home

vdownloader_setup.exe

Mita

Criteria Quality (Alpha Criteria Ltd.)

The application vdownloader_setup.exe, “Mita Setup ” by Criteria Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.vaultbytehead.com and multiple other hosts.
Publisher:
Criteria Quality (Alpha Criteria Ltd.)  (signed and verified)

Product:
Mita

Description:
Mita Setup

MD5:
20668a0571a8ee5bd849fd9541999127

SHA-1:
4297915cdf4f29e859570cb0008af0d3e36875be

SHA-256:
89c42d1fef7a5dfe11b3cdb7db21815eca14a33e1fab5d0b75476cc1be79e89e

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/5/2024 2:26:53 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC.Installer (M)
16.6.23.16

File size:
1.3 MB (1,365,632 bytes)

Product version:
5.8.3

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\vdownloader_setup.exe

Digital Signature
Signed by:
Criteria Quality (Alpha Criteria Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
12/31/2015 9:14:57 AM

Valid to:
8/3/2016 11:13:33 AM

Subject:
CN=Criteria Quality (Alpha Criteria Ltd.), O=Criteria Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216B914C61A8F4896BFAF26489B9954D2A

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:7BiaUDVvx+QK+MWtMgJCPwgiXhEs1HRJWKcVXuLvaZ5Gy7dJqf/xXN:7QB5raOCPwgiGs1xJWKcILyZ5r5WxX

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file vdownloader_setup.exe has been seen being distributed by the following 48 URLs.

http://www.vaultbytehead.com/0OsgX7exPUAsQXTWDcGXH3qs2ueTjD3TiLHcWtpZK81TsXmdqTehVSSiBRUvT9tKRtBeerq9AHQ6F3i1qS0bBPckSDoM w6UsARCTXv 1aDvkd9GUzO8gvgjE4hCkRlA8GXnW3OnVKXAWmgSzfpqrKIZZzSG72Ruuy9Hf84Mb5jiSTDYNyw=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/ YXFmDwXdQKHxMP8bdIxwVol6_QMtvepUuLcZahvehOkj7m0pZVY UQzYdp78shM34egQXxoI2h67S_loNUXp59KRlDdqT5tliJ_Ps3 nme7IGUDvj4ykH5Sdjw_Xg2IiQve6AlR6Dgkpk0PW8bFVRPF3zCWrNDhBNfE_5QYJXDhyrxzvuQN0vq aklgMRYvv7rWGQfN-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/dyzoytfNprgnOJ1zb5Jh_aUigyQDp1TU_YVBDFYWWRfUw00yCQZhJ99M5pvqoZSTF2gfQLoNVQvUTrAStAVgAI rbP4S91FTxul_41 89LLcVRnbG6EagvFcvK85aYlR1jMl0e4nuHJyYa1Xy5VuVPYmLKtqNMrLorEkTlUQ6797xT7peXs2uCe_ u6PxWvva3VYAC2X-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/2QAKQm70D_awzhMM261Bivp399dZgI3 v88_B0EUGMhfXCcIpoVPck59XEcFiJOTgEQxZaNfe9FYXnpzCVKAyuS6tndOY7WR5OmvQA IwAHq2TOp7aKnp9z8VXh61ndCQGt8GeHghyp382 qxl66zdyihwF0u9vfxJszAnwGEVDyLVJoiuM=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/lHJB2dwwN GrhiPUYDAqd5CHCOcz5UIZPGAB7hRrIdL72ZlbaUM6Bty9HvN90n76RPIOzRIyHNwyC9RioERA0ytVn6T7h90_hRJ6wRtqJ7Aj470Sp Ur5l3qAd XNxZakZ7pTnXjXyb17rZWf5J_uThEFdKCMM561QQHUcIz_diLcBuf zD7C5mh 6gFmYt6lxpobfqj-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/Z0OY_v2ovyMVzTIe9tqE6sXO3pkMq1BjaT5rIRqByVlJnkWeVG2ejRCwHnsVccXtKIhNuqu9piWsYQjtYojuZkwL2GSvmsAdVPwQb0MXC 5FR6NjZcX2mbuPSBZj0VDQhno64Ijhveea2MnMSs4Mk7sXE0x0I8z_g2N4DBKvY1ZoNhHW1 XG3QQ5IWRG6XlPPocIBeNL-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/yuHsF_9M3S9rT AAVSorJzrADvNkGdCgsfo6UaXaZoAqTd0AVWQD_rPvbXLBoe2ad6cSsWeBqMC Ij7u8gbJ0tYa6eik CjcHm9GxuKEINcahqtFogjE8MLdndJLNCdCsipkbYMkYbyb23uZUTZnfk95cFxIHgsN0dW3gvdv1tcJcpcp_h4=-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB-e

http://www.vaultbytehead.com/t2VsmGaYwI _tvN1QBqzUSYQrQT5FN2euFpmQsydskXd_LmcB0f9VG7jGB_JRXIg_StKuvvlI2M9LEwugIUbwVkgCEzvJclaV1hUjRTYNj IPbyaVQoFrWgNZV42B2utFz7L1gkLjd0eKs2SewxnKL2s3WyT ZkACCxealn VlGU4fNaBRb0Gqj3rjafxXOUzhpJkhpi-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/m1FvV4KVOPsn3QtfSeFmdidUSr4Zy8Tt1ZC6n1WMzhuAyFccWF2chTbjIRYTDuqhvwZTBNNpoFW07wrTZAoptvlAfGmu6dAabaI4uWGnTrP6fsdLDJTgrxnWRUVSkBTEiezbbZ dCcM376awemW0RJStAudg6kHON 1E7S1FEudDwPWIeEg=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/Sj9OuyV gwV0w32Foe74SiRrHRTfgGnRWaIPE9eLoGVQ5CWYKYYH5yC4cG_808dwbwChZ0pEBQZFHUukVnOq8o4JttPIsrfQveXM4PTSlGE4iauHk1TUoOTW6fiOJ2gjzR7n2Q_AkLWaqO1gvwz0SfuY9uEFEeVKIsPtdcvWQfu9JvcqKIM=-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB-e

http://www.vaultbytehead.com/5KurCBKCrroZ MIDk1eMyzsdPsWEe5NvOaTXRfT6Y9qLDfO_7Zh_GsXK1k yVAB6qnw9tzq11TKebDXlwSIRn7hAQi8bxo1Q3lueEWTWQIZikafwfW80ltHZUU 5Vu5k MdFrgZxTvrgAu4RjmqhLD4rloE56HTppWT_eMToenHvDRlSwc0=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/T7bWR7_NbEJLKGPBdOuX0PeXBCCCosSb3XxGxknQ2gngWc5IsG7D5thn7LENEJb4Nj434iypMdtLD a yxtrMHCrTNoN0A1yDUiNXF8pySgiSHc3KdnbsP5w2e7xq 0iKxMHSL00bLD4P0q9q0eh_tMVQWq6p0xy3TUnDMROol_Dwr1cgYI=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/Eg_Jrni1Z7yCeqHi6p6Xe554PpXmjh5 YqGqT8ITIhzQyi3cO1pDuY8gFsln AHibNOSo37GIjxqBJ8x7baWr4MQ5F2Ds_m9K2zFNe7dDfEzCwdAG1lCuyc7gfab7AeMzuJTHv3QS2hej1LGMyBgfWScrTEi5zE_3p0Aa34p3HSZPQiZinE8zzdVnvx7viCbleOJUrfs-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/2439HZUjD4czO5gSfat5qnbi94oC0OD09V_DNUA_fEhKRkKqiBsuf9VdPu8 d0hJrTloqpaf7EQfozFItpIF4kshQCvDjxqU8eykTjiVNffCp28FNXwf6xmAJQg6D_H3bzQ5QMZnaajz8ccV7oDoBd 9fFwMV IOWZ5fgVykLAPCpFVxUU85zg8FT1NEet2fUUnNxJa1-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/iuf8Ja8Re_vLQSt1QH5O3W5jF3_SP IZGpdBQQBYMAcTV03BnpmKDQQywnytrHHDbBnJVaneNaf0ZM_QTejJqMrdAHCl2uo4MKT6bwPfnymzGQiTqxhPqqMmlr17bocz2_ yZ GMJ7ycoaTOI92bPiPIJFvQWbKwfMFOWXwnW15fPEEcSc=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/Vt5yCzg44A0Wkwd6uVHrA yVPNf42n1vyfNwuNdQmJ2vqxi7T7coLPPFLCfvxR5qxH7k_ZrrjxefzHPI26kn8TebK5YZtCmRESXcWS4SjI1u_BzAeyTDaagC0N Eo8fcNrXha42QRPuROnCdkV9hv6vekJqaIbRRQNN9y1GR8nvz15t6Wvc=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/fNQfGtVF1itBoeLQZY mdQ3g9dBr40kvKf6GidC8G5ri6rU32ikZ8jbPpq6GxNm1ZD0t1UnsT98hMSaCpb9B86Y2Sx2wywZQJNAumvXXZo2xtgHO_xc8saQ jJOdavEBH1tvaUv8m3uBrXTXjgJ8m_EjISaq3WuVpuaZPEOGezdHrnC9Kcw=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/L0rhPkkny2Hm7Q36WmLDTHYdVDW_m_PVbuRgDACsU798wxY0M3bjeq v1uzO1aqjSdIAaHdeqhTtDR0oOQj9bTJMqoOTsbANryzkixeTev7XjuqVLoWARiIyFREPLRXBGYHv7kqXtghxEqQc7Rt91_yYz2rTSgvpPF7X1IhYyVNa4PcoPyJ_wyTniktSnHweE9hF_AAA-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/Dt6xRMT HMwIwBGTNTl06hNkaz8x0vSe 6dUBJjkU_Emrv0lUJt45yq1Ggb8mh6RHbmHVMc42ukIpM7zk1y2gXC7fc95nBX7e17gqXVpZJTKm1Qn94y4OcCxe8OwMUE8avxppg9PthWM4LlUUIF_n2neJgN5H286_OO92NWtntGulqIZHrwIucSJzfxrxYESkOtb_x C-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/qvOIrcztB7C6eJWeVu6RdNmDHlJuaxLRA1XB8XlLrUlFc5Squqd6ZZjuSVmPb26QFhSnHzrPeNnTkDTkoNTrMFllslDyjm9 MASmn4ByNEmzst9y2OWU95rXvtTVcgZ4JXldoXekRDGkIyZrQVnjx57_DDBngjbOyo5wc55Y9bMIMRkdsKw=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/VEy9zz9qF4LQVDgOHQTVtAJiec aszmUGileEOFxTSACA9Y05Mnp7IMQWydM10xjPs5ce jQxGaBHYapyO8izB8YuGGD7HW9nAkkph eVaBcxTiMbcEyuLxN37olT01dKfDdqluLciU 2g1BjpviD8Qa_Xajk_Zy00T oqTU1K46cbqRDHo=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/n0zcj_WI0uyrNntyA9R18PWQQroqfSWZgg4i2li7abRFgzXVnkMZOFcCMVnFhyQ3BqKd9D_0hdHlfsVl_ciiFw77IpSZ1frsy4bGrd86Ktv1QaNijGZ4tGDAAptObAyqgx hcoV4Xk0FBjVnu_AdpAViVzYlL2IuTLcUALHFT8AGJ0g_MWwsftcSheYgkw4LzBItBM15-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/8SUOvPMew mJFZSl_UxwVKddutxXKTq77Hmt2S8IHAgpQr vMUyIO_VLcBksKjRUPSAVFLMVGd82lM4F U RCPyMXKbzrcAwq9NovkUugDed94S2CcZ5HcabehjMpnwmsvAlgGY9NMOnOhkqVk3PciWQEOz12FeuM6rhURR05Hxh45D1A5teyZhlBltk RzXz1IuR_k-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/n8pypQWEoWjkmzeTVfE84IlVQRK9RH9w4ajUJTowARyN9oEL8JehBGfdQsCaMFqGXPOJEJtQ9gk_rdM7SWLbIbfmkFqewzI32ef ooomwZgX4__twszJqfCx4oS7iGszujb49y_PmQUyNQEBq19 NJHjUTMmo4Tg0yDRaq rZQ6IoophvV0dE92LJ5cUfI3hhR4OZu5N0w0JkEUPLmM5_QeetNQ40Q==-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/oIRwIM_Z1f_toDLsdUS_3biOI3k n8g6M5IM_GvTQq13GMyk7ybBKSZbSgFsLaD8ktC6tMli36A1BPLoDImHhvoFnZyE87a_PYOAPW030y2idzUTQadodBkbvlsOqr0CC3XG2UA0aGOyjpZ50pXrjkpdsJvHA3Y9pL8jKBydO0pkbr3ZhLs=-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB-e

http://www.vaultbytehead.com/s_dFIfTjJMf6mONsBjYAkbQZogtdnJ17EoV7kASTfJ5kqG36OqDhBfToCgBV0hdjt5yewHHbwSjKWkkO2xwVJ2R7tMWVYZGD6 GQ5SoG9fz3m4gzsy6actnIsOx9JR8vfoSGNOfGeJsoBsEYxQ GKjhYr6et7_ed8gwIFqN7dBwd1vfSXOLGiPdunBSpVbU9WgR0i9iE-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/xCm_SMB3TJAO3kgmFwXrWuNS2N7Kw OzFxZdpbo0uDwjcSqMZpxHqohj_nAcXBqDYKqLm9AZet3KN7Ho9url031132ml_U5bo31ekXr8koaL8W27Tgf7plZOChxe5o5LpfQU3Vi73cxKzOKDmwcSZENCFolFo0iYHIpoy9XdVnGlZBM2oJg=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/DWPA7VxUfQopkF543oASmUDv9UauADmvdqDQPPu LPhUInLqsVi1BXpzEsras6i7CaGmBXiUKphsSr4i_puvXoFrFW7IQDyVCQKAXRSOtBK4b9r2RGZBCVn5FgT9Fq8DeiEzYwK_tdxf5XLfqHwB087JHHYUTWLHcnFBRyNCHnSLbFGFnVopK7TbREnb4jfE_KIARgLl-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/96futqRcmAK6X4mDIuhkygKU5Yo_q1tnZybkYvfs9QqPPdSphzYcZHhafvwBnm0h0sxeS9KUDVKuZ7NSeNpB3SCniBwMN_0v1Bri WtG2Qrt9_SXP0xXLGpeFnpNFM3S8G1Ixlq2E5WMW9wWUB1OPHR_PfDgDC4F1v1NPAdvzES224V7gRQ=-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB-e

http://www.vaultbytehead.com/G48CjLsJWUSkcYDLXTZ3F7FCIUlsmby0UN7rUSW ro93YfAS2zjmlkvnSPcNAPuUJRrf8UdWWHSR5WkXdzr9mj48qdH8_f8b1yBkcTcGtwodnoo51lSPCie OlVdIM5M f60ayRiQ L1NFVPOIgdm0x8upqEbnsa7_ZfnzOIS6ZbcaDbFyE=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

Latest 30 of 48 download URLs

Remove vdownloader_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.