home

vdownloader_setup.exe

Dotora

Setup Alpha ((New Media Holdings Ltd)

The application vdownloader_setup.exe, “Dotora Setup ” by Setup Alpha ((New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from www.vaultbytehead.com and multiple other hosts.
Publisher:
Setup Alpha ((New Media Holdings Ltd)  (signed and verified)

Product:
Dotora

Description:
Dotora Setup

Version:
3.5.4.8

MD5:
77e3e27c15ca4797a2f87629b74807e4

SHA-1:
3eac5c37f9ae399a92fccf663b2511b2fb0466a8

SHA-256:
3cf62748f1300d601a64aca0bd370371358528e9c565f6edb3c1735be3ca1277

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/5/2024 2:20:08 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewMedia.NMH.Bundler (M)
16.5.8.10

File size:
1.3 MB (1,365,832 bytes)

Product version:
3.1

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\vdownloader_setup.exe

Digital Signature
Signed by:
Setup Alpha ((New Media Holdings Ltd)

Authority:
GlobalSign nv-sa

Valid from:
12/17/2015 11:41:44 AM

Valid to:
5/25/2016 8:42:13 AM

Subject:
CN=Setup Alpha ((New Media Holdings Ltd), O=Setup Alpha ((New Media Holdings Ltd), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216F55CB04783E0F0E5AC4C45115E1BCCC

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:FRMxD0xjYs64B9fuhlUZbhEM0/3UitYb7Y7/68NUA5W1Hn1:FWKlY8B2lUZbz0Mc5/JNUAI1

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file vdownloader_setup.exe has been seen being distributed by the following 50 URLs.

http://www.vaultbytehead.com/c?x=lKzbeyF6sQcDgqCqsAmKXtAB6CL9YFBvQbSb3xFoavM=&c=kEQfRztIUbzDMO7SI1axHhsj/IaOjOB53KxVoQN MJsN6SejarZiLGpDmu6SkxfrRTy1OdlNNBzcf pjjO5H25imJuASJnBFuE mbO/zUOLNksLOJBzY9x0LRiSzW3Vk5AiTAASsSYdzr8X77l6PBU73xPw6IqHWP5APtBhzpWY=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=3pJokB2wmWlHsAhD9sW8CJ4rikbUsztMSmCRnIJIkdw=&c=tHTaZCvOwJqr3jf77xOdvZN68dFXofqNt n3xHWVpXKstTI3Sah1S2ShmsvWKnLLlD7ui9NTXaHFpOxN4/nAkgOsHmoEVwb8aMGVIEj7 o0TFegNRFc DZol2ZuP1YzvcV9Csn0YX72s3MUP1ZPxyeG2pqlYzngu qtDyTMJZBg=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=iduqsPWUaWJUxduIEc2ZTy2FyrgzzMAYF 7rFZPTVBI=&c=qWkDj70PngWmiqbB0RbhDsCAY0WEH2f4ACEiDN5xaTgkfVA4Zse0KRTkMGO1EfktUNpFS4QwRT1Ez/brbI6hcOs81fKNFp noS7215px1 T a/XBeWMzdNEez92ybvJ0/3G3LK7mvQqNObDBP6Itnstr2Cg1wF98OVRMOFbbpgM=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=nXFxqN8bhomaLPN y1astQhz3DGBBAVuzpp1jruGh6s=&c=NR io 4C4o3iyIXe3lMMl2H2LwZJwwJt05qaTVvrZ7wYfUAWumfs6vT0 TtndwuawIa1x4NS7djdal54zznld6EN9nvK6Aya0ycKi tNBTp8U2ssFIJeTDHN36zPvAkAsDmXUATyeRmFC/YL7nCIiwhDl ei/KQOCCXOoW3Zh4A=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=7rVE8argnJUOsAmjqqgZPSXvY0nK0FkBLapm11b5wKs=&c=PgQREmiOwye1CP1bHghcWErV34NS1qSmOE/x elgFgIfK9sOkwXgiELkgWv1gmkM2Br 2gabeSb93nbTDzXlkwbaIv auIWhZ/VF5 kMdk9PIesyur uNQcjyf5fumrIeU2dGnuDXDOe7dY0vlDgTBsAWq/6ht rb9y24cG/GLM=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=05 K0/XWJvX71MrYrwLA4aPoZxkCsYA0STis3WIfLkQ=&c=5tjuZ6QZsddUh7T543C1y5 j0xT0isSpXofdeIapm4V1RnigPb6T/8hxYbUdzFEtYvbCG8oYmmYT3F2n39wmZsJIB2c2t4RhVcgGaPdQGX/JaeGWEPvKzTJNA3tJyDkIW24MToogBzmLXdI ko6hZSDrK15CVYYq3YUaPk0mEo=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=hUsJYTP3QwLKf3/7R1XK/TPSTDU2nQFEp/jeIMQMTPE=&c=H/dDIM8vyDxIfI4NjIYk595zhkDUQfXf/qNeWzwLlLGKpDspXa6nqF5fj8Iz5DvzTJDY6Pt zSyy20SiDjWXuCMJMB1WL4Eequ9OUAuwsQ6 uv17Un75CnM/TuNI21BRX vQIjr5l 4odblduQ26BzgzCxaxPCObUK/xsU7MuwQ=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=HULwLtiUcsAkekmJe3/CJjn2VBpCo6rxFWVnOAYF5l4=&c=Unl2T3NStJK1EQcLKgOdlRkNiMoEtP3H9oAOMG jvNcfWUcfbfSDrsnGT/2aKXfEUt0dW UMXUz A2/lNUUsmdpXVFJVYkIZQg69McSureIxTxI4dLX79VvLKNeckduVaGl6IvD33ZGauW I9GFf1ocRbpzZpEy9GA6BBBfz8yg=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=MhclyytoP tMDxks7NmxPxy6M0rUEn605LrppWklmis=&c=dR8RNKezZa2yl aUwhLaXUZA 3yCDeunVI76YwPHT4t2H8fROT1iyvT8AqhxzlO/19TrL51bIp/ttL4Q3UCrYrG5Cy7lf3OwbAk/OfIDI8PWe7uqOg5aAshWGpnr172RuSRJFgOX0MfhfdsRQOTUZcrlW1qqkGsMP9FgSEOqSXo=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=rXF6qoJxaUT6UV9bYr4n6nY9eIyhverkZkrd9i MEzE=&c=j0n j2DqOKVtWqBY9AG46HUTBl25wBIwLJk8EBGgvHHWfKWlf0fB6HJOVBXWyl0k4yJhHqE256lY6Ow4KqVklDqhcBu8bMbLoCPO02637w6nnpZuKXriXEcipaWU6Juf8 IcFO71wwytk0UcPE9nqg==&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=VJAEObnVNAqc1Uv9h1ui/c9PXkedTvXIaUle7iWT5X0=&c=n30u550GIgZQXE5fG7 DGJKPM4haOjyKuY23copYiMvIz/k9ksS1lheikE0udyoCVbIPSJgpFc6FOsypjXrTwBuTw0KxKjyAvLaiVu6UDXGhrnsrYDw7AdJRwLwFvYvm7clqt2x3PI7rJBO 6jbbO2B8vqGYcnGByTFEriYAFTw=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=VbhK9OBmKGy7ypSkuQXtayziMc4iK06RkjyJ3b8pnYU=&c=4pbIWb1r9VmKx18wu2ypdRDmzJECe/21pkEGCpxwZbmbMrzKel75YVNo lWUgVX1gV0zrbyTPF361iJmEHhE/K0t1oIjE1PAjnzyphdUV82t2Uz3dHiHXUZTMAJwbezt/vljnVLfTyP wuoSJp2dIQWuZy8fz2EJzTtEI5RaVtQ=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=r0KH6g9IsyfmnY5ol12OJGUuLtZjxgOTJxscLh8Ei8w=&c=OibpzO GcakqnVLLO422dNNVug3q5hM0EXccgvb4es4SB7d4TrOXXYmN3U4LRQeMhLCXzEhBuzzVQhKrdW9Vdo4Cxia8mVIXVFfnFKkiOQuQuySy6hptNHkKnbmKJLGVHiyOYJy9rp/DZ0fsLWEPWOdQ6YhiOAEwmoe62RmrbC4=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=67ytg qFmULALPx0M69BgSiNKvGvqfAP5nGWqFxZ sQ=&c=b2 M8jMrDMefkNnHxvMas0V/tbwIjPMm6QgB9B20T/MG 9fDz9zNP95pA DLGV6vRu 4pEaxIddtBTyps9RlXLcK884E7ByoM3qbbHwbIqJWxB2NEaZxqLQWVh3A28tDrZ2d1CcmPqcZ4vr/uZDFh26K2ZXZ/5NyBE/f6t1lJS4=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=lpoJ/tlU5Rbm YGsqtmjHkC1rrnQr4aUpLR1W6l5CkA=&c=37lqQKeLwASQ20AZCslljt1QguNQ9mBx27HfHnSenkojwpD/h5BiPJ2BpBQumJD0FCjImH5ZQ8RH4jYxci8bQS5FI0 ljDVANZHrobu0LH5JVn5Qa9pRtM11IyXST5rmnqPq5OYz6VuT/YT6u0Dwm 2j4Bw7OSk/aJWi/QJMmpo=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=ByIChcOV9wygOW2hf/qpkNpbOMOcHQKKLJ2HcuxpPcc=&c=B/uldXDR30vEKhTMlCQV0TvhJzAqyezNOUEipANYWWCVM2A7YHCJ/Davc01Ymcs9usWqjfjg7jqxz52VEymx0qlAXszG6Kr4WEZersvU41FMW/P1 oAYegVzccFWk V49Zl3VCjwZkdXWlqNjVpp0482xRBhHogjTW7TkMXKYyA=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=DMGhW8HX2Rjnzf68utKBNgMhGxguiGspnbkCzxgtgJo=&c=pRnAcpzswZrmrpYftYkFmGhpCEy9DumLVNmXt6bg7L/S59CTCVJDIV D0dtPTCcC3p48DfGzWOgw 8Jgfu/KAnDgPsxmWOLYyc0xzlS5wH/yW3ayEcBmnhmkg0 Ueze9KuzM6gRWymvRo2mQ/3whhuNcC2GAqQRF plyldg2Lf0=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=UfmwEWZSINn8WOXc04FEGgrtwi33f9Dy55SJ5Bg/c Y=&c=ZKQ3RuPVLTzHr0rAGxhqbZOY3yucs5Q262gEbK9cQr2IKEPoCmifJM3qk9/S0mdMlenpmx9XouYVVXxHTSDIAj1zI1SNrk18A0oaXsrzF01P1N0zwk/15bb3qhavY9BVllfZL1TqW9DNpo4l8WRcOZsvr3/90nWryuCnkZ1XMsE=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=3hjugC/oAQ/GIY5NlAxhHllct5NWAPdT3T08oQpcNGk=&c=w4NajOYedF5OnND2ab9RlSt7BOInaVkyTap6Tr 7CkeTPW92Pk3le5i7gi469PUtUTyhsdiAjk3PjvnHrU7Vg4jYnCkzpMfVaC3DBSrYHNbcfcoeJ6CF/OxJ9ghoMFIO13r0IL/veJ/rpcDIfX4qrn/3mv4amKYp4OwjcDhj93Q=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=KbhT 87PL7J1DOqMWq6NpG22rKkupU/QU84KZXIpuA8=&c=3iRMoMVqIP/3wlOR9OjJawVxrqmIFfdAP3AjCrdjUJXq0G9TcfLOe1znEnrogoXYRdB8M4vylAuQ0cwsRtKEMUB8nyNZOcAXQJ EO/kE1YKgIc05IDNXcuBuAgvN2acueX4y/mD3GAOyFKpS78FJN27CIX DbXex4BGdZoTBbwk=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=hDv5RgcM2R5gbgNG8IXKePUC5BpUoemrq6pbDW9y5ys=&c=6bZOCuBd2CKja7LxzQhllfsxzvYedysqsLPRc0Mi6nNVhYggGmjW0yPcV6C80g/Y8 9TvATLHb2E n4ktl1Xn6SRg9tm7vRsEACVzxQWt59Os17tkVBFsWABHpkNWb j u uYmnGeDtdGD3xQyMDbQ==&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=hPZkBJi9j1ImoLhYNIKSe0ghujmeVbT3MpKIADyD4bE=&c=baBjzr MOVL8obemXpLic7wEU4haLs2C/8I HmAini1zT39YtlXHcafTGnooqrdgNS0c5hUuBYzw1oZmIdH65n04k4zYrkU1agziJI3MPP u P6deIaYNpp7/snyBVSNT5mRr2GZAmupObrr6kBG0hkryuPYMg2 t6Sg/KrtOi4=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=dFGzEESvBcEjPvBZ5V0auGVNluT BZGMT/CzvWZq m4=&c=8U1agp7Vn//RwJ8sxEblJKAj ndRRvOf3a5u0be6ghMxAb7AnuDuhu9OuWC9WLsLVBjl f6t9QiaKOmrQ18fV8SqSR9br9xNlWktK5CQLjKyvOUed/BndWj/j/aAy4MAdlMVjkNH3AX6z/EIsrrCF3MeYDSnM54wpejG3F 6PWc=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=r6VpDPDrL/E6EuEDZ4hZZzOgZOQmH39FipAOzMvbzzM=&c=I8 /LYFJ8/GYbLqrRaTLHZCqZoy1lLoWiISFtztfO8AtcV2zqj3/S/6GZywdgPsLXu 287ZC43e0V5IMDmzlMXWfoUwc4aWw5tmLjKlKYFc lHiJ3S1CWBdv8XTpbp1NoIEI5Z99PrkmKY4w0eGeERJlFg8Fs4qGV1qQc8mjiMI=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/WVl6OTRQVzVuTjFwM1ZYQnVTMVEwWnlVeVFrMWhkMFpUY25JMlEyRlJTWGwwVW5Kc1RWTjFhbGRSTUc1WGEwdDJXU1V6UkNaalBUWXdXbk5yUWxOa2EwOXNRMnB5WjJWalowbGFWbU5STldGS05sUmhTV3RRU21veVdGaGxKVEpDYlROdWVqRklaekZaU1VzNFZHd3dSRGxZVm1NM1l6WTRiRWR0V1NVeVJubzVTVzlYVmtsR05WaG9KVEpHVm00bE1rWlZSR3haVDFsNGJWYzVNbWwzVDNSMWNFRndNbWczZVdodVFqRmplR3BqUzNkVFdtaFFZVmg2TmtSV01IWkdVV2QyTUhORVNIZG9RVzFIVFVZNEpUSkdVM3BPUVdjbE0wUWxNMFFtWlQwd0ptUnZkMjVzYjJGa1FYTTlWa1J2ZDI1c2IyRmtaWEpmVTJWMGRYQXVaWGhsSm1aaGJHeGlZV05yWDNWeWJEMW9kSFJ3SlROQkpUSkdKVEpHWjJWMGRtUnZkMjVzYjJGa1pYSXVZMjl0SlRKR0pUTkdjQ1V6UkhCc2RYTT0=

http://www.vaultbytehead.com/c?x=DEYP9KsMgagrM6/vWNdtDcCJFfXdW9E4dGK8R84A8XM=&c=qmBaf3jzz9WQJxC7LFMCDaVlfFqBLTHe29xb6Wbt4 PyURvMrOgBGlVdACtk8AlwO7ehBJZ/5z4Tqcby3MDGAuPgOrqIHgSvOsTU4ZBP1OmVoflnF7q4CFdSyGmfFnFKHgprB4wHRYelv9els/iQ95Z06t7sE 0PQbdeITtG1Ns=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=wQ0EK79irq Chu 7 iwrNjYA3N Cz4hFaaz6J/ QKTE=&c=vMzGztxaxE42XFnJKq4GSQiE/6SWFHkaGK75LQt8kVf1XZMlpqc83D9J0Vko1wKYWhxzdhYvDbz3VSEmDlY3U4N 05tG5GGy0zUyAfbGCd59SDYaJ0R Z6V19H5WcuQrTM2Msap0Lq05bp4GLxw0NJIkqD5lz0WKW WPZaBT37s=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=3BCmYMm1eVQXw07Dojsye8IUqtNj/IlzM1I56jbJ4GE=&c=TrXC3lDpmOo /KLZanMEtpXA/v0rCmqwQrkdS81Md72TWzYYCU3VWHAI/aE9YJpWBQK3ME nakelUyq1Vqh pDuYrKU3q69Ll5DPaOGcec8g6O/Fpk5fuSvmifIS2WR8JIXpzCAjDrdaUKZMp7yZkKdYJAHxBA1kRP03dilc do=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=dCyYJXcd5ljv6 CRhx /IOJNDwJY3Os2cTny6VRG1Ro=&c=MGW cuibj3un4gGiVGm/OqCzY POaaYyzGAYtcd7Tz9HKCkx/dOgH5mQ76m4dBQ dgKuh6fUFemGirJctPvhN8cwEVnVxo7DcHA13CXxtbRQQruCfc3XCsueiAuO0rNK24lEmx/28Cf3Y26vCNX9ZmH/g4GOiJ7Qq53ggLrbO20=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/WVl6OTRQV28wVmlVeVFtODFVamg0UlRCcU56aDNiVlJoTW5Ob1UzVlViWFZXY0UxYVozcEVORGc0Y3pkU2NFWTFNQ1V6UkNaalBWaFZTVmRHV1haSlRXdDRhVUY1U1Rka1ZVTXpaVzkyVmxCSFlrNXhNRmRaTkZsMU56bEdKVEpDU0ZCR1pFNDJUbEJRY21jME56TXhNVmN6YW00bE1rSTFKVEpHV0U5d01YYzVVSGxaUnlVeVFrTldOMDl6YmxwMmNqRlFSa3BYVTNGWlNreEtaWGhIVUVadkpUSkdNbk5wVUU1eWRXSkNkMmR0VFdKRGFXMVVVWEpOSlRKR1IyMDFTRzh6UlZsNVVGWk9SRE5WWmpVM1VXMDVaV0lsTWtaak9TVXlRa0VsTTBRbE0wUW1aVDB3Sm1SdmQyNXNiMkZrUVhNOVZrUnZkMjVzYjJGa1pYSmZVMlYwZFhBdVpYaGxKbVpoYkd4aVlXTnJYM1Z5YkQxb2RIUndKVE5CSlRKR0pUSkdaMlYwZG1SdmQyNXNiMkZrWlhJdVkyOXRKVEpHSlROR2NDVXpSSEJzZFhNPQ==

Latest 30 of 107 download URLs

Remove vdownloader_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.