBQCxKFeKDaH75Sc2Ah77Fy4kDWrvggGl61fOBgcH_Qrz154_veCCUWf6FqUImwoxDGUFfkkq9PmqdEBB8xv7RLrI3gy5KfhnNSPkfWRJzMFO7S0lnnlxx4iEcG-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/mRgEUlrnILqMz4avCidiD1Zj2SZtX5S4F60Xa_bY1PO0yfKKV8e224vBTCNFXLHn6b kohGZBtN4yLQah7sZWIUpm60L5h4rCQoHOym8sKmKLf2F2AjU9M_V8nlLfnkjeFoeWjx_7FNJScf6adcSlIOMhZdNCuK6lbUw7CT57a1REFkmo4Q=-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB-e

http://www.vaultbytehead.com/Qw8vn7AWJyFRiHZAXfOZZwtdUZ8_Lhv217qdoNyvdWgBhoHHAtwuEmqaUnq8OMY rOapvFG7jHwu6i0vcVq_oUi UX0HW4E59phXO24qr 9vqA lVUjgXQsdB3tlF1W50SZkhbKSXfgEfevOQhClg4 CvfkCKy_CwKoQUDDdEJosPhjI1ScY HbKuCKrH2EumhSswakF-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/xKU8fc1C71FQ2s zBPlQLJbEN4UTb2BSVH8aisho9sOSfbUqCuBBGhl_vO6JZD34AWfOSe2tm5dnT4XHktuaYvsvqMPz2hXduGu7lgsujbGDGHDCHbAkaEOAZ14rtpUmktIvIKtDccYD1TPK5pPmbn8EhMBAq3Uv99ROt9sBpI1LznwI1FQ=-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB-e

http://www.vaultbytehead.com/wOaeY9_zcSs1jMHc1 wQG0ChpEhVD8MBwLCP UoSbJnSlNm0s4PW9KCuFdbOH3uEmAUhRoYk8v1 0fSEAOMGpluV9k5iRMXnc_GzJlmCt GTIe4ZID41iM63L7nTohhfzztgWzB9A5vwpXBxxFJL8b7w8bspcAwn64Vbl87OPkQvwPw5f ep2X5tnvX4HwmG SzOfXn-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/RCbY0elrROPpKfWcUOHw_Jxtz0Hy 1hLx5dw93dezzUHgah6Cv3AkU6IIDQ3oY5NZdFIJSRTu7xEdeA7B4FAbAchF6YzatfFXxUVFrdXRvZEceK99NJGqNdKScqKj08lpjfS FsDXezzSQ6Bqjg33tsuVW0yVYV9O_B3_Xj_Ky rQE Ek 5JbmB0VUj_z NMRFbjexYM-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/wpENCZ2qnZQ53pHGsBDxEuOBD6ccy4QXljoi6gndy6EZKRR50uAP1HZgDsyNnVGwO Y3cxTO4DXRXeHAYZN3SsIchfbPrHzYIU99hdS6xtxdPZNeUsnpjdQ_vRkkov3YEnk9tuMF HpaRmucWDZfBWy4_G1mkL0O_5Cg5RFqr1tq7jZd7hHsxhAQQvtBYOL9Yau2cAIY-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/n8fQc_cB9GACbIadFACSWuPUgLJTnJA6ubDL1dhdCbSFRBHAz1i9 CfLh9QCJ4NkywTZCIppMzpJ3zIjibzxaE6MTZX_o6 jph C_lWDmdEoyuBcysgdc8PsqUowzBH8 5zUMCHIr05HKsVjVl0qtcsbqTvLC2pGZFOQKtOzofLDVvOrBxmSgsu8fUNSJuooOrdNIyNV-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/e_CqZw2NcSQjYtyvz6xWBUixms6trhwzVr4tvF4BPT87zkDrdL3Dgp2jqmqkzROrRYDI8CZkcDK9ADm3sA_MwVGGPZnppsBwkaTaDtsLApSk5_YqjpM3QOxaqVFrnCvZUzROftaf Uc3a1D_xrOEuyJqKZPas JS_gQREyBqgsZppoW0src=-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB-e

Latest 30 of 114 download URLs

Remove vdownloader_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.