» vdownloader_setup.exe
Overview
Analysis
File Details
Downloads (37)

vdownloader_setup.exe

Lem

Criteria Quality (Alpha Criteria Ltd.)

The application vdownloader_setup.exe, “Lem Setup ” by Criteria Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.vaultbytehead.com and multiple other hosts.

File name:

Publisher:

Criteria Quality (Alpha Criteria Ltd.) (signed and verified)

Product:

Lem

Description:

Lem Setup

MD5:

359b465d21444143b7fca88ee909f2a4

SHA-1:

319d0dc497ff75cfece5cd0f41bb2f111f1c854b

SHA-256:

b5d000a25145be80240bda21a99e5b9d581e704e0017fe04f7caddab81ae7436

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

12/26/2024 1:00:57 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC.Installer (M)

16.6.26.9

File size:

1.2 MB (1,252,368 bytes)

Product version:

1.1.8

Web fast

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\vdownloader_setup.exe

Digital Signature

Signed by:

Criteria Quality (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

12/31/2015 3:14:57 AM

Valid to:

8/3/2016 7:13:33 AM

Subject:

CN=Criteria Quality (Alpha Criteria Ltd.), O=Criteria Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11216B914C61A8F4896BFAF26489B9954D2A

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:ZjPZscnzorxjLrAN/nhqoSVxf4hqcG9glG+qnj:ZbIFjLr6MlAq59gIl

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.2916

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file vdownloader_setup.exe has been seen being distributed by the following 37 URLs.

http://www.vaultbytehead.com/vkQNZoZ Xl1y0mO4R 4Ro6dZ2EusImscZ8m6zmTN9WJNhChtWxEwGQbGPcTJiFtttfRdqnNy3Xqp4QDG0GItOp_fJQ1UBPhpMfYomcaFVBsnp3dY0wSABA5QVfE3qEjBMX8e6eQZqIUihGYBTo6j20B2mr18Dbs1DeYvPNfUM03z7itXoZdfhGOInr UJcORHo22adH5-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/Fnm1BJf9S4Hd1AUwtzv8m9cLxeo55M8cTptXZYn2f1aK629AWz IBl5aJQMmJ eIbsOXMBGy3wAZ0udjOvOtsflkH3tOjJsBH2aGTN0KAKiB7KnfsWaq9F9UZTobPD37xjSr2vnFLhmiNoPTb0tBkXGr6q5g5146jTrtXRDsmk_CyM0thneHiuv8XVhLiL8 v7TlqnnD-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/0qnA9NpDQQYX6hHhHZl6pq2NHGjKmo3qfVK_mP2t4OqT3_MlGka5mWDSm4XQCG Cyx5c37dnyIVb1uaft1vpMzKGMp w3Yt2wAzvm8t51YiPQw9p_qusjenIEht3CFlGDFr29oERLF9XTpz5ZkJKJr8PulKorzo mnc6ih4JeAZX6pxCiEGV0QW1rBREkeIu1k9MijS6-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/weoxtqZgQLxIgE13Pet01OE5V8qeX_n3RM1mJoRyTdYfcQ5EJHn_rzrccpCg1PB ip8rZZX9jmBdevdCRMP3dKMdLfcJzul kAQSt9RIi5NDKdlOPwnTC_vbA 0ueHcGO_89R1bf0S3RLL35peLxehrO2E2QmbWMnLlh0 beCDHSRKifIvtPnSefsltScXJI8Gi5w_x8-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/Yqqo23lXvRNqrLrVB0T2jgGaiPaNjkE96IOMR 0Mec3ziAhGrO6mFJtjsfhgy8 W_c8kXg7SVK5QB1iEOwwblfLWFa5LaoC48meswvXo aHZtzZVd9yEXVzXy5uP5o6sB3DEC4DTnpnOR72TbibuSkJyr1HarWkgV8pYoqJyeW0AqgUOK8PhZx7_MBnejGA60BjiS54N-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/bYNC30on0MSmne369tYAftn6tFsvnDRhCVogKE8fER1ICpz82mlhs64E45wedPRhuhzo5bwoiD0cjwajM633pUoyCPKAxyKo9O17FM_xjPVlvllq8MLALkIP6DsjFUAM4tJqDMU8cb qQ3LbOGEJ7CkaH 4FSw7G4w4LZj2qfAL3iFN3Ths=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/x8ANLOO4e_qQsopqeybabxePibDBv674tWAUfBKNZPvnPpu9CBM7sKaFl3H5Qyel8SoSmu7NV7MQiKtrjMGAxJ_MJaGJbBB9c0CVQS8gwmWiCS2_Bxk0wmt4FOC2TGm_6TfwsqQbGkNaKwJ38nuDhY6CXP J6ZBew75kGHVZQg QsskF4qg=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/FUxIuDM7kbg9FGrJB7QrmSoT4M23CXxGHz5TZg0MkjlLCpDI tE8ZUI59IL5AeeEPx17e4tsmoZLUlshAyYprjAOY tURbhsDYc7juliKk5gyuJlim4eDGHIBTMvm6MAeZHQKu _bWRkphcHydwZfrVfsN9Ic2nrYtFjrfxZKfu8oU34T3I=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/EwCnYgYPVrM2yDXiTSmprwUjFkrCCXqCJdnoI_OW14Jn9lV8X_5j4aNPOcJJU23xgj57oqouqrqM18cPHlSsGV1La2gpsYR6g6fm8w4P0PSPrXtRreA1YeGwbf4TE415Bw_J_Iuco7U3iYjE1sHMFFF3zHp4tagBOsTfKq1BE0NHqqmY0NFjcLcfuTDX_h8sXo8rLSYM-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/c?x=NkkfXRywG8QykENemgGwZ9syTiMm4ZCw0 qHOi/OYZk=&c=fvRGqARE8BvfneU6y7yQIj5IdsHGpv7z4IzIKrJi48u1bYzSDOeNWeQcRQctInk0AS8Avi9OV0f1LRslsKRuui9xCbGUKkgMoKywqGXLBP0wKpCBWrGlvkGvB0Z 3 tG8jYCgJ YzFm6hQkoGI UZzMvygWWoA4ENZK4JTi8z4s=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/yUgvqpn_oyXbNR7QOlY52Vq41UeYS6spzF9ziLzZWjVbsJhySTl9KUoFrlf9wffvU u17k3hbFnVoiaRyCCZchdHHVEwhFEd3ejLLWUZaxmmnWK_wZPU0zzDSmB_chCk68ZWpEiosY3bfwyTzH eKfWkqeCOp2HeVwtCGqOF7fthsgHOVfs=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/5GGjSwPbh0QckV5ppjZEibLim1DKfcdNmxDhhJTkD3A2Fk60wJZrS09emadD6T3x23CDtHRg4VdcbkUz5cSM6K7MExLetSXUvxpdl tKICvOeR2wLtNmLZlWoVXY2yk9YCjH8bWEU8msgzfkCxlArGnFjKlsJN3RRCOFMALl7gNRdxPOVSp0isWwVWznz5AOWwSvchtQ-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/F8N85J2ABj2HCLSr3Vm4y_FvmcV_q7rZZEvdGb_RC5sBysDH6oZf77aH YjEC4kAdP1WOaqhAsUOviQ_bAzmgnX_URMSIeUOy33J1ePtQQz 9CO8jTCYeIAcuHbF2yDcMCa5YvVZu0ce75Ya6P4y8aEAaL7Mnhn5fvaOCqnQ7qd a3P62KA=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/pIkXLwgkf7wgYilmcBm38AP F8wpt9vjeVOWTV2flWMgl08 5ST6wOfhDuwrxRim11 CqtqpmqbxXELRVUvzJEsB4KRqcnZB1y_Hzs2t2mfRX EjgHB 0akySUyeg25PWzkalNHbD57kLGp2n7qPgIq8GCFI10IurspJEDMuxQApFVYq5Cpzgx5bQnng3CVbOY6_wu47-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/gNWiWtSFXe3KjprXuSw4gNGY_MRl4i4ox H5_a2LvkqppdKpqwrz72hkmRcpzRcTNrpRoFUFXs8glRiEMUFLpMUlo6P_igVqhDAMvQ_BUBPxhvW qRNKDqGtDihfWUzRG3auTxw1zDp7p4Hl MwlrzSTPCUEeYQZj2M KfAnxvOCVeJngCU=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/Qmc8AFtTHNuSRojWc20mP4d3jeK2DcEs4m9x8OUqcaVSw6NBOe2IElTIYTDKHkH_Av63Mcujvvir0dpzBCq4x7k2wNaNr1XlkIfZiVGjZ5PSYMa8UYMUNNys7tJHZDmtL6Q3mRGDBpN_HjP45DMMBQRkTneC 09vJuBm_6iJcuw87p2e4k8=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/MmKdnpBn3Nf46k_QZbRh7fCzJa_b33Wd1ZiligqXfYcVgoqUe4z5pHwUY8_lWpgt3f5tdotBjzrHCReoaL8VO3TMxcl7Zbv7wfeCnG3xH4y6oGA5GmQV9pezNjbBLtF5UGOo4wAuupLmjwX09LEw9TQGSd1Ri9nYRLjxNqg3sNIAl jA33Bc9qaEzSj2weWtwRgy3L91-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/6FpUERNG0T4cKjtbohfX1Oxa9MbhFf5UU8PISwLPev9dcw7yFceNrr2x9CA4Soo14w AHHW6AxZog3ZWLf8JdO86d31sliUkdgk1obpwJQ3sFzUvhKq1DH4OiqKz uD117KxhNa02l1qusU r3BzXAc5r3bfoFa7PApG8vgqFgs2JK1W47wc Xg4WQsYc1DsMwNLu02S-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/eoFMdTe_krJ7qxku3oMbDgGzNolMBTwmjF KI7VhPO7K ACKIt76_suvF7tp6_tkI0PD4Tp9ngUC7HZWWCLprgMJ0UL0UhZNXUoV lBZ0pIkH8XoK3Y40IsChp__vjHZ46R4f3GVS9abJMB9Mst9txE2bocfMtz5ICioRjAyKy4D8tXr4qYRDdxJyL1iOxBvN6cZD1X_-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/ DlD Xi6QLTEjvW4JjG0NalBZiap5G7B5BR_OSYjxvKP2A hz4ErlrsJTZWw_YdK0EM38NCOrakhxdpS70WaYzjCLYwPD1jxvjBaOpROFqU2Ti8sLS8mEb_6L0IIU3uuVo6iOTbCjTMKzoKwZDGELoB3jMMdGzUVrI8owUM8XNj84JOnN2E=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/BQBUyQkczXSpgAd7VSX57Tgxi_ezE9dhyR3N 0k3asRqNs34D4_ccfeVuZzoC Y_Rcf3kyR54spYnrlFmgANn4GyiUHjnVUFUwQszWW4zkCzZsXGmYB4 CGQWi2tcz9gjfl1fCriMOpcEdzEBHXETc3zP1 FD3VToq YJq V9OSUe54778 rLIqKa86hEsULmqT6bfSv-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/tnJTsvf7y0I3ey_Jjvc5 K7l2JhPzzbNTn urkBr5lE4O67VUIbjQpssoNzWLrU0lupS8TDZUz8WmYu37SYPVi1gj9jwDoP1kqO1HWOUW2LiDcAWC53oraP1DxmEadZM93_cCw7hau0SZK7iJw49fp7KPkr73AbEBDgGUI46jCa5GtRYikPOWK9v2phF_Gmtw7l_YKyC-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

C:\Users\Administrator\Downloads\VDownloader_Setup.exe

http://www.vaultbytehead.com/eNOSq2zBkRpKHo_Zvz5vDMj1uxrarE8nRCjf3tIcjaW6ZGWdhZOyHvhrlyNWdsD0O8o4_k Ux66yIA 5bhbD7jdcksakOQotNYwnTIzPOxP694Uz_mgz8cT8sEy4v_pxMt066Yr1AxmIWLrEwx4L8hmOUBAQq9_iogSgnJnG4EirJ97Xr9NF 32ZjEGpWI4yU2EKdwfW-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/yv6Hw6D0hIJyiUwZu1dlmPRnNBqX1JmATwiwnXMRQ36o WOOFZWGg1LV7EeCGIrm7RRUcxAvrIJhV8vYC5Uctmtx6NlPaEThkhw1KhFr0tEHgzWaZAQqdKd_0G4wtfrtlJsZVFHRrcyE0J9JJjFDYpwaHbbGWq3b Ye1162f5h14uqoHd2AxL4PmFmNXyygjq5Dhb86l-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/WjIgjLHw5q2ua2XO_wR3DzuhRmO_YX8RBw6BjJYwWT1J1SfK6dHS1S3V7gWNJSGwC78PqKe0La1_ah6qyyo kx_qd_Fi0HmLCaFVa2B__ShhtCJwXBea2fiN5o MQl2OOKn8y_xFYamD uL6_BNgHm3zsSchwJ8_8LDIHkKcwyCrep956Ibx8JpNDKjw3AR8nBBS 2iz-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/RncTjH2JD2l_smoxXQq7M79JGc2EQEyN_5afR3AAgoNKEqN0jqmixiMGx9Uee5jLc0OzdX r2V9Q5i3XKh4tCXAeY XRpJi5LoyvHkPBmVi1YjVYiKcX6g0FUlBnP5FWrs e46jUKdWvYxyixzhxlPbpph3gGY4dhZius0B BiUFxuDGjeRx4h_HoGCJNIS1e_Mpj9Ka-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/ctmuckv3m_SXAsMjFnF3Xqs9kkzrxJzPghjoxwf748xKCYcZ_IUxd7V hS0MZTxqUS9tdG8mVZ94HbAYYYZHChjgsv3SMKwqLZfwtLVNB8jTHkMkYsOp9AMgDQ79uCWPgXKKpyZl hTFPnoHi2d34wV0bq6uHiS89uBifMEQF2tkgrRG6dUSwQWmrTEMs6RsgVxjJM6l-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/gib2lpW1VHDeRy_y2oA _Y48CHh tVeyl0PeRkQAydFgSo0uYzGNctQ9mP8 kP5pzSt5cenwiz9LncbDV5BB1ZqpKQQ8LpVIxTTw8FJkiv4OLb9sI2wnSvcyDfQ4fkyeV7luZO7vQ9L0Yme340vV nagVmZtP6iHcT8UO9Ep32xcafuCCxCg9elgrAnqmx08ZkGnp1E3-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/K8DjxMPZ4FmVu iY6DnExFn82Zl0Ja_48FeU kIKZLZyqr4bs_ZkoqPWUUUWBpOsdl6JPeTXlJMSddcVbCtDHvi2Pum47RuZxGa1QfF FoEvhLm1cZOscdA_iyHRUb2aUC5KdJoZ1OQxwhKJFifY1Quc6aQMpSbi7qQbXrVmcPBk0042yx0=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

Latest 30 of 37 download URLs

Remove vdownloader_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.