vdownloader_setup.exe

VDownloader

Bonjoy (Verified Application Company)

The application vdownloader_setup.exe, “VDownloader Setup Program” by Bonjoy (Verified Application Company) has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from getvdownloader.com and multiple other hosts.
Publisher:
Vitzo Limited  (signed by Bonjoy (Verified Application Company))

Product:
VDownloader

Description:
VDownloader Setup Program

Version:
4.0

MD5:
594d9a4cba5e0b20893f40979922a615

SHA-1:
322f42a50e38330641c4612209d1b9bfaf61aba1

SHA-256:
116ba47c96937641443186d5a75902e63e80ce947d8cab23281a4c4bb2ae1c2f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 2:07:27 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.BonjoyVe.Installer (M)
16.3.11.6

File size:
1.2 MB (1,220,136 bytes)

Product version:
4.0

Copyright:
Copyright © Vitzo Limited

Original file name:
VDownloaderSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\vdownloader_setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
12/12/2015 5:30:00 AM

Valid to:
12/12/2016 5:29:59 AM

Subject:
CN=Bonjoy (Verified Application Company), O=Bonjoy (Verified Application Company), STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0CBA100EB8A303781BAFC3DFA145B230

File PE Metadata
Compilation timestamp:
2/5/2016 11:33:54 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
24576:VeMTCNiQ5ykhnKfca+OT0GVm0b7Vw9MoGm8OQhcBwPSk:V1FQQkh/a+OT0GUCWGQwK4Sk

Entry address:
0x4F6F2

Entry point:
E8, DD, 04, 00, 00, E9, 80, FE, FF, FF, 55, 8B, EC, 83, 25, 2C, AE, 4A, 00, 00, 83, EC, 2C, 53, 33, DB, 43, 09, 1D, D0, 82, 4A, 00, 6A, 0A, E8, D2, 84, 02, 00, 85, C0, 0F, 84, 74, 01, 00, 00, 83, 65, EC, 00, 33, C0, 83, 0D, D0, 82, 4A, 00, 02, 33, C9, 56, 57, 89, 1D, 2C, AE, 4A, 00, 8D, 7D, D4, 53, 0F, A2, 8B, F3, 5B, 89, 07, 89, 77, 04, 89, 4F, 08, 89, 57, 0C, 8B, 45, D4, 8B, 4D, E0, 89, 45, F4, 81, F1, 69, 6E, 65, 49, 8B, 45, DC, 35, 6E, 74, 65, 6C, 0B, C8, 8B, 45, D8, 35, 47, 65, 6E, 75, 0B, C8, F7, D9...
 
[+]

Entropy:
7.2593

Code size:
527 KB (539,648 bytes)

The file vdownloader_setup.exe has been seen being distributed by the following 3 URLs.

Remove vdownloader_setup.exe - Powered by Reason Core Security