home

vdownloader_setup.exe

Pogadalo

Criteria Quality (Alpha Criteria Ltd.)

The application vdownloader_setup.exe, “Pogadalo Setup ” by Criteria Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.capitalsharetours.com and multiple other hosts.
Publisher:
Criteria Quality (Alpha Criteria Ltd.)  (signed and verified)

Product:
Pogadalo

Description:
Pogadalo Setup

MD5:
8d32aee73a91d3d56d94a7eca21d5525

SHA-1:
37f67f167f7ae6e4cd8d4a1986d34a80d8731086

SHA-256:
6685630869d469652adf7d7c63d846b2c311987b30c2048420baf9b24a975d7b

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/24/2024 1:53:17 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC.Installer (M)
16.7.10.9

File size:
1.2 MB (1,253,176 bytes)

Product version:
5.3.9

Copyright:
Fast Web

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\vdownloader_setup.exe

Digital Signature
Signed by:
Criteria Quality (Alpha Criteria Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
12/31/2015 6:14:57 PM

Valid to:
8/3/2016 9:13:33 PM

Subject:
CN=Criteria Quality (Alpha Criteria Ltd.), O=Criteria Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216B914C61A8F4896BFAF26489B9954D2A

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:ooFlU3xbMwPX+YEMKqyn5PfsmU8tnFtittZC5kSDa7yl7u:XAxbMwPXnEn75w8PtW/1SO7y

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.2883

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file vdownloader_setup.exe has been seen being distributed by the following 29 URLs.

http://www.capitalsharetours.com/T7qt0n0z4D5AgMJ7y138oA74htgT4UMlvCQ8nOrVjTpWBfa0Dxgn2GdaCl2jScu Dwsh mJSBamHvyj4mFOtipQs0iPbhRLPtHpCSw vJ9HguJUcVJ32pVg7pMNE4ji5PNeXs9vaRZFtFSXem0r2F DvYch94J_ 1IlGmfACNBJ7lznhj4k=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/zIRIBj7S3t3Fltno4PUMEykht1o3QhWZRg_kfoL 2jLrY0tQLwUHvmkb86sYChjWXrdwhOQxUx1HDsrgu3yuEl9WmR2Q9v4V3kuQgJGEELnHxHVqsjqdXmNhI7tA8vRXp _CceI6ycgfipjXGWrZMXl8nuhIHjepj8xohkBT_7mCbIeOdmcuK8xLsaO9 UB0aiMYy0nu-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/jN1LJ5pi1SaoF6t87RU2lGw7N9lid1uKQobZeNK2E71RovHsKlwRxaNAoBzKtope2JmbAQPcv_VRjbPKobKg9yUSHMt9LyU9HJjEfumAhXHjjUtqrXMcQYrbATzkrkdk3mCXivSGkZtWHJttndQa0D56gs_yRSGKC03cJIhunJKq trtnWIi2KA0lkOhcwK0hVseQASy-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/kh2hiF6VgWndzJxoOEeLHX_s1058cDVDZhc3pmdbexnNPHRWnf9WiOlVwm3mWUzqfy9_H_DYby c f9po1nJOIK3f7Y2_WZX9ZgLdgmNfKPDV7wn9HoiqixEwCwYS8vgPhy ztU4 5unwmw0B94gfFPb_dD49TGNKyry22JDaC IZ2w170I=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/L0FqsbG5YV1Sqt 9G1K7LXyO2dJ5bLBwI8CY3FENht1VH4JPkf3riB0ZN1LiPcaf3ON9AzPCsx8dQ19v7iMEaHbd7YV5QCL6Jhwldeze4w WwbaiTGroln4VUzyAiqmRb8BYibLRWLjrqSldYUevPP19PvlSYOwP7sS95EntlwSu7XqQ3c28Maksa_fNBTd5ED5O7whD-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/7s029GSyZKsOls6XCsxQTYZIHq4n UDNBlh1HGCS0xtvIZv9rP5F_2CqW9_9F27 wSiHWA1QTqm6wkOC QwYI7 NE dOby0qTq79p8kW7SBGD01HklxjXmbYFVOq6p1JZdzN7KuTHooB8XtM3Yuap3iOHfqnMYsglurMidSTNaK7x74YKow=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/QHit30nrN5LZeMLJcVApNHeCx KBohQkyOGfcqm odl BTSOrrPMCiAwn8hPhEf7LoXbW3Mts7hSooi40QwKiGc5MvibLHIuxcJj0RT 0sUMNjp07VzSWS22LiFrVvDwfChPivJzKvA JG12iVhd3j9grv_tfaloGEd0iUGPbRl2kjMtZ6k=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/b65klFaiWL4ZW kSBNQjQSnCKgzSXY 2SFk1ZABgvB9QttYI8A8vjzlafGsJ2PfN zdICK6b2_tqarXodQz9 HZZvLYL8gVOw yLGBfejxpgkze_SakZpYo7cpc4Yx9gsigu9N_LXdwo 3rENaVnPmlN_mXMM1a03gPIJpE771OIw4qaVEtT6ZOvQL2G5Fn3Af6YcKyy-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/CdDI aUnKRRFnhrFVyedaMldnyyI0RhKgzOkWBSDf t WGGtgM421omMSBED PQ3w7w1ePmOT5g5KBr4V3Pp4vARItb4WTjYaQbTA6ebfhwygQs0fTCQCdFujuUclWPHNqTvWu0LdLuSLmzP713GpZ4TfcrS5ZH9JbM7Ub7Yt6MvactsTI=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/5AayOiY8kV_hZvOZUifBMGOhSu5rKb3LHCiMRqTDEwpLbXTCJftDoW6Nay8YnU2TEgBtzP ipVCvcPIZixRoDveTh_Jn0s6izy_qZoYsHdUa2lfsddLl0rGGJHOwkQPNnYwakJvnaGeuRQVFUP9a1NihWblKzid6HqH_8fMdd3pSoj4RUHg=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/YjIEZZSKSsJJ9uE4MSIdiPPHZa3_gvmYji5yJ8 q5nlgn_m4Fs3KrBlDaKnuorrnUNbPxQrRaVoNQBFnGE2S8LT2uIXT0aix89rrQTBTVcw1sHK r4aWvuznkQYWOREn SirZxrv6QoigUwDedRhDQN9FQ 68UkyrvkIlv4VitL2AjCfsPPXvYC0H1NbGu71V1bb _e-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/yAMWlDhsH28ynItFiV4OSfJdYSRd1GKHXgndxqDIvwaOsuPdn9Uq5cYU5y8CQH4IFCC7RQnVN3Tgh5fiJDeGlH sYDZLQ2yNWXHG2oobuw9 qeowoPTrfQ_TAYi8xPECDHPvVnAyJf5mKox652ss 4McbbYD8flsXVe4OW1JQDGsBNlV5_D6A5YH6xUzBYYhhe1g4gg_-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/tcxgeFJXh 4R5da0ZGZZMHX XHrAZMXT8IzvZcXyI9mehjAKpmkNtmMNUjqyytRiEd4pX4ABRS0ayodDbDAgcdwFcn6XRdSqThHrHT6GHScj9tahSR7abeukIUI0LYHx9e3dSCIKfvpTrK05QlEC9pf4nRSwBRtAAFn39mSoY0OhVZXB sO_e6X_6sqgyrQo728370pp-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/MKj_l6hS9QUiZGLOBHUqZRa OWgQT_Kar0kWX0Rv4reMejsRBG_4gGbgYNJhEU5uLUZdFvsZP27Kc5PHPeU_zkUKuo6Ad3kFslG_LG9TQeRkdYbmsVEL76sIdQuw3dS4bVSgnmYfEa9zDc1__vbYooR4xSdL7YL8XKUr5cCGnRLjXjbNYjrviqHaY9ykkc0YKZY 1UHV-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/0voqsEvwG1nsb1uCbXoDDbUov10yXnt40fPiFBOqZ7m58Jmsa0s2E1Xz53_j85U1vutdW7e9a hR1ZPxt9VFuu_dCrmZ_jeyGgHf3yRQopfAiBNCE4XEyznrF rB MQdcPgBgEDQ2waM3ki49tt1WpyRoE1lzsRnTrM3VJUTw1EfrOw 1L0=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/Q6O0oyveKGgSfOe8GfgiUDTuTq4F5DD0NMpuUp3OwurRD8vPEhLYBla39NkFaC1cyzAeHWh5x55YNMxdezoWZXsUafsiEiR cSBNO DNsgn88dt8IhmBDdqB99amBxgwQBCZcC28AU_RTtTjuVFp8ik726bRKg zg3awQCTl jdTNZxcqB8=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/fcsQIFilqYDLGp3kOPxm3fnAOsasECtVWuckkr1poPfpUlwvx1e6zhqCkq7Y0E 7utIjiUWkDvJ9ihL3nSiJv77vjx9WGqljR_vu6HRbXatJVX4SI1qZziVfdhwqhfQYmLyDO23B9c3u5bv_8TmClq9Q_kE1R_yov HTl0wN7EwCnbApxLQ=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/jhs oMlOgtu1X 0cdlDu6cff8muP8mDTBDhG93QZm6QEh4cMmvzv7yvHhK_NT2W1Y3DHagwRcwLG3gVKM9RgoDjatroUB0Zg _2CGnMEru6NX62h9DBuYdsIlPuj03_t7 Z1TEjFV jdpDWlbKI7Y9p7JruX8wnRa1enZsxbc9PRNoIKYfSMAGMNfbYIz5kcOLJpbHI7-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/0OYlB7c sa3HnHKnD3jjljjIluga3zX2v4cs9nXGnVM_L_lfOgN5WEh_fuDlVKU_cIhv06SI9m9IghtXshX9myDsOR8QABJCm2tBh02FRfxGD3Aa3NYLXEcPrN7xC8_41D407rLs72OXWZgLVykuHFYvx_NZRQ2s5Qwokl62IBVawwc4ZGsEMxwBh3yvbGs3ZCcqlr4l-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/pJxgOikSWz0E9D5Bp8M4R0ncGZKtjR LBP_t 0czrPL1ECC3DFbBIE15uNpgpRFbgeBEZC2sI7sHoG93BGIZO2uLZs0xGyGpvEp9IvYE8a8MRMQvOIrY_6YS1qysyWVksQ0tnVTaoQedNTlT0O9V6UDLsHZe0P6gPeH5wpKOOULY TSyagrOSo4Th3B96D_le TpCCnx-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/c?x=0yrgfR9Ku51QDaY7M/ZGBLDHzUUmyghn7sz34egnIzk=&c=5jr51s/9bUi/ikAPPsThoDP0YgL7jKzPi7/SDSEn/ktFjQ8aJSr2cC/vgt3cW/0Lt9 us4cN4p8d/J6Jdn8vtmKaiqz4nPN/Jc9fcSgqdUFwmPVqgVvFwaiHtkQIRenRgE/6ZfhyQEozLf 5tH vxHVHUQDTg5Y3VwEW5bcaGYg=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.capitalsharetours.com/cX66fig08lBsbM4dZQP5 v7r6mldki 73KDKwqSIzXdyqW9xWrghOs78AAwgZ8qAw5FHF324fzgTeFKORQORSZi7jgOm6SXu NJrgfXcyaDg2nNwvfG9dt_bN5Q UcP4tEsUDhnRErg_e5tsedn pFFn88hdGt9MRg6Pns0i6q2XtO6daqo=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/UJBEs0rGrV8I mTdkB1Va HtRtCluZaYMrp5zCr3wINGME4hpzugT32V6pEMkSXRgjCh7a5MONqMlk_LJ_GhvNDRC9qq wvfZ329VvbiNROQndGCAf1UilesZ2zjzQtQe7w8LnrNM2TwQagq1VTnOa16ir2PxMBtfRTEoMYQzW2EN62 vf OTRvpZ5ZAz6RmJExMOWJc-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/NccghpLGKVEdQw7iUPdzHTtlfrdXPM7HYJ5NSohsXLXHaDal0CLaVufKWmwcQg3hVRj8fDdwBxlSQ663qL44fTRgGrt06frcNLzk_EgkqifJ g2ONpyNmqvSZJBhqWAWavX9qulze4ZgSChJHTNGwXsf Dk2WDlhcGffIRy1TzHtKZprDHg=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/E4yGFCiubE8PHw_5592QeITPWbRPc3ynjYG9A 79r8UPgHu61LW2vZhwoPwl5Ap1w2 g7LKwsTdkREjfOnUfeJCMqINVlERl5TMhhVkRvYq6CtXXZP3PnY1 kygGrJuccQMSSpv5QvOP20TLL2hjAHMQ6XAV8gzqBnrlZZ ri5vHb4gwSS4=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/HRQpRwggEH2ore6gUF8LGlZ94evoFc46Q9TNH5ULp iO0AmmYdCCE_Nnmkw5 N1BjNIMdCwmVFfCU7L2tTEuy0Mpcgg12hkT821I3eDRb_RZG1nNniRwoxpQukOLz2vyiidD3hDFJd_ABKy16ikeiu8mXQzmDjmbkuo8aPDoFg i5Y7r EE=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/h1TDBqb7yN8PO6VjmZCQ10d7UPCojnUl9BLBxukOYVkXX3 2XxXotxxNluhhAktzn RdljY0kftWI3UVd2TSL0t0r JDrLAZJjCEFk74C5O443qu1eSOG43ifdD1DHLfXdyXijzaRaZ0U 6pqJYgVNFdm1I9ChlREjXI_kjuuiWM5h6O8Qmnxngr8sn2Fy_jyjkXeaGf-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/I4E1Nries1QE3B88qhS0jU0dHEIA vNCKkNNErJ51CYs4PrSgSHiqxHBvwpU7ZEsZhaZ3vBQo0OZn GvUvjrmvVelf25YTfYDEsJqWpgYWdCOl2V2gWdYfx2rPv jAkeGWRpJKqfLU1Fewvq7JOooWu7SsXnN_WFiVmruHRSs1IttZ7v_yA=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/wIA9KlW8k9ujgwcz3qDHLAWSCg5GG0z7ccE2Dfh8VBKwEkyEiprBkXHqEcbn3UVz7cVy3SyWHtyifgsRPd8lMlpF9sEPNQPnNMXytWYX003tzPMQhbBkMLfFFcMmksAi eXEPx3 Q0qsUTHTnV zRSM0il4DXEDObqU6 lJ9vYFEcQKXY_HavfnmfGbWU_yciAU2Cymc-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

Remove vdownloader_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.