vdownloader_setup.exe

Fenekopico

Criteria Quality (Alpha Criteria Ltd.)

The application vdownloader_setup.exe, “Fenekopico Setup ” by Criteria Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.capitalsharetours.com and multiple other hosts.
Publisher:

Product:
Fenekopico

Description:
Fenekopico Setup

MD5:
5017159ffe332b0b05dbc157ddea2f0f

SHA-1:
655aaadd8168e52ca6914d6086ef9323aa90cd2c

SHA-256:
fc7707ec394b56607e8806ef9ea713f7bfc213731278999a8e93a07cbef97d79

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/24/2024 1:47:56 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC.Installer (M)
16.7.3.8

File size:
1.3 MB (1,363,768 bytes)

Product version:
3.4.4

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\vdownloader_setup.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/31/2015 6:14:57 PM

Valid to:
8/3/2016 9:13:33 PM

Subject:
CN=Criteria Quality (Alpha Criteria Ltd.), O=Criteria Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216B914C61A8F4896BFAF26489B9954D2A

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:gi8S6R9zaiMGuLefCxyZ4ZHm6z+dXyfH5CfyznKiss/q:t165kefCYZ4Fm66difNKif

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.3581

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file vdownloader_setup.exe has been seen being distributed by the following 17 URLs.

http://www.capitalsharetours.com/vOL93wFGHyMRuYIXk wFT0vcpEDJNXUn3GLl_frqFffdI_L77jjbKpbGqAl_LmKzakXbtDU1kIirsCS 8OSkQtQJyCkUMbW3uS7gDUanZoqgfsOAeZ0t7Yx952UMLg5Gr 4BXgac4uMd_F3GgdB3W6EEa7eBFORfvu0iuo925XMPpHo1GfbhtHgfRT_rtGHXzP8i5Aov-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/ TRrvCxxLu5R4S5QLY3vLXFzKPWgJI1ywAdwv7yC9fWsmyWNj4kAF6UZT8_nAH0HzRm2bBryVnsuNRe2UtfjKyxk0W2k nmJFuNavYO7MfMPLLFR_4ODFe4nUkJcTL gyg_00PY1hs2dCqsmo_hgBf0OqeHi4NXO91xZJFYcnuostXZ6yidzE6FDrb5ARt5CbpD 7JbM-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/7CuV_0lS3_iTYLu8s7Caowtd6wndJT9uNWMOs6tfgPPU7KIjdX3WgYrhp9xH1LJghhLd5lnDrQZtTcuJgRbzMLaNeske6nmbmnc6_Ko3D2bO7zMqMyR9qPfUjY7 FoStYgy5Wgk5puWqs4myvGrmd1mBn7X n4JosfPZxOYARg8U2FrvL4V6lSxKQYIAFfRFBzetU6aIGCYccudkrKjGGzjjJTFJGA==-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/6XRbI1NWXBtNb1U ZENYoDBbY_SlAhP_7ob22QGceAavq8UcnJuZxjxiVUBsxomt 1WWv1h ce9D1aegJRswe5UR2Wfdnatlz53i0_ Qh_5pVZj6qRZwuae9rJKsEvUVbHJze3lfDZatT9sj9LgaOdaLIzIKoL8AWWktBWw_ns2pmAAXK7Q=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/iNRQ6ZcYQ13YGJzTCfHVGpsuRS37jG udYrkOE7mJcCqkyF9ve9umoShUrq3vOvBQYfyrHvUWmXNmyX76sdDgJvfJpPMuEwGl0hb8Rwr9BNZsBCJ1RfgMVfKrgmEdWlKlAfS8rqDU8pF61hLvMtRba0I2YAwaXvVJ H7xJh0nOJuZYsZ8VX7g4_MkrbxxlHuS0lgWh9t-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/ibNXmeBiTesiJBq0dqwVXM3BpSZB_ND3GGPt4iqNIw_5MW9cdInlIjWHuDIJcPgqlKIhBBWtS0iJtor4JWMerAyi j2eWQvxyZaOHwDVw6NTMDK2ue49IWGmhferRsSBjKx6PgM6Zq1riB79fRWBot22Z9DC7hSeYWnbPHbz5rHpFweTNUw=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

Remove vdownloader_setup.exe - Powered by Reason Core Security