» vdownloader_setup.exe
Overview
Analysis
File Details
Downloads (49)

vdownloader_setup.exe

Nif

Criteria Quality (Alpha Criteria Ltd.)

The application vdownloader_setup.exe, “Nif Setup ” by Criteria Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.capitalsharetours.com and multiple other hosts.

File name:

Publisher:

Criteria Quality (Alpha Criteria Ltd.) (signed and verified)

Product:

Nif

Description:

Nif Setup

MD5:

157ea18e05acf971cfc430b275e1b3e0

SHA-1:

b72811e2f6a0d80c689b274b1904b5a126e552ac

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/24/2024 1:54:22 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC.Installer (M)

16.7.5.17

File size:

1.3 MB (1,347,264 bytes)

Product version:

3.2.8

Fast Stub

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\Documents and Settings\{user}\My documents\downloads\vdownloader_setup.exe

Digital Signature

Signed by:

Criteria Quality (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

12/31/2015 6:14:57 PM

Valid to:

8/3/2016 9:13:33 PM

Subject:

CN=Criteria Quality (Alpha Criteria Ltd.), O=Criteria Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11216B914C61A8F4896BFAF26489B9954D2A

File PE Metadata

Compilation timestamp:

6/20/1992 5:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:A/vHNfK0cQlN69mHOYef9OPbNG9FzFjc0o4vt9mIygRs7:A3owA9mFPbNG9FzFjVo4vt9m2

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Entropy:

7.3520

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file vdownloader_setup.exe has been seen being distributed by the following 49 URLs.

http://www.capitalsharetours.com/NPk49DSUbICQdqDS4sI3Y4id4Zs4N_wvfMAKJEon7giOLx3cy1j7kbnmjiKFQQXnQ0atZKNrWbII_AXz9LOI8u2xkXxD4KLGmhjGUMBxpkbXzdeDfT1qkJQLwjsCEzQkbjrI47TsDMtleKTwY58km_M67oN6jevJRKaMjC2QL 4jWepl_PVQCznStjIznO95IVQKv46H-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/XxM5kdtNrHXlIxxwvQj2Hb24Ow24jZGK7VRjQjNIBt3KDY3hk5rhZH79eXKuXEVz_d0uMkbAb_yPtLjeasj5u2vL7P6JOwz7nKBg_5Yf3ctWIam nV_0rQo2nz4zOFcmIfLUkjcoSopCzzgYPIug39R55nUhiSNSJ9Ys4UtXqLWVvW0EXvE=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/F74Xt1NceQLIj4CTQ90SLMlB0m2av95UuWbObvTR2cE4G1qVaYx_RjtogzhDjLTWE_FcHlkO7NK5ReYjW_gRN47Qr4EuHke3EarGhIYUNsS2gJ8JMw1x2MP_p82DWpDMyAsEUU039wqYAfkBMidg63Fbyhqmb4Us_jwsE6WVLlIHaVM7MsT8YO qK_s0RL8tZmun y7-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/ywrziYIqKSe3mnhlmjxAY2MVGHwJv066OZh7JEW_l5PLIroysUnA6nqO4BGEt3mNvjLnp7xCB vuFxEsddwtbG885w97zu5UrpaeYjcfo3ohkzcHShsr1r5swDsThDjQIP wHhS27iwRv9ipfhY1A4FOUtOQbPcrfjiE3NZtfgt8KeVa _M=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/9lfze5Mdrwl p4omA9G4OK7DAgVRxrT0X9htrUGQISGvp53PNvmDh07MQW GorVVLsQHGCFs1hOKBr0gF7RIqdZro9 UQ25diZ0h5UVHuZs_AH5YIsCajq6PeV7u30F8pKXZGFbszOATNmKtbiz5cQ9CQnM1oJaj8MuZ XyOpMydkxyhcr62ekH2bQCaDJsersoNUCvO-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/franOjPfWFiJJ801l7_zkTZariyByZ9F6O4j_Vqm2kCWXZW3f2OxS_BbrnQizSBF_4HS3s11MmTEVDZpW Hp P14ZJh6H6sn6OmT70JFNedBwWP4eXJguf3HR_qo74QxdWREsvyUeSVYrNJWvNMEUan7DtEj40E1VhEDfk8P9b11CoheLNIsejVKPkW5q L7xmbROMKF-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/WxcAaiEbpVCUgXtvw2uPsKSlq8PiKWf8esART3NNHtWSuttNXzGR3WeLf47XINgnufsPDm3CR11KNEOfOTdCtw tsIqXRR7sOM8YOWA3ooHyXKim7WeYAoGKk9bmkn_IxEvMdjO xyp_YUMrCvYUu_XPER8g 6CX LIlwTxUZTnpaVc_iRFUBgzht8SyBNa7CaS9dDJJ-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/oi471sxHWBpb1dayL85unWsDL5Ocv8 ED97mv_oVDQfbZFHNHJiYh dqUNYL6Hr9tmF9RRV_iRYN3sRzn6BHWQiJGyCt5W8bFRPER Mx701AbiWUJ12O1AjZZ Va9is7jj 32_8 OPyk1APbkRiIKDgdZwH7AA5OnXi0izUHuwNKBchGrxg=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/1kn4C_bTAGfgl8U8vAnHD8s54pcQ5ABvQv6rzLwp9ZmM4ysBLEt1uyzY8Xty7Bd5h5MQhQMT Q56azbsjNHOE8wbwuFNzNVob6fASREesEGy3x0vN36gDxYh9iZ5veWKI09Aq9gF3bk85w8BBaOynestrPgC6V1sZFs4xcQA_ppfIuE07BM=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/tcrRq2JlwFAXr9q8kEPIfMCauxV5JwggGm0Cs1KcAgNTapDbPFpOOmRlcjEwRbrI8nArC3dhMtHxv2csG1NJD7DPT7fjpIUPJeEb5YdjXBhBjlQcO1sa6aYxJ7dUi6sPEdoXLo5dxCXELK4yZnzL6MFIp9o8a6lnDvFzCfsmfxHU9xhmvterUBUKO3tS6umg4b 5N6xRpZc08bCSoA6AJxFMXPScdg==-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/8nbkKrL9w8ikZOhdpcwynd_fxlq1_sUhdVjt9JRGR7j0rf8lrHTEeeJByag1aN9Mipuz aGpKA5PJoHnhr9s_gN_404gN58Ade61EyiCRHceJwCB08PGy740VBl4IQJW7gU4wDVpIorA9jxaq3Xpi4ETHQfSS2OppZes5OGAmlBnQVbp5T18OHj6HB0b zFI2TMoLtOA-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/j0SCzcrUGfJGiGA7wJ7nNOZCc1FuTXeudw3bcgs3W dVYy7mUnCUIRM85fam37G5EIe525i2d2N2MhHhVIQ1ssUxv6y6EI156ytUznfRk7VARVORxfJ28ZsYIKFCDUxMFAT1SXJBUz0MVA6E6_lkVDT6vdUbSqzTUKWY701eOZv6k5mMvQttpFRjGdkJZjZGOoOpkix8-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/SAA5QXh1B__b1kgvJp5pjn8NzcsNHvwrfZjEH0kdoGFBiMTNporrC_EqAa2_nMyV1z3lJuwnEUGlEHHnw4JpqWUzaqYSolVzg3WrweDly3Ndb N3pjLjoWTPQjHYPm9hWPdyQahq6lzsh_WWkEh7mVaOeFRMuGtiEavGI9 n9n87QnDLhKqfTxVPwzLM0oUgNJO5VhyV-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/DHrEBHGKmwAcjeNHdxzAIj2h5vMIdGG8PZjhTNObBW8SgTztUbaUQVSdjTRMdxAxOCr3DyhRJVYHwWSCDTgHU5eWjYslurp3nM0gS9A6fxsdc0Lw88aRfFXRklkU80FRPCtIS0MdkqyHdrT8ZLBrbseZF6M6akWSju8ebymMJr1rXwdnngn9RNbijVosU1OI1EgNAegJ-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/bzBIx2Z4uoeSQWA9Oy0u4DJk 0SjoKKLo4Z4iHO1N_j4OLPjp8BxZq7bbFDZxEv_veUK3 ORrddoQEmIQp40sMi 5qiWqwdfFzD2bgG605kdo6zRtCYepMp8Q509Q1fvp01queIXBCRIE36mBzI78dswc2RY5Pr9fJvvJo8Uz__QS3CKw0SJSWYs_PeL4Yk3wuDJx6cg-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/AjUWpycp3MEwL l03bTbYAB2BhKl96VOrX71eNbK3awTT3mT7AE0LrwROu1f8 4t_mvG6E4133cLneRplE_LnZfNGk3 OAqQZEuoHWD8ScVOkmJpITsmmzr2zoGsJkP8AoDR7AsLLlAtT5RXulQsQz0e1f_kI3s7Eyikur6OrFX7SThgP3M=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/OKYczmia3jOR0uUHCnAacYpD90NwEeNYfTHThIrqHoD86wXDAkOVXKM6mqkKtzNvPXFHlB fAQNu0w2PMmlaS4VYvxrCIISeKUgAnRcP6m1YWNS8aTKflygC5ZwSBenjCqsVGNV2l5rIeH1wXiB4JtZ Yg_znXZ9IPaBzFvR15uh8Mt8_tc=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/hR1c2ZJPlUiFDvsByeaLrNYOCzpwuQqXKlqUE1nbLPXjb0QMJlS0_hKqUtnpreHtDu7p3MAOJ26eQ1m 8iGufG2WxS9o9tpbqut7hDNhwia43nK4mniW5mtV iIsyvcdZmzP6uh5L0dfy ejSTbZVI fnHJ_9DrG2ys0fCdpbUPcCCnaGUScuinq68KMBsXGYYrJypb2-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/dwHolM71aqZG8kSDnXWENeqGsSvdY4s3APv4LFHxuwqqehXlUid_c_jlT40WoCN5Obo6QHue_wJBh zJpPgAOVjMP2WvGKgnrwsJMn07paQ1vocak5bBdLFaCnm8z5LItR9eRgiN0p2zeLqRkp4g4LS2vWjGNMVBxMcIS0tqo_RLvqX4RME=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/ rDUUoP3PovutUGRVRBLGlK7_eZ92z2QfP ksxTQHgh7SVLXW9p5aK8YOEr_LGU63HOLoguYHr4VN3mht6QGGwQD0q1ce39uxvPzjZZ2ynhszxlLXHOFeIEuvj0ptvekdV1eRpUBJiNv0JZTeQp_dM10dtvfs6V3bPiZ6szfhj68ZtxKko4=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/ztjVJNXP2vvhdhGzcs3eszfzpv2BdRqAdcKVXRuiymwo55wjkkZzPTGEIwy1Nyjv0FO4B4KO9hCS0r9jQsuUwv9jm2p35XLP9kyh29Iv48ZUH5XFVyah9ATsSzMmYOJrRTKOZIuBln9EwFYQw6vRjGexZJDJj9cr3iwen fVe8 FFQa7ZvHQye 10gu6cTy3_pvi1QxS-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/TBOcAv2EKF8mZeKLY29vs7eZYnKNtdx_PUtEpwLbKXIb1X9CAfol8oHepvgbdb3maPSVT6uTNSQVRN045cm4YEypnsRaU92afGkxSrzopTc eOFE9JaCHoZrDCjXc1bKMcRK vrj igdXsaulLzluBY3xtiqPgo7O7L6SEIHT9uO XKPul8o6wfMbqx6bSQ1ft13Xz m-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/a2lD8pBf0dOoZn5rmjvz4nIXkB0VuFVepOV9gnIfu1tIMpZusxC0PvP3M1VtLXbgImr8jKNwZu1f8i7gYtO0M2ngjR3jPdEKGwryYzbC3PFDhY7JJe5ZuseP531BCknIFCf wL1FtjwOOvKT5fBNxc7WZ1RiD3OKfmVRNT_GPeN1RXmHRco=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/N7lWgijZH7d0zr7NXa3qdtsk20Pg3NENbvqOsfu6ycz_1IdlIxEeJeAje1XRKAPZzvEWgvZTOVhXVT5 ylRzCN8YdyCTV WoaK8TEL4xAW923nEtx xwgaeR0wbMBEoGY2n za89bn_92CVU43ryuP7RvGQxtoMWLu xIzmRr6i4kUIdchtTzZfRDFRWC4lRP7hqo2Pk-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/H1bS4tAWD2CCRTJWeoAkaj9lhfLsEhjicq20A3q2dSKCpObleYiPlDWZD0t0FYD9Xi rC5eDCxevLAE3sub3gye8ygG1002bbi0NfTuE9oC4MxWI9LNWEKtqFQ_lcmAHary4Yi8IwR5XsmIcKhxu0ykifuHQKIgbiZxfZbLwMDDu94UaJ3GYEzaOS5wdSTSucT5KAzzP-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/8K4ThuNNX0Hfb89iYiXYIN1 5ZjrdfKUiIb3O2VLbJc UsOI0_tW2f9atnaZ E9gil8BGF5jiZrx5IYCgtiWlhR7jn2Iauchjz4rRP 3LU6MtjfHIUZX9eZXC2pBphs3T9dkWR avFW cGqVDoBTHjTtCvgNGphkkD VIv7Lw3CPGNkAzig=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/4YtEQu9tAp651TAOYcqKQ8S2QpsTcpELxcXM9vO PqgsO5W0HNispgUOImMuWJOLV9Tyl0FN w85Hi4COuvM9u_sohoriJtWvZU6bkfa3VKVh8sKDjfWpW3REzF8ycicR3iD0wf5quauA678fByS3ax1TOLP3TKu6SKoXPYcXzEACnxazWwiwvqIxOX2uIS84bAUBSO7-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/IpJKFkFVhTRV8x3NMgWnY5RCiK_ABFWbtF6QULemC_X3dhSa5YSGO_cbaUxOjLVilPKMUR1ouuvRLGPZmiK13BjBVhOOytT7STduR70CJP_R78ugJWQSCPYE5aqOQ_00vbQE8_Q_BN7ln_Ikew3UcVbbEhgfKnNxhBkaRkNYoaemNfAyWo8=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/wLd1AD QzWFiDtKnGa1IwkggW7XkznFTsRawn5LY7_7E04RzxfU JlgO1EzN4AQmN_XqUpYUyqqJ20uC4IwORFc9XTN0bgJ5tkWcPoe4pK sSv6hov9OeS0Z37nui05tphPyJHGBeWkHkooPlabe3OBs_TYxzTZCyJBkLSDTrzzjViEhYLsp6FdlDUlhb_GFIcABBWRm-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/fa8DfqDCXYpy56UirITzFTNN2dvlR15oRmwieJyK3FCOG8VKE P0hiooBftBRsM8Bllimp2e0y0Gd7w8WCDOAOXB_MIM1FckgwOj8eAOEWnirT2GxX_IrIvKjPoScBZT38G25hbfD8CWYjCG51DbciVAeAy9KGAGB66VWyETwZNPLwQ1hVPwFo9OWAf3OCYtKAFONU 8-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

Latest 30 of 49 download URLs

Remove vdownloader_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.