» vdownloader_setup.exe
Overview
Analysis
File Details
Downloads (26)

vdownloader_setup.exe

Relofo

Criteria Quality (Alpha Criteria Ltd.)

The application vdownloader_setup.exe, “Relofo Setup ” by Criteria Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.capitalsharetours.com and multiple other hosts.

File name:

Publisher:

Criteria Quality (Alpha Criteria Ltd.) (signed and verified)

Product:

Relofo

Description:

Relofo Setup

Version:

2.5.5.7

MD5:

f1d359f3bff9534c7f5474c6efc2de5b

SHA-1:

b42ffeb257f0e9f896b595b2785c5b2e48f6e954

SHA-256:

00d4825a4b6c1f83f47b062ccd41ead1750b242d7fc3b51f29fa5d2c6eaf2145

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/5/2024 10:37:43 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC (M)

16.7.30.18

File size:

1.3 MB (1,356,144 bytes)

Product version:

1.8

Soft lite

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\vdownloader_setup.exe

Digital Signature

Signed by:

Criteria Quality (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

12/31/2015 1:14:57 PM

Valid to:

8/3/2016 5:13:33 PM

Subject:

CN=Criteria Quality (Alpha Criteria Ltd.), O=Criteria Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11216B914C61A8F4896BFAF26489B9954D2A

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:Z7Ild8Ia1bhdClYcNAqSK8cUHssSb8/iIuhemhUHlmwZdqWM4A4:Z7EFa1Vdgn27HsJ1noZIGA4

Entry address:

0xAA98

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.3520

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

40.5 KB (41,472 bytes)

The file vdownloader_setup.exe has been seen being distributed by the following 26 URLs.

http://www.capitalsharetours.com/FFRhZ1eTJaYcmpzgCb6Xvy0zV5WkbpV1mZe6oDdT9tOkG0bL aIRpem6a3c60hWn 2DdCbrbn4kgsUWIFe2FnRitLmzdeuRbv28OCLQci_3u_h1NwdpZtEgSQeXyTLqfiHvhBZiFOpd5PIaC0LMGEbuvfRbY6WTD0Z5S Yy0xLECHyAJaftlk_EnbQeMwvA2KmOdwlNF-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/IuxZzq2kq6xFZIS1uM06G9I_eO0m66Pnt2IFpoYCN53Sz5AjZEGSTrp9t652HUNMzU35W2xPDsKQCiGYhEFu5gtYg_PZQn6PNuG9cS6IKVDHy1E0VcNX4c3yEp6qixRwYruQRJFUST_Nz00SNwmxd1ca2 zh8d3cn3dgaBTIVN_aqD9bRLO4ABx HadDAMs_hKFon9ib-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/LyFMsW03mhx3VdPE4ZA7UNTYAjjgvPN Dv01VdPqxQMoCK4P1p0BQfNPemGv1rlJD_cEb_l2SiCq FcTyAFvIPTwJzJH0kjDtMHoqGmKW5u2IQXSQvST0whNaJnW0dwo5cisd1LJsko6zyTgH_JUbbG8fD9gIjKzlXPtM48YRnoQImoTQcw8gEPYAmbWyPQLxOFzXwIi-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/N2RC92Cc KIA6KZ5oQos O7xEqtu1MjEgRdjiC2L6qQRmKFyd0tqDXo6qdbxNx9D9aOQnYVq6RHnc49aprZWetScgBF_TFE_xolJuBoLXFNh3uNU_4X5WmtXoyl2C6XFNIJnWwxa_4YGXRpzg1ihoBfhoCIDb Oq7wD6ufhT5O_4g_OTw5WZxv8oeHgW_L0LhZC0PPa2-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/TXqOuAmTlJm9mhQHHkkNYT9wyMhyQUnrA5gAYNxR9UgyjwDz09hM5h6 gA2fhiotfanpVaD3zVeMHcqBdYi23Hm7WxXQT3ZRaaUbKL9nv92eaWFIl qE Ebaf2IwaNqNzJ7MNrpKpDFEhxuBPFr17wSDnzA3KKNT0VFC6gx98pOJ8MX KHgR0TfbxtzjbUeS4IanQbUV-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/o6oDHgbHH7MIOHL uoPLmPJHm3hKPsIv8cMdwXjnnCKqE51ImSDyENLFftly1QSb 26LavghKIgmk3NOStySrmoBA_5oAYVaiXEuk73IXClZEv4uchh0bWRoxfpEDaf_nuCRWTKR5nBbAeUPG1Lcopzyh6xt39kubfqQhwD5SfmhdHzaGUU=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/ibP9glL2nQaN4GkRWTk6OuMxPbplOk6dsTWUSiqQJz8UqTXp8qjXwaaoTsOxrA5VhDTUguvr8gr8mrYmf9QhCRmFN0QyO6mni 9Kx Lq4QPmvKqx AUUoClNi1Z8G71AHurVt9GryHCfFn Ngb8ARXtD3RNgoL86j E7aEoBARPMknGMkca7y WA1uj39rWUFsd2r MK-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/LW2zB7zIWzg0ADKY_2L_s4YJzJVWEy0Txr1EXJlX6joeEwyBJ9OT9EfSai0e95Ih9leEoW8eBT5pRHHVKpxVgtHZN6tsbP3 GebA3f9ca4QYMF_gPT_pgs6iUOckhVceA z5fV2MQNeip d7wwelAeM20aSH3be7oxQv1knRSevjHSjtKYVuYy5jvP3U3jBeY5j0zHeW-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/HrXWMbeVmsTTnBBGNENdXuGODCf7kmtuXqUXvjkG_nmNxqOdUGiKUThN3D9knkrC68Qle8jgMaarNlTjoWQhU02U1xfHqQ61YJFzshv8RtdRaS2U70oxGHOsS1i03r1DUi_lp_v1eXjmvAJsFfED3iWwND2YirO_sRNETcBQMwSb7ZNW1WbFGk21o9_H28z3eIeXB2hu-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/rcOkuCn0Pt_1Ksk9_N3IPCSOSCoqf00P9akbjmXG lnFrvIN4DA8dh7ymO85UyP8vDtqHHPFAi X2gq8wyasTjaI5auwBO8S4qJhgXotloiwm28SkDpidU1SqC9DLnubcH _iaF71rOkGJF_BZSCS0Nr1dHfAENBAqF9GKdQpJv9G46se_k=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/EN50D0ogthRHfBxImNLNnDjFRt4FhgHoAVnS1O2UjVg2yHeKNE R9NRz2ukvnULFjuWixxW4ygzAvMdcvMFBh3J9milstNV uF4CUTYfBavKRtt_uFsFKLhrKi99oAQrRNVMkYOpmS63e5HoMBSSY2LGtDdiAlAKBSQv8VErIFTKhzR1ziSUZSpQSyYcKwHJRbk8Wlvo-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/xsmc4JlSRBu0_tCYSDkRZ4XkqkMB47uMYEkZ2OCHRttZa3525MmTubPXShiFG7W4uy8I 3xd6CGO_89Fn6foVNWJv rBz80 2uLee_5kOhYizvLqpgN JCnskn_hewl4YS0xeoSRH OYYRLseplPNjfJeXsBgfbEflbFNpY31FWu4cmgH_YXmK01PJUQME8vmo7D7zkc-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/DfPecNyiVhck0jwfIATUP_lvo5kmyVfKM5RV R163hablxgZo1ie6NQXoIUxIoKvIrX60aZ1wsGvMVF2WL O4uoTf0 i_lsU0MIlezP5F623ImXMUCCWg7qT_7MrPJvoURR4iqm7RjC_wrmLhScHFqJxvT5uNnxjs2kHPdQr1BVE1JXImJ8L7FHt8Z 2oXzzS_cSvc4p-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/odsc3kSpdPkrw8bvluCp2xPfXOp Ecfi swmzrPM9T24Pqs05J5lG_VV1XezS7A8ZEEVQD900lIHgofer0V4Zm4bbigE9EjPiV6JF1SMWCl 64T2J9bSsr3OUlvw070eVc1tNJHKTd3hiNeUDWh83qBuEHr2b6u5ifz0UGcwJZFkphN1x9w=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/whNvn3sqGLYLEDyL6Ox5wejtsqZywzJPIuwAlLqPI6hJwLO_GHJJyHDYhPv5uOTd11g0CvhsQBBXW HzhOZVGR3qQekUNYQEs15TFQCqTtaiV_AhR3e EYl4Mf88ykz8nJe7K0DcnOosOcvXGB9__Tyk65NPAya0FEb4IDVBu1YDgw48GbQ4 UkPvmi ELMQmcZ49Pkr-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/ZtEl3Eddz9mbXIVyLM4VGND_U8B7lRrDLJOVcjSso pjATIHm 7Hizdbep5aotLX_tlxkUSkA9X6O9paIaSQujKAf9ybYMhCQbabaj2jisnFmql3oqwREL3GncvrIsSKQyeY9NzmwJbpSe4TB2lxllu9rJbsmchSZt_67gwfrbwBx5LoiCE=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/dDh7 nJIZrGijjEwZO2FeFo8MKa18KQ3aoJoVsDgwj1eIKaXn17ob6rGEMbLVrWR9uSsBAU96DmsnfzXDYcQA1LMj3uJhzOXFzfhVBd0K7XQmqEAxJXYdh YeZmOD EXX2iXN_WWv1P0BfwO9TFKEQVsfORgTDw6rl_dJPZnYH4irHtrEsa3n6AfFKaYLgXVI TgglnT-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/kLyZMSzB_Gz5tN309a QFA9w8VbxiFz3iT 4CzzVJExU6o 8 hEEvm UYMmzelt16NhroKMLyDprKNK8scDtTWPyna4ON4oRG1PhBSm8aAA5oz efIDJIszunzGEVAirhn7rt6rpyx2wt6yXGlPX5VaeqRJiWbYo_J9f9PoRMaLIGGHYXc0=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/Esfu6b_KNCOUon8h 1YxvRiEjhXqty5JErIIuz1O90BAld4A_nbnUe60_JF6MFoPrV394cW4yXqiacg06hnVzSEVYCz 7cL 2lQin4gIXuXNHEzidMrZwwnbvv9i0PIXhdW4wkUTlDedkKMj9jV8i47biNpsY07 U00Rhev_O oXSH6tosY=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/gcVDKmo3AW3NHs0J4wNF4PbgKJHw yeSupspEAGGuHUIM3o62OVEHb5raPIOeRbT5qGDK87euZ3liIi4DVF_AK_umtNxLrpdIUI9rkMokgvwGsVQ0ftSaAL NPWF7eoYDkBmms_VylE Ns_75B_vo0LQp7vqFxlHaXr7VZmj6jAAkBz458k=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/56rJi3NK796dqBTXlY cvrB4GaRoFpZiU7LhBMbvdAiKiuVB_wK4Ehmks8MRqudzLyPq1YSIrEyFEpMXWl3KmOQHZklpt8DNdgwEoGBRw9MiVJ7oUdGKW mwsjaNC2lOXTwSQ9U9SlgkrH5oBGBHuUVUOs0RV9WxUQX4ASAaRlwPw0C2PRk=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/M6YZpMKajar3aMdxbTiSyrz16shXskkwrGo_8kbeYMmsw26z9ZkMntWCL4Pt_hVpOQwjnwLp2yUACDBBnPCM0CnIuJMk43MAJbl1T94_3u9Q4zSrhZeeIcc3tcrmLcdPZedGtb5aMyYRFW_o_cYcbmptNH1K0bdoOZq VPvQBuzaAWe7cII=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/IRdBJn6CyRISyhEdIdlfBEWzvqBbNZfUYWj 6 tqn4nMtSaSFGdHCgUShrtcS8nnr OG0ptJHimV3C0tZoO vNVxhjKEYDEu64Ile1RZQBEF3Yw7zjGfX5YEoSrcYF02t_oWPM7u1tL eTlpehPdrfHSBdNCOq JLAhlt3fX w7Ok98zTv8HT7EY2byXtXxAdaKJWtre-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/IGNDATSN8t_J22DR3xA91eHf3uogKEp3duDuGews2FUL0fzOnvNCl6pheh_9pVSMInY1__8FapqsE49AvjQf6ZnV9odYOETUfQZtu5KfqnXuGkgQVe02MLTwKqintxsHvDr3F7Al7XIbu3Q1IS6rRdgXaE_kFyc6yeSwQUmhrHgMcc0Ys3J8nKSQ10KJdVpnFHSMMRyn-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/ROd9Hy AgTRFLCd VjfeVurGsKX398m5Now4lpUNIMslmW ZE1Plqx87yqnih7QT_Zf2A2yvgs5UD1 YB_Ski76_zAUD9ktx8v7AD3k6z4JvqVwWP6XuSjeFZ0IDWbxq 1bTQQALzb _u8tS585m6W1TyLGb7dXxSpecyEvvbcX LEk4fMDds5_eAV69TEHCgrkt4mUP-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/HU_FMluCtWWXQ3Y2ZHlTArEnj4OKE8IHEWL6FHnfvglg FBl6ZJ3mln39YQBCYPrG4uWTontnAovOjdxSFJlBYUK60JnzoiGBllBFba4XFB3cWl2dnBQ OzYpOK8XmrTQQ15csUiOYFt1B8 zqBPgaXxhRosgwXHTiOW0IUrniTqNaUawcRQ6IDeXcr9AAAU8gkj9IEM-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

Remove vdownloader_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.