vdownloader_setup.exe

Teketi

Criteria Quality (Alpha Criteria Ltd.)

The application vdownloader_setup.exe, “Teketi Setup ” by Criteria Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.capitalsharetours.com and multiple other hosts.
Publisher:
Rigubohe   (signed by Criteria Quality (Alpha Criteria Ltd.))

Product:
Teketi

Description:
Teketi Setup

MD5:
9a388f7a7c7c4213473b4c1f7a4849fc

SHA-1:
53c9c30d93d25c85750ad569cbf1f0bb6f06f107

SHA-256:
328eb331554a56957eb843209f05df8af59480f67ef40c95e9e1d696726b836e

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/5/2024 2:26:17 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC.Installer (M)
16.6.28.8

File size:
1.2 MB (1,255,240 bytes)

Product version:
2.2.6

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\vdownloader_setup.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/31/2015 5:14:57 PM

Valid to:
8/3/2016 8:13:33 PM

Subject:
CN=Criteria Quality (Alpha Criteria Ltd.), O=Criteria Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216B914C61A8F4896BFAF26489B9954D2A

File PE Metadata
Compilation timestamp:
6/20/1992 4:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:+3vaqJad1oJAde+hWOmIY2YgVjIRwTh047iux+rsjO:+/PJaAJAPIBI4gqo0/q+rsj

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.2920

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file vdownloader_setup.exe has been seen being distributed by the following 50 URLs.

http://www.capitalsharetours.com/Cu4IaDkFffeD44l4Tz2aiFndVuOx _GLImGEGc377QV15 Z3Y20GwtrGwkeoVTsyh5AB5tFctNqist_3WO1bqKUBisQ7l9NrU3LIJtZ_MQV6dwxWDp9ziQDQDnq8lFCeYLfuEXeZuzO hFK76mbhEEYPFzbxmHuE_bTvwXZhZysaVDIpA20=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/akZQWYy2h8uDcuswXhrhHyrOKiRCVKWyxyunMcItZbA3NKIaVBwHV8X61GbMhZfRoaPKX3 cPguVnUjifzsQcn0zRcgXteVCKhw_uU1REsWOtcCGesAzYAWZq8PIj0hnm1iHbStk_IvDf1IyAb29dDQPU7GHlXmFWlPf tn8TZo_01jRWhs=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/5gMfijv8FkNQw8wSZEUeJ7GVdECCsOMvoxKuNcAjp oZTXrr7ZwUT FsL_u5QB6co0OqJM1EafjdhAnYDcldzmbGb2JQ0N8ixzseWgseEdMqk07e0cKQOOmkh8kzzkIqymh3tkdnYfIQo1wJfQgummpdU29ndpLrb9p8xubdBG7wPJsUgfVuJ8mABWSC9JDkh4JEU68K-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/6Ur9bAMjiMFs37OHVhoozfk8Dgu00ALc5Dv4udxuBYw5RqQyyDtGp7ceJ4Phb1dXiH7a6a1L K4XutIYT0XkWNI56As2A0k93GCxSOuVUQ_BgOJETAup BQzHLu2cjDTmnpBeCfYkQm9bTSBQahUJxPjxQWYnSnvubhffUjH3JTpkbLOGZE=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/K8Zj2j3mtJAjHhRjRe9c6Ctily1eC1u4UIa6uJppD8W_2ejkNuECgX7K5Dh3FLf8Nrom1Tp7P7wXJNm0V6BTaoFfD178SD DuJLwJYfyjmMxx65Z t3JxnFA4QoT1rl5WxGt_SxCNnd5yEQKxSybYzWIet5ensK81YaYFX jzzBht63Qv2Baz2kkKhMLdV65XPMVuX_r-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/Wr8rsGZDTUhmblXgyu_8kZy_LEdDP7d4ZJjnIcJy1xVGeTdhQj_vDhNDUscoLKe6VTGyzT_8TFp3jqwIvy5bt7fTVR8 bfC XdWmt4OhaH2aaSCHeg5ZyvkDxCRsRDJsqLvYEAziiD8a8N58VG4sTc3Sh_BBPkcbBjYZXUuWdSYdenSeZs_Sm9N2YwNd1zoE SknBrCD-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/xj_BVfFXYu7iXvnFKCP1eN3RHEnqFEX_DTz2mUs6dy_SkJo52W61Qwy1OMXvuWAHjCC1CBuu6CLM6076toDYqbmzhziX7Ik4jhvVmahiVRcHXqcPRe4KqgpSOmjh 1eF1iE065pzEC2me59SXy6ueFOyx6saSCrm24SCkDoKVkKbUJXUFlXx2vS34iRre81bYRyiCzL6-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/ue31Uxuh6k2hkTnjKX3dxgbQHpJW0y89wChH736pcbPoKQtx58HpdutexW RwblGJ_B5F308u7giXbyER52aqsREDMlKoQioOa3Ad7d9nRLYlCloMedm8Sp2jzftql1oPFlyQm0w2RFEflpbQ25uT5aKmWysqGeVGoHLKlz DgYU84B gRRA0sD6C1Fp7G4aE1RHIJ7R-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/hKrckyeS3AMedN8EUZCi4qd6Muy7fA4NWmoXhEfwk8OOdwQhckWThgkkDk2PHracZVLEYyRBN07MfpvptoYbyk0K3d7oOoesPdGelg ipi5qSLrTeYpXvviD AbcdJyIj_CK4jIAyiWNpCjbn9CvQ7ro4qC ZYOZhdOwPFe3xb9bo4zZB2Q=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/fG_2QKrnZ_LKpObgm 1_8g3phyKtnzhOylVqiQArOf9KegMhQav6zc An4hvkGhlaqazYBaL8wSGTgPpOLhS3eEGRU8jB2LnMlLRpw1wLEEwL1iPLSmLxOh8TeVtJ0 Y kq028JgYwT0V5TSf2Agekwa538H5Y02MNBAZyIRt0q KE862is=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/6sGNhDkQ_S6vKCPGLjSNiiDThqIMJ2w9Xglr4kG7QL726FzfwC71tcErAvD TZNARwTNmELiGBG6IZG99m RwzIMHuf5q5drwS4PZWbSWZc2hAk5SbuDFQlk248PH0iUxOUh2jzWhgYqNpi8o58WAGi5nXJkryB2M6gkO Hqgow OBWG94I=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/YASb6QlOSajR0enVJwr rVA FVnfvm9_MgiY56Xy0EmeZ 89c9tTPuVM0lsjlaf2yqRZKdkFxAybFXcXRp2csDaz7NpfqO2NxYKl8Y0DFgumi4ba0mDv_utcoCDxjCe1QqeSvj4C0H0JnQGkp2Aj5_Cz14uBxEzViefb6lt3elWhLq2okV0jdnxl6xELm2ny6CVrozdt-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/lD8bJHTTQ4IH0nyS1 NLSpGAxcMucYzc7MdcI2 Z fp5Z4u5MGRdO3HlRlwoEyKli93cf0mu74 V809h_9wVdoaISggNnAw_ENlicny9eJcViRWNw NpkuiIMXdjVbl xT3XDZyQFTcC3 A8Q34mumjicfTiVib0WH sb lehC RkwJNqXRSNZ1LnKHJX fgonfMA5Tt-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/6IOJ DVx59qYuS7r6naS6RqbDzmi1adIaseXfKVYaOWdC6f7O4u3FHJ1aXhSvGexvbtZ8bh0fhJBL967hiSMTRYR2 d6pO17aLxT2dls6xVkjTTHXvLb mJvojNZZgpmsKnakrEicZA _CGy5iwjJDi1XmiSZUMkiH4kwuSNm0iozkJdnGE=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

Latest 30 of 66 download URLs

Remove vdownloader_setup.exe - Powered by Reason Core Security