home

vdownloader_setup.exe

Faranogin

Criteria Quality (Alpha Criteria Ltd.)

The application vdownloader_setup.exe, “Faranogin Setup ” by Criteria Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.capitalsharetours.com and multiple other hosts.
Publisher:
Criteria Quality (Alpha Criteria Ltd.)  (signed and verified)

Product:
Faranogin

Description:
Faranogin Setup

MD5:
015ecbcdaadfdda6e1042b7f241536e8

SHA-1:
5701798c4aa3d273400b4d5204364f4ce7bc7898

SHA-256:
56de5447442c408049c5e7791f0636f3e2729dd9255d078ec6ed34b941c0c247

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/24/2024 2:13:10 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC.Installer (M)
16.6.28.8

File size:
1.3 MB (1,357,816 bytes)

Product version:
4.6

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\vdownloader_setup.exe

Digital Signature
Signed by:
Criteria Quality (Alpha Criteria Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
12/31/2015 5:14:57 PM

Valid to:
8/3/2016 8:13:33 PM

Subject:
CN=Criteria Quality (Alpha Criteria Ltd.), O=Criteria Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216B914C61A8F4896BFAF26489B9954D2A

File PE Metadata
Compilation timestamp:
6/20/1992 4:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:qhlrohTyWYNo9MTpxTAjV1ImgWYX7x9kD7PwL9RoMUYQy/:qrMFVolAjImMXTw7PA9937/

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.3506

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file vdownloader_setup.exe has been seen being distributed by the following 50 URLs.

http://www.capitalsharetours.com/8TQWsbvIgw3hh8 CACcL5zpiX7YzP_hO6Hgjk0AjiURfzYccgATDRtbTR2eC0UCv_PR3CfgCYP nehje3VNsN1OaGftDuxEnljLZ8Vd8Mr698eVjMNLssfJrhu5VFTV9nyEhfJNWE3GHRQMvt05TZ9Hblow5J 5djUpGQIFoSyBekKwiQxf9cocmAqkGzL5iUM4kZlf3-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/mS2L4Aa ZJUSKRRGFWezZj7hk0NB4rqCzSdgPLtvajUzMtANCunoIOIdXw7aaQJxktR9 2glo0VdzEfiLm0lkXKQpa ICSbU7FZNQBXdHr2FlLbW2LgdAt7Ypx8HyHpiwbjBU7L35Nn13LogATpL1iJlqGpY3xr9n20rExEysucTpwffDcKWpGYnOmpz9hLMsP6pgXp6-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/pmg3lIHKgt3O3KILXQBI1_qVvcLOZhPOfVyVoFekI8y1SjgQfPqy01pF9mXxtbssiqKOTyXf9oQ50NwBxnC46vko9Msk3LNTHlDeVDU9dYLKSWAFXiBM FNIl1KabnCsB2DRN5nC2tiXzUa8PxVaNC2HxsV6VynLs1CdobXJiAsbAIdCRtCcV SDhTz ieFGhyrf_H6-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/Cu4IaDkFffeD44l4Tz2aiFndVuOx _GLImGEGc377QV15 Z3Y20GwtrGwkeoVTsyh5AB5tFctNqist_3WO1bqKUBisQ7l9NrU3LIJtZ_MQV6dwxWDp9ziQDQDnq8lFCeYLfuEXeZuzO hFK76mbhEEYPFzbxmHuE_bTvwXZhZysaVDIpA20=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/Net8Lvg06lXHFWXa3U4S1Zk3fUSyyMD7ZwhHjvHStMDGLomU909kl7p69LGRHJ7dJDQyncP_6qsam xITiOa74h6Imq6P2_pEZU_ 7sVnUBwEFKeb69neJnVDiMWJi5kDKsCTAB8Gwzn8hBPz H eWj67Y9ZuhI_pUgwdHHF2m13HG7kIQ0=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/9J926A4RRi4i7UZ9gDQTu12_ktWKjsfSObQk9UlSe70EhE6CBCqOz_jK7kddrFhzQwIICsyz85gEfv7qAvRF8qkLznGc7mU_vWSsR19BvFh3sIUi7G6ZZw5o2hfg8EJEJIsR5TXYurDmAjgjI98jHU0u0neTEu4fNkhuR0AOzz2I3UrshpSYnCrg Lwhs7M6tOYlrpUW-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/hKrckyeS3AMedN8EUZCi4qd6Muy7fA4NWmoXhEfwk8OOdwQhckWThgkkDk2PHracZVLEYyRBN07MfpvptoYbyk0K3d7oOoesPdGelg ipi5qSLrTeYpXvviD AbcdJyIj_CK4jIAyiWNpCjbn9CvQ7ro4qC ZYOZhdOwPFe3xb9bo4zZB2Q=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/6sGNhDkQ_S6vKCPGLjSNiiDThqIMJ2w9Xglr4kG7QL726FzfwC71tcErAvD TZNARwTNmELiGBG6IZG99m RwzIMHuf5q5drwS4PZWbSWZc2hAk5SbuDFQlk248PH0iUxOUh2jzWhgYqNpi8o58WAGi5nXJkryB2M6gkO Hqgow OBWG94I=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/Rry3dvJPKU7NUUJoZ0shVl666_TSxiqDVOXgvRroifWhXLw4flMfrqX55Dx83e34VZ7V79YyeqFEZFfD8WPrYgp Hqd1RMr2W XVvdGWBvO7IOOXNRW 9h2vv7M9OJyXHHRTQMv1cdZk2eMaiagJouHfeYyM7uvSUX6rWchl26WU6HW0ZG6y7lWzb MOCSwJ5kRBAU4d-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/y2vflHIfcKFV0pFhI_82UZiYE_OomHNBJOiNoyDE_Wu1aWtludbatQndA2rBLnff72lZcN3xu_IS5y4dtI0r7bMAIiMsi7rvEb62P8JVJMn_UqSJxDYm46p54FkGDOqx2tyNis84AXzvIUWAWg0A1HOHtoev9bS4yYqA7dCd7DNQB8YWl33lGtqur2SMDFTKtk_lxha7-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/SuLw6ef3gFMCVr6bjQQVh B0z3RoI80cz9wGz0vBOSbcdVWdSD2oYuYzFE9G50Fn0LkFCoxcXNdzo c1CZnXqnOWTUhXURgVlaoEfJWC6LwbzXGQEnWBunvKTre8uqrToGTIREkHTtCobfzaAzS FbwFo6om3gaYplEwjBuk87ihyC60YkE=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/W3oX6Mlgx7eYJLI_mYAz_p2bC7KGVg9KUldzDxW1aWd0yS7EdU08Y022CO5TFGSgSNwbLEn7X0muTNADSqTL9e4ytf1kU9b25bGO n3TcTlDZllOrcW5_HPwU1y9PCHoTJY7m5vc5DXGdrNXMJCJPQks8zvOuId2O7nZ0HoldWdvIjdIw70=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/AOSvuEGqhiC Nds5HZiTfrjEQM_ftCe1AOy3gVdjaQkwO8701NqmYu91RPtASX8QwNt3IT xf2Zz6QsDGpsgaWdSDuHH6yfOtoE4EJRArOKzHOoV_LkbHEjNYbNYNFPqZ5Du_76InhyikjbppAiuoJ4S572ZXlHEPlniu187NG2cVYJEClKjdRWVWOirWmIJOvlA8uxt-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/X9hTcUXtofTl5QTXs8sdsXaZMkorPyf3MLLrCDSXpTZLPPAm9_y_IK1bRLwpJcMz3Zf3_JjUkxO33hPEJMA6XXEt_mgeyvS VlYYnTDam82FWzjODKzThXPffnEJuaytDbxirneGqyOTQE4ZY3_38HecUcMPGq_ORxKB9SjTZiFpA4IljHE=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/2O5apIOpu8NqYZz HlzlidbuZP51ikfANW0LoavwzwOQ2nzQxYn_b13EBC23Bpxo5OE8NDa1jnSTYJ_M1BYiAPYiCVofRlEFciF0GqJdFr68PMTlek8muklhE40SfxrzPATZpuU9fewc12vk9 96TUPzdgPTVeAiqanGVLhiYvHbyvT MmVcqs779Ssimx9qFCLTQWcv-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/RMHmjoWUIsHtJLafOrgyvCUH_Z6YgCf59Os9RcEefCHsdlBMemHSF4ne7VqCH4q_flxoTYW_d3QD2CnJwVmgzwptdiOZ8o7bK56h 8Rr6aoDA1S6WyCJMG9L1a 97zJQrKQJYjRKmcHzEgjIpjmVhfTkq30uFiXuXb4x_xznsl3WQa8OtiaSYx0 IApeq59sIKHVIfqH-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/qGqR jFiA8DmIkUW7uBb5r Q7cTpq4eEfFrkvlQcuuZUenfGdaqfMwAw_VwbzI22bCXaDkdgHBf_MMNorgKr4M2ZAwapRw9 FKOBqGip7BYdb9KrSm_N IP2odiZLzTAN2KfhWyP8Hm19Wd16QSqQeoC462dsUS_TPOln6HwGU8Jge2t2IGfe6X4CeXph0RWcCckyAf-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/1TW0q9bZdOGcg63ozXZe3xZVmQdmFobLgVfuswjVxqnz7qUhhBizaeXMNBDfrXXrhiQ _ndaoHeCArOreBFNmedtTCRRzpfP9BrE3oSZj9CU0S0S8KMoTsuXs8Qx34bW5iOWwJr2wOTRuT84WVq5TzGZjEJA4Dts 1YCIsxjH2essUu1_CGiruk4ztm6ZGduooxUkbIs-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/IXXXVIE6ZJNKzU8LiY4GGOYmHhGD9gxy_ZND0wPQqbOuy8YgIqL8IwlX tpH6fke78fXVvO56zTtfjb7FXXYRFy bOh0k93i5exZefEp JKwnEks8EfZWYw1tB6y9Ya7k_5XohVjsofOxJk5_QL9WPzzitRX4 JAR8obLV0Az9xS_Rrg77g=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/JyJZYumWtqPKSli6grIsELA6h06BkhUmG2fLOBuhti13_WhYwxxvetByv2zlANeoEVCLO0S dqNOBxyhz5Tx8Wichz3TKWnJFQrlgTQ8lJIdn7VPpIYFGQP 4ZqVffJJI35eqX9cCeYnOuDG3XL uB C2bK7JD5J9_IG05I7TjLKootHMng=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/hfha1P9L8z5YOw1sXpmFYp8SZpOIRhiatsYi63F8bUAihuJyZe04AVDWtrsM1W lb5kon 3U276SmgSQcL1HyAsQ w4A873sL_h 4hhb_TivDBua4B6NuYvf_CT1w_Bdi_ZoIuFdn5naWXjfQHGtjKBJ6X0bdxal7aOCyJS pPUVG1CHvZ86gN5Cx94JYQxQRPm1bIuh-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/IIcB36VC8daB_0GwPfE9hHZV516vbaIMAcDcTJ0h0PR6hVJEHXw8GPcui0t5juvLfbR6QftuNw14opk0Z1RQCTAGrcGDcWCHSbYlCb2GCf0_jXpVD Fk8tCCR5wJ8vHsu5nGK52Tjg0kZFMEoL29mwwtYp_PF7MEI_DZyV5JNledRjOk8yvnz 3Xq42KoGIGMaLirALE-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/olt3jGFRfnQhFPNSf_ KBR_m5hfZ6wRfp9Cy8cD639S 5MUIlNVI0CiGh_x7MHS Oebt5JwdkJGmbs4le0UqnDFCzqSQgmk9Bz g4LQU FGEg9KnPfyTeRc6MhYDWc3unAB3V1Mb41Rq2wM3IEabCAfIzMWDCKrm H iNrAAMRgGylORDI=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.vaultbytehead.com/JLPfzMJYCBDJFBEYzEP4nt7g0jFWsRjGx9Jl9zhON6gheVcuO4Wy1P0htKyIpc S GTh9GHb9YnPmKhsbJh_E47egoOTgYaQewEIkLjTtQO_P7UwfvZ6OZPEd_0nirHnlzaVtQMGx66EDBQMUYmYMqSnkD6Xj89H1EcZ3ud3cfKTgVciFjEn7LXmRgqxX1cNRGgtBM o-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

https://doc-14-5k-docs.googleusercontent.com/docs/securesc/kmu1viujt977qoo77jtttvmijjv0jsc0/m0ps3n84e8rcq6gh73dqtr2skt1p6vsq/1467446400000/.../01798898537789938540/0B10pPuGGO2i0UmMwaHFJSy1PYW8?e=download

http://www.capitalsharetours.com/187WowT4is9qHymKL3Je0Xv26 9_PBlD2XkwpmeDRd4kXWQm4w7UzXvxsIAANHcZF7RlDvnv1GXMKFbGSGvXeCTFyCu7v3QCr1LRIEaIhndb koJrTl90gvRHiOIldEaNx1sIFdit4VPzA1SI4aZcKqtkySgYeOAJTrGtQZ1y0J9OAKnLhT2KtZHH1ElV_X876GkggBz-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/KTcLI9yiDHvqYgPFrszq6lo gClosjYh7Miv2qSkobsu0KPHD7rhmMLvl06A2g8N2Y7c0w7h6nSKwLcMuZK_9NW3vBL2haYjTWyXG90r_hvGMnbGAcpIfr92n35IrBDYU4wJcJFeVbDb5sWHsSJvbTGTEin8Q2YXb9keGm8Aj23uPG9yFJw=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/fi5NH5 MwcuXOmeJqRJP1DqtGqfLDrdbLLp7xD7ZHvIlP9JISy1MxLX5emAMWc3lZP9jm4dKwZ0a8y0ZvcUYj751x1knaKHS785i7H1Ixf5UNQA7wnDAiZlOnRXIjGpqNzmS_JhRxI125mGGO2_xc1Oxu5LSj2gsCv3qSK92Ni1KgqA9ukePZWgr6 ZGVtv7CtzPevJV-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/ShqCl87KjIcjY6IYalQyUjP_BDn5u8BGwsO5k6amUOQpybuDXQBLlbw8wh0bml1oj i5OBQgow5ayq_w8j_T81GxMqlq Jd4OMYvM4py9bs DE30J55GFYOIjmRHv3rzLqnoUXt3fcJGbLNc0Dkv5OiKngnSDATG04QrfItyS6F7ttxYWVJ er4IqOCYaNh_KkmO l3-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/MwR5Fac1CwPftfUKLIkMbXf1dVEXS5r3ZizD2v4kTdCJ99WTdkxGG4F q58C0ja owP_Jcs0DeadJEdd0uokmADlqQ h802iWZ89__OqGaScRKwDKD3J8ElT7lcXQCpPLAI5GvROOuhA4mWiD2AtI7XxY7JeLXpPrUPnBssDECwt2nNBEvg=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

Latest 30 of 61 download URLs

Remove vdownloader_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.