vdownloader_setup.exe

Cubag

Vitzo LLC

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from www.hostingcentraltour.com and multiple other hosts.
Publisher:
Vitzo LLC  (signed and verified)

Product:
Cubag

Description:
Cubag Setup

Version:
2.5.2.3

MD5:
c36637a2309fcbc425f0968b6bfe7815

SHA-1:
5a277b91a1abab714ca904f6c7e8eb55d98f09c4

SHA-256:
2d96dbb535ad5770f187ea1b694a94e0f1d6a409059e7e3dec2dbcc5adb67c87

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 10:15:04 PM UTC  (today)

File size:
1.7 MB (1,807,680 bytes)

Product version:
4.6

Copyright:
Web

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\vdownloader_setup.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
8/1/2016 9:00:00 PM

Valid to:
8/2/2017 8:59:59 PM

Subject:
CN=Vitzo LLC, OU=IT, O=Vitzo LLC, L=Lewes, S=Delaware, C=US

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
32D6E37D056B4D0735DBCC390A48AA1F

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:xWiWNWErnA3gIXLcI72WgKP1qtS8pSFF+qUyvq2TdbIC:wictrA31QIa15S2gRdbIC

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file vdownloader_setup.exe has been seen being distributed by the following 12 URLs.

http://www.hostingcentraltour.com/0_C8G0HuFnuVnTR6jPMHoDNL4DBUjnPHDpyLXiRjnqRzYYeJryv16pbndXmlwrQPi7wkoqdcT5Ntpz m1UrVJ9hsQoTT4uvtmjB9k MKkQtXunHrvy2ONq0uoWcVNmUXYo3HnAYV8GS9iefmfRIIGi9RZvsS0A==-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.hostingcentraltour.com/j4YGmDWY8UDPQG6ckp5qLNYBBV429MXhGO6swStfwMqxGU_dqbzH9pT8xgauvwLNXg0okdPpkX9IQnfXsIpa8vwyrzK9YYoh2SIi3iAmkzvQ 5MuYcAP37 Xjr2f8dVmPtdKpcF2ynR8v aFfZTbjH7Eckn1zQ==-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.hostingcentraltour.com/hQIxr1PkubX9FaoHxUonaYKhE4jABd9m2LmwmMxsBWMMfVox2gfBGEE0gi_iq1QWQyGxGoIqKMww5e_z9e1yVOEEI3h2Suipmbrx6I6R5P0BXJ4MYVTxfb6K6z3SpiiQu7hHOJhjGST _pafTVBeh898i2WE7w==-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.hostingcentraltour.com/TbjZLUUQQVbepPsJRs22sl49emq8pARB4Xz_FIFCTabY7yBukeWdKgsOjxcn8RKNUiekqIkIK9GXdUj9yIw92sq0yK9Wrfhzq2ZISaT_LyAwacJq9d4zHmALguAejzWJOnpESNsXq2hiaCRdzIIF kCyIjxLow==-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.hostingcentraltour.com/NFYz6DbKadwup9fXC43HFT6hcnuvrTsO8SAoz335fgh_2XXzAGoG ATslPWwXTGmYH6pUSKWMIJ7yDvpStJiaAqPZmVRs36QaAuU7y cAKsbgCukEZ 3EAcAGsb6sKJt_k7luoWgPka0ZrUGAPFyxdIs6rBw5Q==-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.hostingcentraltour.com/M_opl3jehxSMLA0rAWrkYtzYNCXwYj_g5jWEmXBerSp2p8e8Tzh8GSmtDZTeC_S3HsCFFiUNuvmDRBvgfg lkIBg82vyKfZu2KMCHApgi_9DQdntuayzsul8TQyEz5sHHNs0V2R oxd 0stxOzjFGh4v4vaKzg==-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.hostingcentraltour.com/rBQ OZfARpmUomg8jMdU8KLnFBMfv1j2UmoFnm5zQCVUwIHt0s3CZ75 fwc5VGjUDOtc2NClXItzY UaXWzK7wRe7tRg0nq_qwUIahrP3NIqsMvkFXrCLXRRq5zU_O5kDi9WGohORIfAMPN XS0GWy0ZSqllAg==-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.hostingcentraltour.com/SF6YMqb2zQYdNsIX _ 549qCaPE_SX0LMls qwMr2bBuLQycdCK_N _guC8 WSoN7nuoQwwcsiSVG_Qj9ogJ478ntp2ugkBc57BexVZvAYu5w4enFZVTvUK_bDHZTgTw_B71aciN0kSCyVvuPVv hY_7v8rO4A==-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.hostingcentraltour.com/r9fSVx67csdt6w5KoC6n9ty19NsTHr1CEA36D2cTF1gusHmkQ1bXw_kF3sQE7Nax_6jPFabz16Q 8QdqVPmiAVNZFd3a7bC__IJ kGeuaoT mzk 9zCqVzO2LhxBXC2F8kvHxqNSg Wl b3Zfrf_dRcsTfYiTQ==-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.hostingcentraltour.com/U6s ub3EXZu9RMEWqIVQNKZNlMy2gbfukNo4agqunoqos7vS2TNn7b2WxYpZycNsJPlFgdV4xG2JtwZ TNJ1s tf5lCJgjl3q6 JYSgOCYIXtuyfOQa67xAfd2KU5KBJr_I93z6jrb8D89WTxH0Ys8KAHGQ0w==-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.hostingcentraltour.com/CEL4yfFR EUpDImvDMWyQzsUycDnz7v_MrI1INBOZil8DRM7RpXqXXpqaRAz161Lq9ZgK0x3lrJzyFagL2vIxnWwgQoxJK1WuMrWC2Nw_eM3OIrwZ5Breuyo Lfphw0DeV0GSCmX3cUC bTD2l QmvakuktbYQ==-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.hostingcentraltour.com/j3oUi7vb_cT4GDfoLf1Q4wihobx8a3icmA0usBJsFnYwfQpOF1MfmLEGQCWzTK3O v9hUs_P6FYw5DVlsKhETAaiCPLw4LrC8o2SrhKmC3lg4_SKj3OvnHuNrPH8r jBec4KJZ7TWrBHmxVKw_E9qCEMUc_VlA==-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

Scan vdownloader_setup.exe - Powered by Reason Core Security