home

vdownloader_setup.exe

Porenugo

Criteria Quality (Alpha Criteria Ltd.)

The application vdownloader_setup.exe, “Porenugo Setup ” by Criteria Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.capitalsharetours.com and multiple other hosts.
Publisher:
Criteria Quality (Alpha Criteria Ltd.)  (signed and verified)

Product:
Porenugo

Description:
Porenugo Setup

MD5:
a24cd6da50db9d1b5f39af3529c3e78f

SHA-1:
86466c1b1d3dbbd6eaab7835625ba8750c00e0bd

SHA-256:
a3fc197d49a256539c05167a77ce084448457eba6a96047ad159c07c5ff7fd01

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/26/2024 2:03:05 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC.Installer (M)
16.7.10.8

File size:
1.3 MB (1,351,368 bytes)

Product version:
3.4.4

Copyright:
Fast

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\vdownloader_setup.exe

Digital Signature
Signed by:
Criteria Quality (Alpha Criteria Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
12/31/2015 12:14:57 PM

Valid to:
8/3/2016 4:13:33 PM

Subject:
CN=Criteria Quality (Alpha Criteria Ltd.), O=Criteria Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216B914C61A8F4896BFAF26489B9954D2A

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:3/i9hTd2rkwotrfcVvgJgA74CjxzmdT72IWy+fEhQNUA+hlvcAb+H:3KfTAk5EZgJL7hj4dX2IWy+f7UteA

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.3454

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file vdownloader_setup.exe has been seen being distributed by the following 31 URLs.

http://www.capitalsharetours.com/uuk2XeHmls1ko3lBWbkiouDxVVcxkfi TvIfWY7reBDWcVkDVymkL2drI49xXrURbtj4eWz4pItANH g1g8D7OHlFF8WlOg ThokW8RwuDGesef7B1KR3OOzlXDfu112f4jXuj1QwUPLKOomJPOjSJkZ8j B8xh3yCjmzBfvfroE5NQZSE8=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/zpju2MlzwkzlRC7CUV2xn DZp_DHtOITTqO64 QNevIO gocaeH1um2rC2AvoBueRQpAhxsmqqnK9rp7_BHEiziU0L kM_EdvIBk5Y_Fr iC p6uCXJiG8ScbcgSgN1ENfsYOEUTYyuzTj4EpYgs5o7OQfmrCGwPj 3Pgljpdt2TMxnRVRqPGN4y9pvIg38X9NKog7r7-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/P9n6i0fo5zu1ce_Lj1 scVClv34DimOJsxPRAzJjVLYu4hZnAJOEibCHdUJ9uL8jbR0GV6a9Ziw9LuvWMB8lHZaj3aO 3t6_5CipJlQko6b_z5R3wH35ouiB__70K yXWnUBi YUHs8SIOi0TVu __MHxjTK8VJyemZJ603K543HRdTXYJt2VSdW1dY0B9qWT9NIhjHy-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/QFTtV12QJv7esiq 1YRXEw3aUZLmf5 XtWLtRId9mLuus iwnbxiFQpHcjmJPyLcg4b20BLjD2HdIG2gPOwU9XXbK7jAllm5O iy6qYbuOKkOFcfsNAXHjVls3w_ wfNb4doW_mZWBMlscmvCADydaigV87E9IqrvswildN2Ge8DyhR9MpJ2CsYUfqz lonOVQdWZBV-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/Vsp3 VGr8aCJRIMZO8rIQVH3L4b5cKCexZe00mY6qKW_F2z4ag7px3E xHhO2ykFmHCXn6bqsb71I1CYBmR605CCiSRRdwL1caYri7256Qc1LVdKE3EULr4XT4bAUSIX8aLNQPklP6QhkHnI9WKLNf0WIyrNZn7NaVKwAS6n3W0NRp6sI5WLHh_AGbqtbyAm4PgiMQ5P-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/NWHxdNOFd1aWvMTm1XL5849SrFGGh_r2IjAPBPNyK79PyyKop_tn86Mh4cSLb3R 2NmbcnScn28warZUeNMHZ4V8zzMGdwL3fw0AzmUe1DA4VVTXMV9Qwj09gzPLa ig_vbL8WUQTaTvln1l6yCDVRA xXoZjhB58Ok0RzhibyX6y4risTW BEzaDo0a6zCWZj8nFsKa-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/0apUeJudLAa8Rn IINIXL5k6f8X5leSFRF1zkU23ag4eMMHggo7BtbpAyO hVMfktp1ruS925Zu7xu6eS4Hy59t8Z eznnszg18YfPTXqbyjaLSMo2zgaulKUalN7RyskVzolm8RjBSSYssMuLIN8oUAzIadPQ8iaNJpdXJ9d N56dKcmHXZ2iXgTIA5ZumYkhOsDjfy-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/c?x=MCLEMvKa0NXIlcDZN0DvaYUf5jc/6a3vNrvSrMPm4KA=&c=fjE5dnI/D5sv3dz9TdydJwPeKhFucLRrTyOIh5kNb2ASubLv 2TfIc6IkBdq vVMDJRDN2o8rx/BgdKF/nPaFDakAna0ML0HqUgZd9lS4Yat4MkwrlGMqJhMma15LLtLYzPmDhz1CfpC0HR FOWEmQ==&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.capitalsharetours.com/jVYHIGgwXMXMGvXjW0qmOnbCi5yc95Nfdx9HbBo3FxKifPTNZ2MM9NIFFMieusxyQq1ue18CSmuZohKaD2LKMqNuqWip9VFHsvTeB1tCorsX2Txhv8u4f1Kpy_Nu8SVDJcVcXtYM1FyXuLTTM sv6bCA9kf8se6kE2366vP mrh0ac6 FsPY6VhNCh7xkEh2x2QGgUZa-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/cCNZcwc4k joe5isZrq2Qi_USG6d0wXi7Rk1z992LTkjcJJJDE siAakPMHRiSF6Ki7KDz2jtqng9SywHQ2oBrgOhzXiPnLo6imWNqIaIf1eDo O_RscQT1AIUfp4njV7x1EwR68tlMAf3Bifyd3LxeVkA_3YwsixhCUWOma_athk_QbZleVj1D8MWHVYAG6VVaqqkAN-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/CChekLPYWGGNJDP7qMM3qKe8IVTDg_R7UOL5sar28Zo5KGVlT2EEfGDKmQCZnydICCDgxsASBryUf8xsmC_HKXX_qMhRob4OM2TlWS24NtdwPt2xSlp6kD4ndZs9i9obf3CJe6uteKBgE xXghbhQmZx7CjplR2pFHe7LAuTvbO3_zzifSSa6vhNlQ76iPEmn5ZfRNmc-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/hcuqUbRyLZTZp4vArjATYJcylXjCbAFinL_gFUG5pXCgNS_rilt3CYF9BkwaiwXD7VAWMnA msInk _JyvKaSZFtf 1_le3ADCWcn9geVc7L9ECUTIBGLtdSVPouujc6taAnAsMkTIPAyXfS8Bk0lPBIxe51NNrNoFOkoDYQmcz qPe63IGMfKKcva3NmKKyPDdI1k6X-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/sHNHGCsPtOHwDchcunJCNZLt1R63ssdGjKYTsxt7F7OwfCHnz2bJGh6 HrahDyBTRHN5aK8qagkuMtCoHiXr_mxDgdWtlGT7Ocihv2gimLnT_bHqD52T7L7zwJpMknJNv0ZokCgfomXG5d8zSeSCZiCcNfMdH5LuhRF6Oj8Be0pVAwk94vk=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/e3PEmGrnvTOgmvveEhm14 imUjSRFxbXnJm26R1pNbtz0SzP9Gkfe3qvgPaDCGlauZ6R8NN5jzBZ6VLfkHrUZ4oCy8jyvAadBjzYfwjzh5EsnafhErBRGnArwX4t5rUKtoywYoKaHxRsYxVXo4LEITXb2m2VoACJX_KZp4zg9XBj1eb3zSN7aYqeUiV3Tc5kyF9mQqjw-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/v6A2fIM _YiKVniT9bwG0D87OedhAwQt0xbDiDnOc19GW282a4UQtYZK4tf6pTgSW_6F9 ZUFi58mwhCmvFtmj86QJKfVJQeHc1NfuRyjCP6kKIg_5SkMTCl_oe0pRsj9Z_PwXGJNa4ayweGL99OZ3mWpYDjVezoCIF0mKhfSZM_SxqxNFA=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/5RFZRbrhdBM_aHwmnjLOfHKeTyplJFMcZ Sudu5bkdowlL_CPTnNJmiHvsS9JnJh1gH uYCd1fAB5OTJEDhpJWGqaOX_YC39KEYb1s_WNQIeIBlEhOmuqEpBTDSLF SswLlNbwhC_FZZ_ 93DSA39b9nSzDCfOnxDHAe denXNv083MAZQc=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

C:\Users\Administrator\Downloads\VDownloader_Setup.exe

http://www.capitalsharetours.com/V4tqdyvKxeoDZCz8sz67YnwoD3T09yVYPo5YaXZPmP_ENniPPg_fcVDU2ta99FMo3kWyov0dNu9cFfvXRYF6yNnIj8DPkN05A5wO8eErHnODHgu8j1MVkg8qt9f42AZKp99nK60Cc_Kd8zI4wvLN4LeKvW7TipOEfFE0zl_AXfHi iyVGx8KLWcquImzwI4u3Fs6jhT9-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/HPqXjm1QsvjRoM1ES7Kgh2A0PIc89z9xP0WwVgDqZInf6hNAi N2aQn4qcgRGCxU9eRsbrVHZvGirh8saj4EzmHeG9Cf6LPD TM1AK2lS_HJL6N9ixvpIGA_UUrfc5l9rpalNbRuH_Eq4Va1g7_iP7YOqpaVt DUNe7gzW bHDBGg6Qdr4REX9f 3oSAqDNc50dRXCqut3xMUQ0Za_yyR9IhCxXMkg==-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/YuQxrMffIeGt9nNJQJZRkmoXozQ7lsbCrGmo3avr TkREIiZt0vQ8LE3Zgdqj69gEARsSD8ZPz1kqgWJ 5ay9I7AC9bj8NX4WadYB8BbGK7fqKfjMh9ZauN07bdaKc1PwDIg4Lup cptG23oHC0O_sWCWlUjhokGxw2DRdH7YTJOQ0wsYsmfqnmrld3fkf2Z39CMSE2a-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/UNZMDtKKF8vDAP_VFzrxGoR7ITewagOCJSOAom2vnPi5npeKf6Hhqp5jAKBW_6PljIOkxeL7UlIk3pBj4hLY8SBw_WLAMEWwOXPii8GRX0Psu acdgIybTznrhsrigfSEaBOWQfYmkwmhTjcjoo9mnb_aHEMxSGseWGoKdToqg_z5lw2BfhLHp90aQ9vGL2Ed_A6XGeU-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/htCMB5LEA072FOXNEeOZbWdY_IuD3qR2rcnPcXAxjY0HE4xVdLF9tx5ZHjrFRs 5rTXIt0eJ rUKATap64_R_ruUXHwOW9kXHQvTD8uV0mN8FWED2jKZHTokKCMPTxJUSwr6xkGJ7xdoBaYKCqdc 6I5gx6vtPTs9nj1SPbDFFdQDQ65fH9Kh6KnNkqpoQdR9LQNsJ K-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/WVl6OTRQWFZYZG5kWGJUaDRRV1p5YjNvMldVVTFUazFwUmxwcU9YUjViV3hhYWlVeVFsSWxNa1oyV0RsUFZqbGtXalV3SlRORUptTTlUREJRSlRKQ0pUSkNWMmRzYzB4bGNIQWxNa0l4YldsdGFtVnhVa3R1TjFkT2RUZFdha1JUYkZFME1IbzVXR3hJUW1SaWRrSkNTRVpXWWpkNVRtZGpWMnROVG5Kc1R5VXlSa1pZUmt0R2RVRTVOM2RRYlRWckpUSkdlR3RqWW5VNFRYRnhKVEpHUkdsU2J6STJlRkF4TjJkQk1GSmhlakZHT0RSeVpFUnJSMUkzY1ZSRGRHcE5XRzUyUjFJd1Z5VXlSbU1sTWtKNFEyWTRXSFIwV1hSeVVVOUljbnBQVVNVelJDVXpSQ1psUFRBbVpHOTNibXh2WVdSQmN6MVdSRzkzYm14dllXUmxjbDlUWlhSMWNDNWxlR1VtWm1Gc2JHSmhZMnRmZFhKc1BXaDBkSEFsTTBFbE1rWWxNa1puWlhSMlpHOTNibXh2WVdSbGNpNWpiMjBsTWtZbE0wWndKVE5FY0d4MWN3PT0=

http://www.capitalsharetours.com/0QVp8E0DSy3uVX1vORU TR2mU6nLdujVy_gJvFgqxqjz PbalzEN18bPiucdhlzcF55V6r Pgaxi6K0JXYcULuv1rZYlmYvYt6dZOJ9wYzOoufdMRo_lmbBNeyef6caQRB6SqsthJegstYvoro unAljTcJJHLNbMin1 U5Rk0gYIA4vLzrkLuBolA0mFqBUYakeVVh-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/s5Jn9VdGD RSjAXBe6NpSyRFjpKtX5GtEVa8n4VinP_Dcv4nbLuELvkCPO1eY9T1xUJ93lshvqZOpL5pqzkFzjRfJspdpsj7Lpme2ueo7qtEHjigj21PuR4O64YmFBZe7MrCs5uRVTaqLIyMtb_dSxytIerGA 1kHhVIbFCbrwY8 DqYpeijAv3oYGLJ5L1OJbPZoaEJ-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/Gx5ba2 mWDMo4cf9h KlqqC 2DL4KY5MiMl3Binmeog5qIktvb6tBLSNyT0ENtjoH08KHJ5oruYpvHdEmc_FIJOHRLropGu4Gyh8Pb6WBvSsGtx w9EYaCudbnUEorEAGsPHU3T_Tsb_2Nx3955TvVvm61wAjIFSxB0zhTq8dsg3NeW_FEg=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/xtVFDOzb7VpUvj194 4QWi_NhwHN0QYaVL_ xrA9sfW9pLJ05r7Qlk5nXnygUFx0JVu8fJsg68CWwK0qEDXP VpqOCmJnBDxGmDsS9K1DsZYXTmUI08zAFfnbJXGBQ83qnJ8q 1rGPTfB8vaM9AHehrcRmc9qfMx7oIH_zJco94QuBvOsT3PFAU BoyC6rOG6BVV9jZp-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/wZlXrPY8LIX7LODmjT92ezmjN1IEK9A6diZfd9vJJ btI8IX_Rj5jXNLsV9FPvgTVQqX psqbD6NfcU0EZYeHZXx_rJ zlETnQ4ULfloVMu4Us2vQJMXq1wu3F7sr9pq bkKYRRX B3PQAIg9hAFllwEuU1T1a1MnBKNXIccfqKLe06de0yJsEm1WCz9BxafiVdWM80-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/nt3_dDPEQZu7tnKNE_c5qCuQ4B5pjiQ8_D RYmhz065QyOq_pFSywegWzMijGSCKRNwupFumTe9W95PeRiFgp8wlJfrqyHeVyn9rLd VfX2MSG6t4N1JR1f6AgakWaQcp9vnvAT1aE7SY90vvMDk2rPAt8N5aFNJx_KdtTrVjOjJ21AkFX1 VL6y71GntXgZSSHmnYrz-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/PKTwMXV4m_IJ0uQWJ48ax_IadDhZ717t UUVH2n_OtsXX4cm3s3pF0Wm1Vr0rFVkduJjcMN8JNkmQ4buRAa3OgEd1B2z54YJRvjxLmBE1_fUXwMCjtMI57ZPbZbR WndPVCR7B6HNz4yaTgYvKeVQE6lpbdTTeYC9e33Ar5gLcg_T6yNIRg=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

Latest 30 of 31 download URLs

Remove vdownloader_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.