vdownloader_setup.exe

Hosesipimi

Criteria Quality (Alpha Criteria Ltd.)

The application vdownloader_setup.exe, “Hosesipimi Setup ” by Criteria Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.capitalsharetours.com and multiple other hosts.
Publisher:

Product:
Hosesipimi

Description:
Hosesipimi Setup

MD5:
44524f0058a14385a5ded7fb34651ce0

SHA-1:
bf497cc1b7bfbd1a222ffaa992d8b09d6aa3ad29

SHA-256:
c3ba115d91ad5d4242e828eea835a7894379253c0294609539dba020e29551e3

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/26/2024 1:21:05 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
16.7.19.9

File size:
1.2 MB (1,257,104 bytes)

Product version:
3.6.0

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\vdownloader_setup.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/31/2015 6:14:57 PM

Valid to:
8/3/2016 9:13:33 PM

Subject:
CN=Criteria Quality (Alpha Criteria Ltd.), O=Criteria Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216B914C61A8F4896BFAF26489B9954D2A

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:ueibQhzq0l/VRul2cp4PJTqW66iJsWaq6pLisIt:ufE4knuw8W66i2Waq6Fisq

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.2915

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file vdownloader_setup.exe has been seen being distributed by the following 19 URLs.

http://www.capitalsharetours.com/tTNcS_vsAFJcLzgozDiWkwvp3zlo _VV5a05 wk8kUxjMO fZffDD8horuAnwsMpYSeyWJk20AGyBlMC0YbK8KIiCCPCOGAfFCEPVW0MkcIDzVrl_RGUqiB5D7H6CosAfKUqdodKHMLcu73Tdr_5w1w9dYhvsoBrl_fAG3S Lf 8s3XUvYe6QK8ohyVHWVrfJpDdIMiJ-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/6kqZlIXy9QbCds8NdJKgg19lb5d4QDuD6w_kF0u0m0JE0WlZ9FdwmIlz1pNHSo1kuLeEXAfto8t8b1ujjUq95049W46QX2lpwwMBKWBymhw 8aFVLndWIiWLH0Ak bUVzohg6KB2 JZ7V9tgVph4HRS2Q_WHGYo9gYfWuy7KRsQtp5QsGmfYE9QHF1WQZIxqelJbdx4C-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/EZ7sj1C2IECqYZQgsxdmG0TqnyfnVODAB ggy4UJ SWf4zyUkWccjt583T0A XNMAhsfJQ7hoSOY0wH2ugplsUCdrKri_vpDt5GR_t4hyy FSQ5nhaOQ54uxWops2FWK_gnyEBqH_JWL4hL1OMgEgfNOgva6TvMrkQAY3fZCHfBk6qNQwmFDOxhzGxseN0YmujTMd5XC-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/em3UPHXZW9R nB3rMZqo8g0kcYfFVdFjWDE0hxVvpPKilx9gTgDidtFEVtNP_LzYeRD LAWzAQoerUQjDSOkRK3zOzpvdoMIxoR104nKeuSYpVLAerMkV6kqt3AJGNp3KhI_uSHIdd CeowSgEjA2NJ9r7l9X1U_NQGp3P1_SeS D lQPI=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/u6JibWvPHyOwkUFJcjyfL9YowT6SYSjjImzKp3GnmbKlzsrNt07 I8SDOE1LsBFfxuADzNI3qeQ3aJxWIylsWXmgV 9jgeinY1Y4RunTRjNcmp_h2V6h4b5XHOzBYnSoj6rsHCiV4bW0P76ahmVdbflJmcN28bub2gxcZ5TV8mm_Nw76rZ8w6PvJrLFYH 1lX6t4lA3y-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/PiFW4RU8t_kIKu9K5LIduogdvO6PJ5RYUysGc0P4wuN0G xzqqgnU51E_4PSZ63HlnRq 1Y0ZEqZ5JWiqROJbARLVJH_0UqIw8et9NXv8Jr3qnW2vxhgbwV02BOR1AFxnEp0wzMl N44P s8Sd1U27KvhdfWEaMozseQveS4DEcbsP5aNy3WFJx0jnVVsAuj7GXK2s_u-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/MIbK7ALvEfvEx42ILpCSo9i9jdmMiaUbK4nnMQlypi xi435WHeB61atd2djP6Lma91cfBcBGHzu g0H4DxWC4eaD8HEDUXDX9NWapwcOUr7kcL h58eO8GxJrQtLJY2VYYCA6pkP83q E2Z6bTfrV5ij8pIC483rp4fuEZkeGyVATqqWzjdmf6F9ArwIifBIq0n28Hw-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/MZn6WCI2xsCVUtK OTSTsSjeV3fQcMDfvzDYJzpifsisOVIcMDG1PFoyC8xFcKADLnzc4wZNK3lUZ0JZH7z4XpJNEJB3RKk1IAve63Dm0d0h75S3h_BTXRT0yb5DZuJ1G5G43bXR3CxxR20XYhlUwgslwfTuhYWTvGPoGRLLcjB5a9ZpZAga8CcU9kQFmRMBvvl CmVz-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/3JQDn9AGJkZsIbJ3qYrYP6 TgmVtuXGbYLH16_MICcBSWgpP_ZmCg6E3CSb la9qqAfMXmgReGSQntYpUo67mxLnyERCNmIX2o xBpbdC4t0RGtUC9chpFw808vHAeDRcR7Nsguvd2En7tIMaGKlLc4z7dfDIK81Pa1TThvNWKl836QztW1Hq1t9Qm3rMQZX6nkHvxJP-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/F6s09uM DLJi55n3JyGV CC8VEoS3NWe006scnrut4NCPlDknGdaPIpaS7aUusrHW2BsAjmjl3U9_gf7fU_1Pb9EKh7NYS46I8TMEarOp9sHe7oGYTtUf_aiVRSigsi9EaT9YJxPOyj9XBjyGCEE gT_DY08NmdWe0zJ92 8w2OV92N9UJIjQAa0HxrILN7ursSN3mwV-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

Remove vdownloader_setup.exe - Powered by Reason Core Security