home

vdownloader_setup.exe

Bafedeluh

FlashFunnel (Alpha Criteria Ltd.)

The application vdownloader_setup.exe, “Bafedeluh Setup ” by FlashFunnel (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.hostingcentraltour.com and multiple other hosts.
Publisher:
Dokako   (signed by FlashFunnel (Alpha Criteria Ltd.))

Product:
Bafedeluh

Description:
Bafedeluh Setup

MD5:
075190bf1b2c84b3d1735c85e3f4e0d4

SHA-1:
6a413206b2efe1587586ebda6aff95b9f797aff4

SHA-256:
8c7674b77b276c027f43ed1b1362e7492339a1e6c5b763b1baf122f943d83d80

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/24/2024 1:55:36 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
16.8.3.22

File size:
1.2 MB (1,266,920 bytes)

Product version:
5.8.3

Copyright:
Stub wizard

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\vdownloader_setup.exe

Digital Signature
Signed by:
FlashFunnel (Alpha Criteria Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
1/6/2016 6:33:56 PM

Valid to:
8/20/2016 5:41:12 PM

Subject:
CN=FlashFunnel (Alpha Criteria Ltd.), O=FlashFunnel (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121E4C7AF870B5B414237A93853C74D7486

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:/HiS6eoVdQ+ZFj+v7iV7W23f8E4pdl7uF:/Cy+ZF6u1130Hnu

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.2843

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file vdownloader_setup.exe has been seen being distributed by the following 50 URLs.

http://www.hostingcentraltour.com/URU3f_R3XL3Zekkni0veWFe k9EkLeLAXXT9lOGVwJseTfpY4 7Qlqa39zpEggH YHTNCnNAJW9hh4YMtyvCRRF0wvi2peBHBeZHQrTkW U7YY9xfq4JbNZruEL0t5NuMjce c1o7hDveVq50hY2SdH9RhtkHQtoiJOgdfhrPGre0Jh2gImmLVJz1z8Boo_8lqTXrult-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.hostingcentraltour.com/WIBUlrvyT_Mf6wbqWHDsllA0j7bU3Lnfup4Jz5jOusPRDnyXrI_pCKoJ i9fPyrfF14nBou46YQAP2JLxyJVPIWQfPkYHowmTF1Xpx9xHVNTJGaFXZWB1dwe57hVwcrxk2tIiD1DMc0KzChxekLjuh54lQOBh1YHuapBuWRmXLTXSOxjGauK6fPqZuqyb78n27CdWRsw-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/3rfAUiLAR3nwIUvfMJP7Y82K_JscuX9bYPZGlzikzZkJLkfKMhbiHuR Ka3NtZv0o7qQ70w3Zv6BsQJl wLcuAv48NFf36I02OShLFcAVYIQBGcvwXx nd2aoWGhUEeAmte pyOsfZw6flHVRViwaBJh_j1MaQSidn3oIhe9FoG7skXcMeZegUi8uXq0Bzajtsjpu2Rl-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/lhvkxlxP4BX7Iz1zFAk2ierFADznEN_TvMzdhmWdAfoJDVqkttDg04_tlWlmjq4JNDh7DEda2CYXQ nLEnmWu_qT_Cn Y2J1w5_A cn5BWLAvsiRdE37fJbJ1Cd5zbHVgtp1LbpKJjFGU9cdgxDbqI7bhjmsVNKru4A_VIw_xXdnLsACOMGr1fwJQHcE0JZueAooaLDs-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.hostingcentraltour.com/ylnDAdImBspvrYPNv6T9s1xn32_97mU2by1FIkX9Irq6h5x2gyTasKfxXZRU5v15vKWYW9nntGDwWVBY0WlBuvXJqbAGk2AVEXkgPX6hzRK7nYLSFynGp7G5M5Txu7mceALQbgUr00LK otLZMJa qJZm8Ii fe2m5ujXQEVXUjMoHFSzKAWd_0JlUiLHu07Im_90u9B-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/X_w2KxZ5nE I4I uc9XD0zD3STuoitWfZ59d1PL9kMQJrGj4gvyorcCG2I NF97HS6Z R_ds_gMW hdeOYpp5exki08Vc9tG jliTmmCLMMJR kMeASQtDPJtYzLlUY jrDwkHhmnJ9SnFdIT0Rl9cPjUBTHNMhhefJgqNuj7ruSia ROQ9zFaHthsmG9VRx7o xgDR-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/13e wVLaq 1n_ZGz4JMTOdlWFx4dgZ_tZeuVfeOLqfma_TfDdBiDExuPsLvnwTIkQWjpnPv9coniysJSIItYuW3wcJiZFaVeMEsTFdzMW9he1Y0dEZRQ7aCusDu6KucDhABg pmDS_2O8Bzp8kzEg3Z384gKKbE5yHWzz7cCgyINmZWlwmve6h9wAuqL1wRd8Z4Qhs42-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/l4zNK3TNCUK1qU02oqyLjdg7uPXVYsQW7ugv47gyQ1Rmrkis02EQVXtNEocJWtlS3P0UactQOPMSiR6Opzv7G6KoCO38zHOWvZGtuNTq8K 1izequ3ZMXy9Z63erkh_6TaXqdX0FRUsOEI4cZjzkL1ghNKhJSwtfI2tNlslDNo bXea3f9k=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/LAtpkqYrTorW1QxYbu5mi49EJvtCVVlzNq17tRUAsVm1drguefFHxxaS56qdi4gE8tps4nrvYuLSc1kaDnl6UWc_wjx1HfQTjHbD6ubdYeh_SGguBjyZlqXiB dFasFKRX6kXlz5A0GEC0NqlhS1SbKRngvtjR835V81E8PyIByAWWkbFQ5H8uDBecMyTFuU3OsgIqW4-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/PH IuLO6 4mMVUd2JDx76pv 2FrNvfWL7fLGqeMIAdIPTxT1YgfJxCZ0PIjD2dtEmuP85sw_LHKkM6sxVHqBGKf7e BrmTRkqQ7HqcmXG9p_ZVEB5NDoNEPFNo1bPExi4j5DDnwedzAlcdlog0BkT81C4GgUrlj_QMRFcO CcNXeQ6 mG8z_EELBdACVFOCEh7rGBwCV-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/Sk UWy7sQwD5Qje_lTUuPyQzLuHAJ2 gDLeQT2tfDN2yfD9ht y6NtMndibyMk_QDrNxjzL5_TDE3 8uaKQQWKpLaYs0w_pPgQstaG6PbXXJhmKKc8LofVUs6vCgGvRiYlDP_51b9d1eUYDFehyXi7e0M1TWVDFTy50_0nuidEhAPNbfYqY=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/l9q7C6VjlAZ8kLV _wrERmwbgo9otTmLiE8GGX7 NawaY4AAEW3u4le_Onlb5apseIafYkAd9ftixPy52DKofjxn007Y2vWg36LwBlM5wovcHULxCSo5KUBMKIxpoGwWzkGSBxpS2gYGMFOaON_T79Uc46M4_oIsKuUV78PHv_zL2MIF8iNCdoiOqPudC7Q_zPYg0t7x-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/eW7wfWcDI xo2mkmc_lkjy6VnQAs42TJp5JdkFqRhPcn66pe9xBXj_Eab_WzviOi2B8CNBRj0y2Q10GsD1PBvGnghgr_xZ7rZYU_9gBq641bUsOJZWn9e6_onlvTnAjbUK8FqanERFXW40zIdjJjF5NcA RTFDkaAtU68hbDkW_6AUAN08tXVrHwO_FFvBQsQIiVjas6-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/xBu7FrJNhVB OPwOScieRoWDBPgSXIHICiR1R77yCh6hiSUDreFuNnwRXkefq1t3rkZAxQdXnLEyTU Tjzo3IWViLNpgi33xxk3OjQhoR0qAl3XM WIw_bajokLihUosfV45n5VyOk_VVsB2csUGfAeU3g7QEwEQQMZH ni0CBm df_L2Vc=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/kMZEkhntpjCrzRUzuHzSdxn8XaR cQG4mOQnI mvPL cVVEdkWL MkS9DGKqUrDoWi4fZxQZD7KEdOYK0DVwtVL5Bv 8S1XhBSX3NYinIfkZQvOC7yActcAFgvJukpiaRG_F2m5JBONAUcj69VUVAeZciPdCNOh1ntEy9rJeZcQHt3M5HM8mMKLmCV7As_iv3jOdjhv-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/3BK0VWsQe2kCTp5fe7eoSxC1U6BbD7FhRSbRT4FHUiDeBeKXxn3pMjmJw7wpD5DiDiagkgvJ1_YHhPISXhMaQyGw_Szw658GVTWL1v_no6VHIXay4KzvvCz _9oU48RiRK1tBi_TLN5obwdwlUrxTM3uAD8RswDYe917HY2Vjo04ouzoiRIVDMcwWAq6dO6XpNOsLxJt-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.hostingcentraltour.com/6UpFF127iakPQ5R_h7xiwllX6Ajyt2Mgd3eyOopAPW2b_EycHl5hCAk8E6_SzkBoL9ZWFvwDb9IdCUs2qdYAdwVGehyJHf v6LXaAvfpmBb3l67HHK1t4QW4Ajuz39iMHCNmwNzybdqdBNZ1ixQjSkIRAzsDutbnvCJGm SByjyIwFpmR600r2UQcGSEUe aGasYiMrX-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/9jtBSCPpLbjnpKDWuRTmROnzpdr41iJqRQc_mbVvhJMoDgQHWAtxVfTBpAw46PkwsnRWjuRDnOLzN7STHZZuQCgbkGRsXHXNFFXBnAo_PZzRehbCiJv37PSOOBLG_2BFkMA3jWGOGp5u5928BHumQVxaTdOJhSUfe c2ujXslQDJkAS3Oj5Wpxd5Y0JtLqegONQOwE36-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/kFkQ0dIDl2oX9XFL7ipfP0sZPU5Cc6vJ5Ijz0THrAxh reuTWeeeIowzsLi 8xgvD_ShQ35x9VhzwnLLOmcXuXgcxg7IUOHYgz PonfJhSbkw8w5NhZI3uejJBBPZWoeM3Dh6ecXd6RSXjh9l1 _ep98eeiBrQljovGYJgnowUF0q0wLfaI=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.hostingcentraltour.com/ayquE5jSlCQzpsmrQ8qrSqhkhnTu5v0NxSVma0EXtMKqpO14zytB2RJV9yXa800fFEVam CXW wlR0JLSbMu7e PyiowJho4NmQEzjUNuNg76izNBpwun11oULXxqXpqCzpluIaahG8N6yIBklcusqhQqy_JkihtYhes46HtPcAUnbpjEQe75vsMXIhk7RRsOSEmFnvj-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/yviQ167AxR7gxukFKMCl0JZpILHN3wqT0KpTefqgjZ7Mj_pVlyI3No0wpH54P2CLpI5MVrIitfOR6w9DiBJ6ZpPc794YHz12QiPLeWiV7Y07sLcZG1_w_mh_sqd4vQ4bH4iZ_kSoWUjmbjXnXUXK49vTDsxG5wMQa4Q8D1X2J8CmgeQR9HBSdIqMuhiqfYRq9OYIrXfZ-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/DxGAdNcW72G_0qL2BeyVxYhbBSLq5g0FMMzxJWa9yhbmddy6qUd23KHQKjry wYzJ0E3VsFgj0AyqvVxLnmlMV8jCuFTsesuq5Dr avQDYvAUDORjEiUq8Vin7U0JfbiDP8V8ZsSZqoc4198 5nZWvIIIfBFxGlMqYn1jE1PVgKVbmUN6Mz6SVgsniEPCcH_l Cn5LkG-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/SmSQcfPTeBkV_CrU1caOMmv7u5GgtXOuk8BW7F1ne8Hy4bgH5zMmICDIXMLJUgACJ8efa0yGvmVpVZFXYdfNmLncKt9YrvOWpJ2dID SNu6gguTUaj6ouKjFZ8 xA gkYDv9kL7H4hDuNpy9wr6uEU5sl8PEwiUIAjlF98GvM_DbZqtzZScrKAXyAxPDTUt83yQN_nn6-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.hostingcentraltour.com/oOvLOiJuY0XjLRcc5UsfactEQR_uPKO4SNfnXI9LroVFzMHk4cDt3hHq QKS5sfoMd6rTyaO9me0GJwRK4Lb7_I16SRwbHnXsLwcy1pW24KiAkp_N01dajrsJEKtK6aHDUeMc58FTUDuu4HLq8Qld6hF3SEtRiqWeh7qI8aN3_NPUTtepWw=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/7BHqiMVGp76lVxhocxMAE7VH8MXaqNes426tU3AKhIh4rolIVd63tpQWoBq raNuJ8PCTwEPlGyQjwlnQx3ulvkYz5PNNu04xDyMOF0n2xxl1ZYhUd3WEGJgw07kde1ZoVulQGZkAfzqaL3WwY_h1lDIpIGjWVjAQmykWHTfmsJ9nEJfJgIyiSlsBFBvhC6 Y0 xnCAv-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/EnIRsxth5tjC0v3WhuRIgNTmgOiS pRgt5__sjlJYXbdNk7krx 0Q_08hakhL4d9vNB8HUA0mv6ognaXfndBXcytmzxvw1lwbWCObqzIJy0o_cYP3lZ9z vD6Ng1nkF2l6jVLS5xqSyPVolOCUFUdWvUOf3oxPZr j D_7L_P2PDFuoyWqc8Ulto_dcTbj4iLA3TyOOV-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/ytHj5L1BAIb15ziCiOhChNvsCHI5NqxnwQF3Ce7yYgtLSB6Id5kOn wnNlHSE2Vhga2MhCbuQ4ZJafo2lGwyKGaw3aSWuzlM2TBw49EdNx7v5WabfcxHqfxk81jVVeQ4zUC8JLu2fGzfb79jtQwclIOmIl1fyJE0_OcIewwU8Z P5BSMVDXphLm8bjKITEi0O22kF0OE-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/62D xcU38WFscmfkjQtJ_BVqIMg0rw9th8hz7GK9jBpzGx7E57zJM7oJ0sIKWa6kQNOQHnmetUT5kPXvawzlH lf1ZMC5eSRcHLg9yrwiuKZ5K6vjZUgy3gWLNWoIq9hMZqDjT58ZMDQFqGmB1EbqvvG0L6G_tse5WtLU5y_pHTlluSRA E=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.hostingcentraltour.com/9ye4rzv12mVCDX6eHA s81oL NPE UGN5Z3EQXFeA8HlpgLkmv_WQkW64tB1oewLWUEFlFtezt0cnyNkA4tNey6SV44rlXQeHv2Jj1FpKx6lV5TI3uZkyVS3vQVtKijSW4OCJ3MiHM9NRV4UHAGcLGR1X_lulCCKrX9FdEKgH5xYAC3a5ozEAM3VzY6jkuAXYDl4sNIM-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/HNbW1hOZ6jG2V4BhObvsDOBWQXFPJZl wyOy_bDL VkxD5rlumTNjvZ9giDv3HDz2mlxmx Lm_hBYmWySl8c1E9_ycdo2LSl9jIp266cS4VY_13ghKuD4Dt95FND_gQlLExitJqeO5maX9MtqP38tcKSunvYGeiwjBfcTCHJKLOAo523wKM9dYZzt TojKaydaaTxi5r-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

Latest 30 of 80 download URLs

Remove vdownloader_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.