home

vdownloader_setup.exe

Teketi

Criteria Quality (Alpha Criteria Ltd.)

The application vdownloader_setup.exe, “Teketi Setup ” by Criteria Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.capitalsharetours.com and multiple other hosts.
Publisher:
Rigubohe   (signed by Criteria Quality (Alpha Criteria Ltd.))

Product:
Teketi

Description:
Teketi Setup

MD5:
9a388f7a7c7c4213473b4c1f7a4849fc

SHA-1:
53c9c30d93d25c85750ad569cbf1f0bb6f06f107

SHA-256:
328eb331554a56957eb843209f05df8af59480f67ef40c95e9e1d696726b836e

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/5/2024 2:26:17 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC.Installer (M)
16.6.28.8

File size:
1.2 MB (1,255,240 bytes)

Product version:
2.2.6

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\vdownloader_setup.exe

Digital Signature
Signed by:
Criteria Quality (Alpha Criteria Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
12/31/2015 5:14:57 PM

Valid to:
8/3/2016 8:13:33 PM

Subject:
CN=Criteria Quality (Alpha Criteria Ltd.), O=Criteria Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216B914C61A8F4896BFAF26489B9954D2A

File PE Metadata
Compilation timestamp:
6/20/1992 4:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:+3vaqJad1oJAde+hWOmIY2YgVjIRwTh047iux+rsjO:+/PJaAJAPIBI4gqo0/q+rsj

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.2920

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file vdownloader_setup.exe has been seen being distributed by the following 50 URLs.

http://www.capitalsharetours.com/Cu4IaDkFffeD44l4Tz2aiFndVuOx _GLImGEGc377QV15 Z3Y20GwtrGwkeoVTsyh5AB5tFctNqist_3WO1bqKUBisQ7l9NrU3LIJtZ_MQV6dwxWDp9ziQDQDnq8lFCeYLfuEXeZuzO hFK76mbhEEYPFzbxmHuE_bTvwXZhZysaVDIpA20=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/akZQWYy2h8uDcuswXhrhHyrOKiRCVKWyxyunMcItZbA3NKIaVBwHV8X61GbMhZfRoaPKX3 cPguVnUjifzsQcn0zRcgXteVCKhw_uU1REsWOtcCGesAzYAWZq8PIj0hnm1iHbStk_IvDf1IyAb29dDQPU7GHlXmFWlPf tn8TZo_01jRWhs=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/5gMfijv8FkNQw8wSZEUeJ7GVdECCsOMvoxKuNcAjp oZTXrr7ZwUT FsL_u5QB6co0OqJM1EafjdhAnYDcldzmbGb2JQ0N8ixzseWgseEdMqk07e0cKQOOmkh8kzzkIqymh3tkdnYfIQo1wJfQgummpdU29ndpLrb9p8xubdBG7wPJsUgfVuJ8mABWSC9JDkh4JEU68K-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/6Ur9bAMjiMFs37OHVhoozfk8Dgu00ALc5Dv4udxuBYw5RqQyyDtGp7ceJ4Phb1dXiH7a6a1L K4XutIYT0XkWNI56As2A0k93GCxSOuVUQ_BgOJETAup BQzHLu2cjDTmnpBeCfYkQm9bTSBQahUJxPjxQWYnSnvubhffUjH3JTpkbLOGZE=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/K8Zj2j3mtJAjHhRjRe9c6Ctily1eC1u4UIa6uJppD8W_2ejkNuECgX7K5Dh3FLf8Nrom1Tp7P7wXJNm0V6BTaoFfD178SD DuJLwJYfyjmMxx65Z t3JxnFA4QoT1rl5WxGt_SxCNnd5yEQKxSybYzWIet5ensK81YaYFX jzzBht63Qv2Baz2kkKhMLdV65XPMVuX_r-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/Wr8rsGZDTUhmblXgyu_8kZy_LEdDP7d4ZJjnIcJy1xVGeTdhQj_vDhNDUscoLKe6VTGyzT_8TFp3jqwIvy5bt7fTVR8 bfC XdWmt4OhaH2aaSCHeg5ZyvkDxCRsRDJsqLvYEAziiD8a8N58VG4sTc3Sh_BBPkcbBjYZXUuWdSYdenSeZs_Sm9N2YwNd1zoE SknBrCD-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/xj_BVfFXYu7iXvnFKCP1eN3RHEnqFEX_DTz2mUs6dy_SkJo52W61Qwy1OMXvuWAHjCC1CBuu6CLM6076toDYqbmzhziX7Ik4jhvVmahiVRcHXqcPRe4KqgpSOmjh 1eF1iE065pzEC2me59SXy6ueFOyx6saSCrm24SCkDoKVkKbUJXUFlXx2vS34iRre81bYRyiCzL6-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/ue31Uxuh6k2hkTnjKX3dxgbQHpJW0y89wChH736pcbPoKQtx58HpdutexW RwblGJ_B5F308u7giXbyER52aqsREDMlKoQioOa3Ad7d9nRLYlCloMedm8Sp2jzftql1oPFlyQm0w2RFEflpbQ25uT5aKmWysqGeVGoHLKlz DgYU84B gRRA0sD6C1Fp7G4aE1RHIJ7R-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/hKrckyeS3AMedN8EUZCi4qd6Muy7fA4NWmoXhEfwk8OOdwQhckWThgkkDk2PHracZVLEYyRBN07MfpvptoYbyk0K3d7oOoesPdGelg ipi5qSLrTeYpXvviD AbcdJyIj_CK4jIAyiWNpCjbn9CvQ7ro4qC ZYOZhdOwPFe3xb9bo4zZB2Q=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/fG_2QKrnZ_LKpObgm 1_8g3phyKtnzhOylVqiQArOf9KegMhQav6zc An4hvkGhlaqazYBaL8wSGTgPpOLhS3eEGRU8jB2LnMlLRpw1wLEEwL1iPLSmLxOh8TeVtJ0 Y kq028JgYwT0V5TSf2Agekwa538H5Y02MNBAZyIRt0q KE862is=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/6sGNhDkQ_S6vKCPGLjSNiiDThqIMJ2w9Xglr4kG7QL726FzfwC71tcErAvD TZNARwTNmELiGBG6IZG99m RwzIMHuf5q5drwS4PZWbSWZc2hAk5SbuDFQlk248PH0iUxOUh2jzWhgYqNpi8o58WAGi5nXJkryB2M6gkO Hqgow OBWG94I=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/YASb6QlOSajR0enVJwr rVA FVnfvm9_MgiY56Xy0EmeZ 89c9tTPuVM0lsjlaf2yqRZKdkFxAybFXcXRp2csDaz7NpfqO2NxYKl8Y0DFgumi4ba0mDv_utcoCDxjCe1QqeSvj4C0H0JnQGkp2Aj5_Cz14uBxEzViefb6lt3elWhLq2okV0jdnxl6xELm2ny6CVrozdt-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/lD8bJHTTQ4IH0nyS1 NLSpGAxcMucYzc7MdcI2 Z fp5Z4u5MGRdO3HlRlwoEyKli93cf0mu74 V809h_9wVdoaISggNnAw_ENlicny9eJcViRWNw NpkuiIMXdjVbl xT3XDZyQFTcC3 A8Q34mumjicfTiVib0WH sb lehC RkwJNqXRSNZ1LnKHJX fgonfMA5Tt-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/6IOJ DVx59qYuS7r6naS6RqbDzmi1adIaseXfKVYaOWdC6f7O4u3FHJ1aXhSvGexvbtZ8bh0fhJBL967hiSMTRYR2 d6pO17aLxT2dls6xVkjTTHXvLb mJvojNZZgpmsKnakrEicZA _CGy5iwjJDi1XmiSZUMkiH4kwuSNm0iozkJdnGE=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/hn2xA4r8psAue f1qqPeXIE_IMh9pJm48SrE4aFRYBpvOItOjVuvSUrOEvk ArNdLNcrnrlJUYlORb7Qov81YOoP7kVN9raOr_ZUWN3Sol 3JEO Z2RtaGH2zToYYNSaapbsiZ4B4MpneakxvjoZCQVcalkHrsEbBbEWVx96lGQptSLC80G1MIRBmtG0zgk nuTcWgP-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/QJPHWuoDu3k5VgyoWv4JB6eZp5HfTdHqB5I8FzQwGe2e4Nd3ac2YSeteHpWnPQZALcm s4N_BUD0qBejP_n3mFvLe_0HvqWYIlvq9Jt9t4zMcwxJ1LcZVuHpX1xqCNHV7qIEr6_vjR3NI83MsQSii6NVVnEc42Yu_PftIMsZWBa0h WqvE2aK3aIEpgkJaLbM3K8KJP-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/tQBK_vonIIrQCqhi_pzthOw4vipYINuhpa635FRtaXnsji1YK_4OfASDPS0gHEjBNuuM5Sgu Rq9DE6sQXUwzbDkAjIL3oc93gfvuGOG9Gx8Vlw2mdtuaBoDjqD96dehnVKQzryrM7007mU2xdN6Mik6lqLqdTmDyRoK738A_6nyNLL lMVskqxromyETfuT7xlpNZ-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/yTAN44Wz60s_xif eRH_77sRvLWM aClvbdCxMCTYQQenGUTL_glLFy2YjPufqxYYvG3YeXrE5yMam7u2KHGqZ6CRBdLrgrX0QDJT01FUXXpE T8T6HIx1JZLhiUvFQ eGmFAucgJ4Yc8ZOed9qr334xQ59irwEndb1jJ VTciSgpsRnVuU=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/W3oX6Mlgx7eYJLI_mYAz_p2bC7KGVg9KUldzDxW1aWd0yS7EdU08Y022CO5TFGSgSNwbLEn7X0muTNADSqTL9e4ytf1kU9b25bGO n3TcTlDZllOrcW5_HPwU1y9PCHoTJY7m5vc5DXGdrNXMJCJPQks8zvOuId2O7nZ0HoldWdvIjdIw70=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/sMNYZgR44tNsUYi2ks1eDga5A 8VGfrCV3WubSYcWy4kwf6 vHGVS0TvRzDSeZY9xCdCIHiXvnVYXi8ck3sZYUnbzw_VFn0I62oNmBr6Q7LNlD7u04kIS6f1sHMrPHqbfxApoCqRSl26jguDTofzih7dEWHJtAC4_LzGjOjxhe64yV4oqr8hhY7LEvugwqqGbhz9FwID-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/qX2 8Eaj6hA1t WGyu94PHLGsOg3okaVGc2eHGdQf0mw L_bEzpHsXdNJnhHgKLSpGdcMFmDPSuis3Ghd3CF7OAXkAANX3ikQ2R_7YoSWPmu9lqAKoP5i1rnnIAEhVME3cTxzAgG_C5F8L1Nq7qdLyifGpa9cZYqL1sIDwMrYzkh8046x05HTxe0 4jKXlJXKdkuxnp2-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/QQ05pNFZhk16WHKb0NOi0nWkyBoqX_UdCzzNWv0fp_FyNBzfqfoHAH9q_Whjq_xdstPOSMDuFj_175zKWALD9kCvKv3dtTmo ePQoUa4ZjcwCepg8p8R6SKKIYTjxav2FnN0OaJvYsM2HPspU4uKR3bYDWWrxP7XqsU vmLXUOC5gAVKHofTo9X8XB0D9BmzJ6x4ApZ7-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/_fi01lkFdYI0Lgas8pdQeEHiIUikaSIxwV5IDSVap1EPid6Gnoe wzVTz5Wxf67CXzXTfby8RqgcHoTElgdgHq3wYZtjF l78zUuWMJwrcTO5sI0b IBAiwl8xLraGKpddJrQEMGHKSjZLu08mRcLcBGH93 Na40T6qD qsyo2Ys3BAeHo6XRPNeJObe_zxYaUUoD7D9-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/YyMj3tQ1jv1oW1qXHbgvbNOQ9EbZt9GOqJF3juyHoYhRC3X19QJ46PE1rh pwvhFR16TVitu1il1guuqd1pc7Gezg5gwNc EuUILTCi2RyZ SrDHelHhNglFsc88PlyTSu37 39CfiJR5sUr4qGO1PoF8ybdmFWehJvQOK6bPM8PMVlOsgE=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/kji1eRHFsfWpnCTsw7C1QM5_ J2K5BCK1OHRvTpBBDQmtqJJdvGEV0oyVBvAr98xpuuOEnIaKSfFNi71_dX5bh_aPCafHjnuSePre Hv3GUCecsWC l LlGobHKHRSehdP2KsRwgsWdAwUPxA_iz KnclS2dqZLE79vMeWMNlCv09y1SRjH 5GO_dauXzyQGpw0a4WJz-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/557NeNQOENiglpTfoZV6FSUiGKU0J sYZTm94zh0hpIi3DS6o14HCSFEfHNxzpvnflA8NDPUSmFHNqXWIVRUJmRBXkt4ZJfjrIqL4fFfQ1LFdX4IHulnPRTi6bVVCOEfOhgs5alv0WYHMvM_lP8qXYGcTrLvaykM_puBHmypP psayfKVDwadZM5VyhQ7OqGaFHYnvqs-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/QpUCejTUDwz1dd_swhefcbXbT749ecbZgzswNSwIshgIUz2rSf4AMgYsDYgEjfVy7S1Mb9Ga_IWwyUw9IyFaJdopXQwHujxoK2I1qvBqlmcFKNS148vc9gHMH6vxZUZftX3U5l3siya_qFbsj1Ny8TUBgl0MFDfzwPvSF2g4j1Vz4RK6e10=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/S7FUBNODlANn4MrdveKbdjymgTF 90sunqyfnDQUXR9SI2MwjBud5MfA1NKUs206wbLYgj_8a2lIXXFYSafoeWqdCGo3lFh3LVd_zEsBPDNUqJwGvSIAlKnI6EUg16NV1cAjCHkcZV9fVSo4netMR8vz_f8fhQImf3H4UiEW0ILnXMy7sPIFc5HSI5tR0bOK_xJ5W3Qf-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/5ZFXFBwjFO0tS 47wV_CJKFMBpX8bZNrfhgMbXMfEySHXb9xCSqxCdIGYtYbe6myWF_RDSxzkkPFfDnpV4r4QV6Qq1fqubi2va zyc6DNUvbC34R8aeCh DOy6duovxParizWeh3QSZNoCSMdhzeW7IlVfLLAazGaaka aYjmaP_9FCleRY3okaVyigQQmvaVCRqXLkp-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/l5rzPk0HoJT3sDM2RL3GYGWwJUYegidT4aNxiB0KXBLsZ9bxy beH8P1p37qoqgL30K8RZjWb16hYB0dUdjM23tGqQIn7Kxi3xwfcT1KDvIXlXSmjUtnLAFTgDhubk3EENcUlTdLw nWsdUSai_i972X1T04Y8QUGsld3ItCacSnMck6Gn8=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

Latest 30 of 66 download URLs

Remove vdownloader_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.