» vdownloader_setup.exe
Overview
Analysis
File Details
Downloads (58)

vdownloader_setup.exe

Cagehebig

Criteria Quality (Alpha Criteria Ltd.)

The application vdownloader_setup.exe, “Cagehebig Setup ” by Criteria Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.vaultbytehead.com and multiple other hosts.

File name:

Publisher:

Peregosasi (signed by Criteria Quality (Alpha Criteria Ltd.))

Product:

Cagehebig

Description:

Cagehebig Setup

MD5:

529e566120452ce70cff8d440cdd658d

SHA-1:

4a3ba203a3032e220ba180c387cea44ea6828aee

SHA-256:

6368753a747d0dc24e118fabe9faaf2bc24184548b07d43fd977c72a9eebce96

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/5/2024 2:22:39 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC.Installer (M)

16.6.23.13

File size:

1.2 MB (1,260,576 bytes)

Product version:

1.8.1

Web

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Turkish (Turkey)

Common path:

C:\users\{user}\downloads\vdownloader_setup.exe

Digital Signature

Signed by:

Criteria Quality (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

12/31/2015 1:14:57 PM

Valid to:

8/3/2016 5:13:33 PM

Subject:

CN=Criteria Quality (Alpha Criteria Ltd.), O=Criteria Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11216B914C61A8F4896BFAF26489B9954D2A

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:jio4dzA/F2dInarF0nVpxU/kk2Oh81pSe3WRNwF7OkYT5wc/4:mJA/0EaB0nm/B2Oy1giWzoDYT5w

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file vdownloader_setup.exe has been seen being distributed by the following 50 URLs.

http://www.vaultbytehead.com/O_1FcrusMUjk8r8ikYqvocOTP_y9afUl8jRPGBUl9R1nFtYPJkYChx _qDQckvKNiRjefSMxh1PrMgbGKNW7r0xJjnMs2t2z46I1a97CkP76LlQkZPwnn2GwTKTVLnkCZ_3qAwaNjMWQJfG2oox2iGGAFXaRPlXxM4WdMbFmrJcbPgaTZcBhpGJuGwLx_OXVhYAU0AQ6-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/3giOrOhplgrDrx4BMhu3NqJsyb UYqlAROQfclX6O9vPSnmMDs_HzeT_I6ExgGb3PqHtd3cSnGdsB2DHySlitueAB GCYWigGc32CRY5VRs_GT7j1kxZrLnhT1Gwvjzg7AUvfc5Elvual96NoTS5EEUX3xXkCAvdlUtxPfcZbNUMMMYG6iw=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/QV1C90WvDmlX6OBe6uGyjiU _iRV12 1SvH bokJnwAO21_ihmBxQUWQARFODKvh _oz6vWDS3vV_c78YS5EtqhghghYw7UEcSx9rKRi1WkTzYFrVseb2aZ0BZ9cqo1evIDGBsqkytogzdhhsafPWRt89_dQrB25avCBysHkvIcx5iZ7L ALa5zHzEG14LqPnklAeBXw-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/ecvTwYeqcrl44 0Lk yWqnocXlBCBUvddKFOEUoMFJpsbmzuso_KNk4S LKiBYfunDzp17xClxbB4pR8ReE9sR53_1lYm U YsVuGH3jrN7l6KUh478O3mKqmQpEqsis1Grz0SF1v6B 9haWHqqpEnmjywVW38Ej3Q3A1bwNUnzzi8FDsZa7Z7YBHCmFJ2wu3Vf5BrTT-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/95pKbKYyIl6hbs2NhQchQ8bhauZwWuQCy2F_rbnI4YJAIodMpZ4fp Mr0tEmcScs6FmWC1RF5EZ3WcuVicepLktX2lWJ_aB 9C83BElHyibHchmP4zMl2EzgSoBqPlBDA_3DKKPogWMHeDLDJJ8wZtUc8l5ENxVx4YyZ3WlJy55oOhnsJIc=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/rzd5tweGl9ufDhnSdufvRicCsc3qwJXA0b2JgeYbRdM9PXeiQVJ5rAUZ 027dxo_ P jMZXhs99I8OGyvzliq6vOO2CwCIZ0U_EsB5ENFpoq0CAgkpmVZlraIWG2mcpv_1Kk20Sy2LwQa9G5X_LVKWdQLgnsaBPp99qDbA3pOkBowghf7BjhLKKTvVDaDzhHYCzyP0VF-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/z Qbkz6Aid7bU2tkMAaQFfaEkkhZw_mD7fZZ sH8f_Bfq1S5 1o3y5M58wdQQYRR1m01cRKr8ar4tciz4XfGBBYeJCatZAW2CWhjuP6IZrgSDlgJ u6VcJFpzmvumw9NpNEV7bfPgqceQ7NqZ9RmZkz2LKKjGFDb76agmYytYlGmuHTZh_go9XZLHw5JX6FiZDHpROJ5-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/SeGPyE1YyIBvvNq673dKH2CsZ6A9U MxRRb_t7rJ1PA_0XSgSeLjoPlRGHXbGLwNEDET3B2BvL3XybjKVTyBEsz8PaWXhWybx 8YXE0xfGldHCESEubOOwQBaO1EbyYIidzPTFddS_4xuPrg5m3BEuTuAGilWOzv0xR_ZPozEpTKcqNTz91HLnDsxYLXC4rgjnlouPGT-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/rBr81nCdhgUck0oWt4aSZQVPnYqGYXXrCVHOfHWd10u DUstkySGG3liUQibd2FqBoRAT20LoUecpiVR9SWwFr9A_cNjtpaWYQZ DiFqFpvE7zNkB1mb1LZAAtP 5woiU61pYJkNuDLCjFpBU_gYizSm5hbCm2YfxbudeRNDndmOXnUviiY=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/c?x=rKVNtmS57OorBMUrNXGiMPQ5a8yTLQU 1T1DxQgN4OI=&c=L30RIZPAfuIn yDIoo XamR9lw5ldCCg3QIo3IYT9rK0xbyd75I/zJEvuRIG9BWA44PNcdzj3PcTBJiAZVIqoGbnmQeW1ySClnylnpBC6OyWaP0sWFgmfU6pAFTFUq840R6CJ qzF0zgrA8Zqn5vV5Mw97/H18y6 o7vu5HFyvQ=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/MYu2wW8sE9LRjHCGyYu76YIJwLI2mLnxNy44m9GM7oCz4db6U4ImosVIyCpVUqqN6BeAOuiMQYE9g W5R_j_TjthHIbmE67DKc16RGJmksFIwZnmbTjAhVgT_EKvo6gY84MVkzhbkYkRENobfPftxyU62731FSEuDduVpJLOS9MWsXNADHDqRxUoO9AWtXq4Tw2wiOJW-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/KWtf7ygte6mL4cmdCvZH86SarB oRUNB8168NFqqLYABjOlR_uI5oejH1kRg1vchqhBuC1FDLsEqR5gQH_migZYyOsjF4rWp2ZSnd3a1hHxk8661Nq79zQcAsmiEOF3R osUpnFgr mdS SavWuYWZwtxHc3WX_aAZKYHE3Wk6Sra_9viwg=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/5D_6fGo_lxEOHP8ksSQ76kKx9msyM1D7wFNnISD9qhrGGUavWbz_ss5RcU44xE191SNEYS5dCGHOt56LPE aBdjF CVGWQ9OE3doE0Bfx2x 2mQemVxDmcCtT2ZnMV9gRo6 KUyXvH7V_YCPRScuv3qc8qqQlWMbYyDPOGcec1fS5hW8l6c=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/GgkMxnEAmKC9cY5x1LtnusXbc_RZmm2Zk6TY7CcSPEN4ICCEvOoC6vkJeoo3J_OQFs FbbT0WXQZFgLbaROqtQIGv1Fiu wFASIZ51FfsuleZY6nYJG3eFxEwX0YcMSvbwgva1TgacuHSQ3CeDH3fXOXTMrnURzAz94ZBH0w5bJBzX4VhxzmNAjhdSJGE3eyliX_Du2v-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/RFGLDcCyyI5Gdf3zjxmydUs1xloHE3TM32Tcv0zLBTyWVcftW7yz_IoAcTYfVeDdgjkqTvMNxOuBzpQE5RB9 Lr4Za682hxMlziErHQRZQDic_5UNwf9jUFWYrEfqCDqHO3paKtQIT3HjGDq3e58senqTUMguU0upHuWNTCZNDrykcuJKsQBi4ZvEMvypE05JigQjPJw-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/bvfFna_uAOMQx4dgAU40MnsIp705Yf2JrStzwUJSMo9Tg xoiNe2Jj8w7xPmS03Cmv_MktVPI2d51z13mHHL76odnDJ4DYov_RrY6AHweNewkiLDFSg5RwPvI48yUi1vwMDqRJdwZDgAWcjIKicHiO84RmoQ3pnfHGstWDVMVz23O21xcVnFo4 nW8jVQPsqaUvxhPR5-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/_AJu_ szZUth1Mj7PTFHY_akYvkGdC yOZSShF1LMgiStOrIUNRg7wqIwOGWc8JPETDDgk5 DqS90rzY_WoPHIg3iv69d 1y8CSPB 0cLThUDLmp6es77Pcp5anwyDkVeUD1gPq5bDNzzTz5DB1qbcI1wHrTVwyGNiOfdg vTD1ducfV13ibxxnjdy3e5lKnpgyS3 g6-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/5KurCBKCrroZ MIDk1eMyzsdPsWEe5NvOaTXRfT6Y9qLDfO_7Zh_GsXK1k yVAB6qnw9tzq11TKebDXlwSIRn7hAQi8bxo1Q3lueEWTWQIZikafwfW80ltHZUU 5Vu5k MdFrgZxTvrgAu4RjmqhLD4rloE56HTppWT_eMToenHvDRlSwc0=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/xeWHE_0b4PCfdvR47q ZLW4hBPGxbkBJPNhwdbDnWfrw9x3aJdCmCJ1vGrZ nddDyFCLWpwKXGbXk4gbb58Kel10yS9GIQAaVWDeBKx7cpA3jPGeHv2XzyyV9sSPuzlnnQs_oEo2ShQzQ35893RQ5m8xRVAAT5j_tJTTlbGbL5NHZUz43Rc=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/9Z3_4Hwog0OhAyDWRVyaerFEwxFGpqZ6SFA9jMDp6_Yeeu4Rk5g3w_Etvu1VS03KQyh o8LTauQ_qRs2WLbW3xuPgfcXXFZrt7lSRL xkbUsyIOV45fMAd rF33Yy1hfe uBqhOA1hjXuGDQOdXJMjCgu0k98HpS 0j Hka4WpdwTkXXZgUmCowVxvG29o3Nwa5uhf1c-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/udgQ6w4Bp5VmD4v9SZcEdT6em_tXYm_hRN0jcA01B9oZEXCUei1K_rBjrLT3a1x2QcCDNHz5b5xH1B W3bqBx5yKvLW3_48O0GEOA5zKWls1V s3SDEk65Mrme4pWj3bdB1Bt9KIvROsRlUJ4fhCOQKSj19tSHdMPj63aB2ZnKkkI0jYu431dJTOaoGJxF5K7NSBvTP4-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/yCrj33703vANoJ2Y7BrNG2TMU8y_B8t4mupPhHi8JtxiIIrgcXioDRg7rzFHsfMqX8BLyTWUp41ndRdcbc055iuQBXG z5c_k5fphHfJaaI1OdI32lYftVpp8NYEVoEQdFu3HlHKmzYx9h7VL4ohRREdYJ7NGhIlk_d8mBHz1vYoQ82HgGV4xXfiRHw5TmJ_j4nLYI7H-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/wF98kL5JQCAS1ip2JeI3KKq7gwQJt5jLNjcivpEIHgCGhYdDg6LoWR8 i1bGYBD0tOEz_1094s0hGdhGIH9 BfNYW_83ZY_B1xfx709cNaBnnBIOq9vfKEdFL8S_wVVz2HrMDi_okM2nbMbsblXuQgPYuWPgyceIJpF33zrIVNCM_2ZfBKFPixUYhTHClF5WQBBSWzj0-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/hch_9wa2FgcMHZEkNcH6ZYUhqM55fLx87qx F1WBdEgLD36xE3hun9LH n7TSUBmQ71Tzsxau2YItgZEbishiLvXXWL nynUn0ngjeTQeen0M0EhwkoFpnoJz1FWtaPjO_QG87ggGxkKL_r60beZ9Uk1CcljGDB8STcKoYKrSUfGipibFyQClIZAv2E67cbnpESUkuP5-GyAAAMQ5hjmJLYllQfa6kElMkUViG8iNs_Yx1UVnkLoB

http://www.vaultbytehead.com/hDgSZNtdjqKNaOGf4 soMzHbLUneFR0LC36NLRJKZJm4Cc8BPPFHp9pmbwt1BGqos1B3fSWjcF16wBDcCzaqz6Ja_zuNyC70txOe2XXHLdqp 68jn0l5GaerjfrCdbpv49DQIXQqr9EZQewq1jqcR0GzadFDzx2OIHkJR_N4cOSqhNsBGL81cRKIdK0gDwvi6jkwEVFd-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/YPihtok2_xoJXsXHEtjPbyGZTtiWb1SaKmascCAh8scmvczqqeZA0rj038iDLmeu4guAx1SZrnbVSFtlulVRqUXZvDst8Nke45hfeQmC94FGcWqGx ihwlMQ3sYPnzBWOmEs59w9zUkhQ2MYUKY0rGaJlfgH0xIK8rtxFYLQvDw5ORpmrYyzxGlEh71ijFtQJIt9Gu8D-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/NGDPbgku3hSafZv5eG7bLUo9RlHXnKUdN4OPFF4jMA1CLOBltXD2oAv7Qji0OxANKWxfXDBaV2cUe8liv9ZzHAe8YGEsSNkV95oLt0VJPxgmABEE2oe0jbFMRnpcx2fFWXiRrwsn9fibAOPKGO7qWDec9bZgi5xQ_4RK2aDdCFkSOYTmiE4=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/GNoQwO7rgG3hIS8rXoWltZho5y1oI7gzqU czzGkcccySVAx7Fc76lwp2cV_ILMKYdker5_n0kE1tLKdSgn2PWLy_9deWs0C_ieDq5bcD9BlYMtBvlK15o7xeC6JoFEn3kvJujYdMXY7SRfkKjrCpxOzgvaXaI6BfN6uuOwUvC 3760GCnc=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/uZWvMN2YwI4gxiUokl6OZ3KaLikTQtVDs3Z9rursdGm5jE _vk P9NPZhpiNzy9Cx94osJTCqDVa5cUGbGK2o3GbKqIFfW5ULzPKnsbA0wcejbdxFQR0vF2WV2CBsUke 4XwkZ15R2fjPFFDILQrCWvzORXtcisHKyrGhH396Hk62xaO3sE=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/5bRWwBdE5YMUOJFjWp48L4JFpjqXKQy6MdRbXxUdV3EpCR1gHjADoSwzSwaf9Bpv6K nRxtzZmGMYSR3WbjY0vqKxXsqnLKUPurLrvhehjNGO LoqBckJI3zo64MROa0pEwFfTeV4smxTRzZHhDsmJ9TXPMyZ8HZ PDAZUgM1q4qzjZDqJk=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

Latest 30 of 58 download URLs

Remove vdownloader_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.