home

vdownloader_setup.exe

Muhati

Criteria Quality (Alpha Criteria Ltd.)

The application vdownloader_setup.exe, “Muhati Setup ” by Criteria Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.capitalsharetours.com and multiple other hosts.
Publisher:
Minuhu   (signed by Criteria Quality (Alpha Criteria Ltd.))

Product:
Muhati

Description:
Muhati Setup

MD5:
04a5a57462eae9b580de89b3e5b23b56

SHA-1:
b166d0f191816e1233bbeffdccd7e4d8cf68489e

SHA-256:
a169f5f8a76207f3244672ba084304cc737949535fdacff33fe225e6d3ecc8f6

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/24/2024 2:08:07 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
16.7.21.14

File size:
1.3 MB (1,362,160 bytes)

Product version:
1.1

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\vdownloader_setup.exe

Digital Signature
Signed by:
Criteria Quality (Alpha Criteria Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
12/31/2015 10:14:57 AM

Valid to:
8/3/2016 2:13:33 PM

Subject:
CN=Criteria Quality (Alpha Criteria Ltd.), O=Criteria Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216B914C61A8F4896BFAF26489B9954D2A

File PE Metadata
Compilation timestamp:
6/19/1992 10:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:3eiaCdS65YAERN0DDmbBc3JEtQCXMBTlP0QjcpMXVJo:3fh5H5OqZEtQ2Gpf

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file vdownloader_setup.exe has been seen being distributed by the following 50 URLs.

http://www.capitalsharetours.com/EoVspPxPgjMJ61Zxel0JMdeNjw7ASvbqbagutdD_rSs5rz46R2cYhbl1EJ7RYl1YdHDUm60k0bbBPsAFFvWgBOkxV3XlueJ1qBKRpH79zPJ6B5glvMoINcLmbhMKv_YQLMsQgrRWrRjrjMseUypjTVufu1FKNdR0u5xHwylVGlBg_23gjbqs7WfgUmdXID9krWBNOguH-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/Xm2fKeYJhttmknJXlTzCTMsZHJ5c09xp2lkxGIz8hgO9IbHdaEl1bcuCf_qcp2FleHTS95Xu0N_pfWKmwxZXhwWiHSjHECeo__bFkC9ASfhYe7_Mo9EABZF_3UA2PxtqpkabqYviLeLLk9rU9Im9Uua5IIVqkmroqeYQgAAVo97EG9zpWEbXduTOhdYR 4SkZPYGz9_B-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/vDcX78_Mlucr1m3xpFZJy4KZWSzEAAwJUARw16lBupNYhnv76EUy3iu7t7BPtmJKiY7K7o7K8ktAVyAfDO84FoPaP 0NFizOrKKieog9ppzY9GRQ4 r6T uvEAApBOIzBGkXeSjjeEMH9A9oMM1vq3Hl1PDegrkD0xqz7sY0Nw0PpK4QjqaJ3MeuRFK4pEGjTRyb0WBq-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/BjUcriL7CK0X_jv8y88rw0va76RRDeFxVS K36lx3hmV2d7tKyNLSOINGMJEtUqHbvuO3csMOegvR1N2kTapS0I2uUztfTuZcXXeAcXzSoCbWSGJzRdsj_rJ4cAkV5RkXrqbN8gAGCPQKoy2lNk9SU0XG9H_saOtGHK8s4XoWmeB4WUaHEJnIlyU7aG9Yt4Ie34b7Pnq2_3pPpf5neoCDt2F7xTzzQ==-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/favXD50vORMvRuVkQUNGdZRSn5UngRgCXjKbHX8EY5taAtXr9KUcQ_bv20fEfSDsjdP_4WUzQ0 YmZwTZOerBve6aw5IVguQVJUHG15 6vyYNPLrhYRKWAG70bhCVXwgR_SUK65JZfoI_9SAVlFbC8MQVaWjecz9Yqxm EMStdIDCvksXeNMu0bLh5We4uJmgtqs2r4q-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/JLadp97wSfYplKT2cybRDwKpPMM4B7pMTZoml8aWxV46tB4W_QBRH1B9lpF34H88KWNzGLRzry4bnKhJZRYNHk_SJRiX2X7 P7XzbXJvrGTzycx8LkwAJU5YTRP8wAKNswZ8XdZC69jOVMkqv W2dD_FY8SKdeDi4ImTDtCs9jP30Gn7TIwOk xDK89b9S7HFqrdPtw-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/0VOBGwxeEvtZzQSQ7v Hj90inLHW5eXXs92rsOFHC7T08mKZuvfAxVhe v6TQN3PcLxjnoSRY0kzXwnen9BHg_EaL6gyJRIfnIvBr5CwvuPOXlLzGwxwx 4xJLD7vw5Heg0cGygpvYN2e1a_yah4MvGopSjK9obuD33PfqdgPZDmrmWRbcFj0_yiiewSfb4Oo__xzLjy-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/ZsAPJzcldSU5sdUAiLdiExGscFC3kfLBULjNGZupuAHxFaelagNBDMVs yW5aovkmY6g ctEIKXRI_ z4id4omdL2rJaBS_SIxUk6iDy xP4kBUhE3Fbk5EMwe8aCVw4xd_iJ12kcwXRj9SDAY6k lTZcGoOVkY IlTmHMjRpaPpV1gBHF3CUiy8YhyEy3dlEkB3MQtj-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/d1tlNMLOHN3Q4RrdCxEJyMxdlb1gqDgIlGb42fvxQfAx3UR5q8aqcAS_RcVFFRb1ycyrf5na5deSpbS7UPpAWptfS5iaoMNSZtETzRdj5bRfR4HgnA4DKCFIXRSkpl2Qu3EaS 4fZPdnqbG2oudIWDRQLBP2clIDpljmKbogivv3Z9HlqW7JOCX6MpUdM9eu5bzsoKRm-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/yZj96QHCC2r dEPl__J8pu75ju3RvNvlZdk7u1gUZ0tQQaYr8ugSJHpzFl6GnwIabiQdADbSw8fDvJHF7gi9CSXPKGHviIDDfNo 91QBa5P1qGXdyuPsuvfBEz1YLzFVc7bybVJjxcakztvbpptjKzioj8c4pt4NSSGjMGwdHSPr4z_o4fSoTMFPD6sJdMpHzObOPbtc-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/KMA_BATmTTasjg3Nu3Xfw0VtUo9kE4soMK6gZ4yjvmlKXJHtTWqV5blDCCARkMJY67O2BV0JzY7oelucq0XLQW80QKVSYTB4oO19BNpxueP3u5mIh0DNe3oLJudOY1 GbGkCUFQA9EtRzbNXFMevzR4PVkvGhIJWI0CiXQGMtiGnypJu Z3jMmTvZa3fi6p0UCgkUgq6-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/71MoiD5G9xwsc mLGmxqCCzX5iKQdgPpDWjSOPSzlfzfl6Qng1kPGVy1GTdWmzVrx1VS2baxHBGCVwgqJNKOybNbUt8qLVT4bOfB2wIIwL6S Z59V5f2e5Nu4Pugop8CPOjv4QpgfsLvTwBK1azEbRJYp8si2LjVfbxu8yxagKbrQoRVg7X5NlCngtL3B6 yGj4W5JT1-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/RTIDxQ3tfvhjtheRp 5CdQy2U2Z XgODfLWUvVOdftsT0F6qBrd4V35HWxSoJmKyrTJE2q9O4wHsBiNaAGfkfbmz9AFM3GfAheY6Sj9 d1qkNV_oB86 DpQQPZnsdajcMSU_qQ5cT9K5re2f8kWjs8Qag6Y0k28AZ2XtB4msx2e24WvfMr4=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/FuOiZrRADDf90Ub6JHd_ubRyZJGbCr71QhBBli_d zB3y15PuZsnMDWxx5oQKS8j6XxLO6W0ndCVTHRu7CDyoh_JCDPPovndX6fe8sInMsUDewGRevs3wQseLN4lG3Bh6xEBEtjYG1OKXCUmB2_P16ohPTR_9ihtXtulQ98fMzB0CnqiNL_AUFDwFlkc YKXJACgKSJC-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/NQAj5gr1VnxSiuPPMq6zxlsyVX6A7McPwcedU41dX5XsZEXsZs picAiplZ1GnINaEuRBenJQxZjVM55ShNTopjPiOqGTouc3Cvgj9Q4kVaQxTr2HG4p5xIQ7jfzD3j hkuFxU4FRXZqOprbPnakqlGw_wuQjJZTNy2VB 4N1cjvtsUcHdXyqiZGyBR0ke7qYV3wHgAW-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/gjl J4Xo4WHd8KH2uJ_eyemrhbtyVPVa7GBwHXyD9FnUYAnxHi4NDUEbU0ARoKWyEXCYBXAyQBHGdlp2f7szENiYChzNarfkctGwJqkcBD5JsGeQrNf8sLIMq UTIB CqjCOv7FMfZxKwzbDbXsAfLIYqkL3ITigtQaC9ZCmiLebWV4uf_EFCrEUI221_rMq4Aprj Rq-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/8JTFWoQh6XEBzREybgleY3t9E45JvOJFo_Oh_J4Sn32GLjyL4Gu_t78fo0Aq3Unh PP6gZJTUXEM_u3fBmOUxYR8dP5CEJeTsR2IkdzzefIvaw14xPFI9xwq5pERmnALmzgQzsO_DTMtHWuzhAXcRZWAK5lwXQV2wPV7_ZBii NqHt6Yb9d4vAEFes1y2a_ 1W635baT-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/Mh1d23CNxagNc DumP3L0CmWqAo9qE9tPAL0_SBHODYHbGSa1GxoPboZELqZFxlwGkQKfHhC5YzqW5zTJdeLZP8nDzSVRVo_swCdmaHcTXGXQCyNV7i0YKjT9tV9vp5VZNzVzvCjuCSe5bR7TT24_xpGp920RZCRiBxSkx9my7QAlf4J9nSiagOigqptIKTgi99C6_px-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/QTvJaByQpMsCYWMsV4t5ftz5PKJU66sGbOKiQEAAOjEIOdVVJmahJSO6Zz7YaD29ms ScDtJzhFwkocUPYXeZzKXzJd9Eiv7tiYsDiU0c6EYlbaHBZFP 3Sp3tqzN7t0Kc5fPh6I4wIc_r7P9LZwZTeII5ohXlJo CDOo9ouS_FJiy2GWxHvLJbu4a7nlqqZv4Ng1 jw-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/8h58nQ2Clx0geXm58f10Wgj3WibrGzBuOYeVp9_2hPH9Pd98oqAZkKBlfHo6H5pYIX2K YvTfSxQF93kwsvfMTCph7mZjSynYD4asegnyhusA_KbesEhwN86Y40Gzw7JCzB8zLLUUWdd aLG3yAcelSc59XLEVeuUkdCqPcwhkaKWxXj8IM=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/YEkZLwNrLLMBrI3UCCvHiP0bW7w8d_TRC8fAve3fYuz5MTy_dEE2ADW5KA_kvQlVzTi7nqhaeoK_rCjh1KZI5s9CJ3jED6ye9erDp4mlv2jyqc3ahiVgsBvL7SyKHaGOt89eji7pOn2VS1jb29evcR5iTKWzfwliwyCitXCvlHEKUT_gFrCXUksmL8ckaU0YkTpROeU5-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/tGs4m9vLmCc9S2EEWCaXqHNBUFvDnylV1sqNb8oZ6iwXGnnPt3V6GUYVFsqt7QZXE_ZN2m0ajqwGxTF3kLqyIQQMcn4HvhkpkyBiYZw6GuD9okGNu4VSOw2Jvt3U1PJ5HrUf_F6dvN_gcwCrs5j_ROSm2NTndDl4PiBFIwU1ghXs JhwnRODaGuMGQ7KCJHI8NRzvnhy-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/xJShw7sYZMZwqp4Gnq94FNmET9D8nSXPNjz7OAtoNGlavAxbEPnHVsu9iz2nqOXlMxC5iSf62Q dhsQWju180u_DlkTMFghaR29tGTQXOzK0k UOOxQR0sKHaL6iVqsjNAGzarEs0JUf8TSHgUqYEAQIYDwQkdpOuBLEBD9JCrxAZZ2OKFQ=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/zUq7dBxgzQGG6njXOFrDWDD8U3w6J9i2kqPJ0ehcxQdF1acxoIUwOqyzRfHVH1kUA0sY4xsTYDLTk9HSfPsZVdC sMafB47izyrRBV1lJCuQ QqPYFVeAktJiqeh32PPNo8bIBRc7X7DlFSQHzLNT302yzcT5t0LSKjSw4w TI13uGvn3V5TUKFemkA1kH LSu CDcRO-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/yFcIMONBw1MpDnNqFvElkDCEdavT6xFc9aoGSLcPdR P5MKnGpuNGfveZOaL1hNejDzKhunOK60IpTqh9pVWJCdwgeCQ02EgmNsKxrHl2hq1uNEVFPszuOc7uQGrU5rEJXD 9ROegQgwVsQeJ9RhdqUI0CcsDRsaGllWUdWeGR34bTQfnqQxEwDY2WZVQwd0JckrlGao-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/jiKR7QorNdKT5lRo1Q5AVBAFPAgcaXQfbXOMJXzqJo2 61kxSsu3A9sYBwv6iGipGT2uQW 88WWx_d8U_kOq_maK0Wr8YiT145xzHnKz PDZ9qxBPIQxFgRrUZjBe7bsFUzERtdDiOo j3VUlynU8VwlWUEj8 68W9DPkSR0x0TmdXNhYmiVC8bI2Y1 1aI9B FB jS1-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/U8EAaV20FOX79FqPaF5JmpM xEOxOwsHtL3EKN7 KAQJDuna_56lvAfPjryHmLDBQ2d52mzrHRFqnvlxFW98QVOrSeNkXlMK6YpvUXvhDnCXTouqkpfykpN8xq_xSqHr_KKn7X9820iNYAwIRgPW502TVUIuIyUKFDq4y rgpGUJ m DO8eQCOk9Y_UG2x_ADvM0DR6-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/uYpj10Kxn2Y1jK8B_wAhuYdBZJgR1dKSESGE1l9cE1em3OZ0YkGCOrVlYSBRG0Dz_SvBjixqpglhakvLrXnIDCfDXDhYWVVAj1yq9rgbITiuMYnMGRgNEztwm7bX5og bHCYcJ 6xwmXJgp_3iQig LY5tlVj78r8X1ZSOd nHFKI3K5OdMZWcHwZWTkdLcROSEEyDvZ-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/kghJUTC2De4ZiIyplAwRfvACLQBkHT7tKbanU3Gq33Dhp3HI7tYYoMX GuZSfl31SQ15_0Xir2g4ATlU 49mpbI9DisPO0E4mi1wLPoV8iChf1CzzZI22qSs21vwV4YPp_woAoATNFJoSOXKNwqkYNLnOeNbgF80aj2v75FecTFmFEvufiaul44eRHOthm14ijH RCq9-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/s5KPupYloTg1pvz03RdcuQyhVBstP_Z5SFfpT CDMZpYkiDG1ggvxQBfHra_ekOUBqNEPSCzv1e4zAnkJeVT3BJF2hvUD6MnTogP9gTrPgZH6qg7lCgaIvm_2Qq9QZDnVgIiaJWBDI83 MDpVoimGO80Hz8p4usL03_I4pyIFGU1nWjI0dqKiuNRdHKyTbKvuoGtFgX9-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

Latest 30 of 74 download URLs

Remove vdownloader_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.