home

vdownloader_setup.exe

Kohoteho

Criteria Quality (Alpha Criteria Ltd.)

The application vdownloader_setup.exe, “Kohoteho Setup ” by Criteria Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.capitalsharetours.com and multiple other hosts.
Publisher:
Topukucuk   (signed by Criteria Quality (Alpha Criteria Ltd.))

Product:
Kohoteho

Description:
Kohoteho Setup

MD5:
50da38e9139c360cb7efb7ac8e3cb4e9

SHA-1:
4a9b269295575b1ed3b9759429f460409f0ef8ac

SHA-256:
859114c763367dac94fba39336a30a1d766f5e97a2c9bbf78614d48f283ce906

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/24/2024 1:44:08 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
16.7.19.12

File size:
1.3 MB (1,351,752 bytes)

Product version:
4.8.0

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\vdownloader_setup.exe

Digital Signature
Signed by:
Criteria Quality (Alpha Criteria Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
12/31/2015 6:14:57 PM

Valid to:
8/3/2016 9:13:33 PM

Subject:
CN=Criteria Quality (Alpha Criteria Ltd.), O=Criteria Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216B914C61A8F4896BFAF26489B9954D2A

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:Jidzow9CaaC/3Vo3Z7FL8Ruwv+glgwiisr+Fk6xcJ4oBWY:oTLUR208Jdil+FnxJ

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.3454

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file vdownloader_setup.exe has been seen being distributed by the following 17 URLs.

http://www.capitalsharetours.com/_RYRQbcjhGcQ2FteHvUS3b4g0qV8k99U 5KnnyqVZtgMq7whgN_6jsxuacCXCFcIZ4mbB3cDfDtE2X_7dDT4lLBLD_bHEGkC4OrtjSRI6t_jsA_A2Ti5llKE03nugMKwG6rtAxVS30XZxGmw7wJioXPg343KlVhud5PJh5QMlW3zidmhRS4=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/ehq8nmBlTF0BEWgefLiAtQe90HbhbqZNhNXzYyWHtSfvGp01szbBZ3I0HyOLsu4pxfA3Bc0q99Nv5Kh7yMtmJ7uEQzwHrfG73wg4K6G41GNS2ChscwK78l0hnMHlLz0TiHHrM2f51BkQP6gcJJIc79iPk8DSwwubScy Xi1fS0oXhvt ZbXvc_X hc2OTweN5bC7Ht5P-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/em3UPHXZW9R nB3rMZqo8g0kcYfFVdFjWDE0hxVvpPKilx9gTgDidtFEVtNP_LzYeRD LAWzAQoerUQjDSOkRK3zOzpvdoMIxoR104nKeuSYpVLAerMkV6kqt3AJGNp3KhI_uSHIdd CeowSgEjA2NJ9r7l9X1U_NQGp3P1_SeS D lQPI=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/HKe7tAhjynuTTh16_19QhZ9NhN8qdVOr3I7Q2zfoGMYx6lPvWLgO6WNu6z 59gtmHRbe2UfUWZMzxPQE4TPl82vl7Cc_mRnNoN59k9MqU4ZK52VlhyR6upLSRMNDhmv88TWLl3m6RpNevqB_Mqoh2 4F8C24Gu4PQ1M6ZC7ldPFokdPVxP7FbAC61JiM0GuZYoQE2V1p-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/JlKytxTKvARbzD81SAPvENOWdFk8W1QhQ1ckdjd7CCLuWrFkYuslhl24R8Ao4rWPW4MgysHf75q7axAOlwaEYw4fb4wvivrq1X Slj6He4pQNDhmiprBf8vaV H7tNL8Ew 6z4Ar2NVi029TYJrRkS4XL3 wUbjnCkhO37zTvZdelFgh8gpTAiDBL0zUE923oxm69hWL-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/6iu2aMi3tYf_hTSJyFRWy7oT5bBooOZbSU41csC26md LG xqA4ilKze16W5El5121vedhJdsFg8lJvvn1XLxRbvoU7Xu6e4HWDZgoZJvA3cTly_0fAj6rCVZB3gKVY T4T7cjMHGcHCySDtjFazZ5eGSbV6VIIS0D6bfq40UYFg0rXo4acIIkdsAGtPQ1s6t1 Ju385-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/avtq7_bHwt6UIKXeRt BApMaTn_jXv0jgbi gVh1UWkb3vCcyDOJmF3QPsd9CKs3jxUdlyQKVfqVy_zKgteIzjWOPicSopQhSGMqKVAEb0L2azHruPWQ9w26usOzBLCaYz1RRtmcggtI dqsHPzMuTnKkpBtRhhBJOPVg8z IREr2OD_8sGD1duWlmOH9DFuO35xN42W-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/5CmFEnOZ34hHhsA2HcSFPyO34xctwqWvybshf3fblJgJhe6jKc6FKq7Oz8qv25dLsnDBtDxAKULgKP iZsB6ZxnNPQSKemTCF8mfpp0iR 4La2aj4M e6nNPf0nq0PY_yRRsCuw22sQhY5vJ68n8fOtGaTcXghxkLIFLE4MMgyVwDFypTdQ=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/sFgKG2N1oDzscJWSi81Gk6NlyOnTiK5LIyfEjYBAEIb4GbMk6biK4J78x01UXcQBaHyQmXETLO5XjK2Hw1FtJ2ynjuaa4ecFMVVPu wJxPSILwoZtLN 3pgv4yciT039TS1gmCQL5lE9rtP560RF 9083xUMBtl6vSQmWYDag0rBI8mkwDs=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/X8YBSJS1Ed DFMpfhzQcITMn2clcUt2MeyskuhRsfVmZyU2KjKAm6poHsvUDvoltg8GYIpRxtzUMVVunhR6ATSWMEQF6TkqCy81snBvcRgNjBbPAaR6EAs FeUQHGp3zV7JJJHziqZZUjoJxiSjlOusZLdmv0NV7250I6N5LZgvhQRkFpGk9wmEJFvGCl1vC8V3oY_w4-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/sYeJI2ohuws6ZjujKXufAEkDpF7q6FtTzGxCDslLbkwzVjexrck3 yaNqLJnsi7T0Lpr6xH_9vR7GoQU6m1grEs UPHkJ_qpAJSl0bWmTn14mTarQUwYMZXU_erxIHpRygLHRWn8fo1eKBK35OCt0T610PEh1r2cuxYz8joNtlUiUkRNsM bhFIx92ZIZJAUZyfl1Pwy-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/4I5QENpO kfT872KdG6oIaa6H7eoZLGKM5OJEYflrXZt1AiZZ9sNe8xp9IXV7CkUj7pSXxZholL1oIXFRNHpexHuTtzBnR6P DWqL4Ckp79z4o2pJwD_ BEskxEShWMyxngHQP5wQVlP9saMJPsKU3FOE3dzbedvBRBnXNBtgY tULwn79SAdDnEuzavPZ5RK7mmsGcj-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/Kh4k6iFaUUEQgnJhfDcI1JkoH8Yv8msaDWRwoEwCubV8xTXL_lUw8 o7dF1z51FKtcl7trBixstnWDpk9CHpZikuhi6UkH7vZUpmCQuwsuC91R8NydVQ2OzUgi e3K4AKmSnH0qWi8s9IhaZamA7nCiNForBOkE7 lzsPJUFT0nFJs_4q2g9iK5MbfJO4hVVKJXwnKgY-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/wddq58WLmpLJ1PQYMvLGAJeXR3jQLAT2qSuAoTOd9aQ YICF7_ 9Au8qtS3gbMNXXKoRdeK7Ap9iKs0kcsTBz7Eatjrc8VQmqtlfs8vUPRIK69TEkanDehHQitwGun61gD8r5BcybUd4glB7TmtI ygEszbsVeyLf_qw7mGyqBQRKP80Bz8X3X2GluXI8vujzDIQw7Qz-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/mreHcn0DgeszjohjBm8i6 YiFpmGEPF0qGrX5dVgTqGR2_WaD4Uk6OE7bC21VrAvnTge0SXJQLtYRpjc7eFjgaZm0sZScUACZXvpb2nx NdMRIWhLL88FBAol8An1J sk7KN8 F_90Nco hQSXNsuXIsIqcdlrYhZJNDi3WLePeacArjs57K47GHSg ms4yRFFdMZfX-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/_zQuulDrZFcuD8tb6V0_8T8E454x6fs4UOP0EOmQkQ1lQ0ZeoChdwGi0MsiNbsZFiUHKNbt2Roq1swqFKKoFAuq95nqubV1x4YU5QF3O Zzjq8S__Q5w2gHKFVxXWL91oEuR NUu8FxOdA7wtc0Zwdb84SfGiu1EIdTwX0hXHTPWK2EMlFQ=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/9A4SRyvM3EH9oWNDWqOHVrz_CGo5z3WQ3_zrsi0W5JRHC_LESsSiPl2Do85qiZQitp7KwwUJNUjcTB4SMiT9BG3ZvbKKe3gCs5za17_D ey76raIatp6 6rOOnhcA7tsgb_Z37zcZRJVRkmgoNNxY7lSpZnktcd9LUrGCX5E_yG45uQ p09SwkuaFNnmCbTfoXIVLWxk-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

Remove vdownloader_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.