home

vdownloader_setup.exe

Tehitaceso

Criteria Quality (Alpha Criteria Ltd.)

The application vdownloader_setup.exe, “Tehitaceso Setup ” by Criteria Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.capitalsharetours.com and multiple other hosts.
Publisher:
Criteria Quality (Alpha Criteria Ltd.)  (signed and verified)

Product:
Tehitaceso

Description:
Tehitaceso Setup

Version:
5.7.4.7

MD5:
9f4909aff78b41c91470d2f8dae74520

SHA-1:
e43b71a846d5b20b23861fbf159c19bbd480f128

SHA-256:
6fb2c32e6c95bd7e4a9eb2042e69335aca636f04994ea5aca0dd524941833385

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/23/2024 10:59:21 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
16.7.30.17

File size:
1.2 MB (1,259,352 bytes)

Product version:
5.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\vdownloader_setup.exe

Digital Signature
Signed by:
Criteria Quality (Alpha Criteria Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
12/31/2015 2:14:57 PM

Valid to:
8/3/2016 5:13:33 PM

Subject:
CN=Criteria Quality (Alpha Criteria Ltd.), O=Criteria Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216B914C61A8F4896BFAF26489B9954D2A

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:kis0ifT8g8+d8sCnYYfYRwlwqD2RbNkwLcXFPnfKcf6Q75IZI6Wyo4URl7q3C8pD:ki478jWjSYYt8wwmphClWWel7u

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.2945

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file vdownloader_setup.exe has been seen being distributed by the following 36 URLs.

http://www.capitalsharetours.com/2ZoLtefawcOR1nF7wOqG4HEOL37x3JZxp9tOgQEsXNRa6kLyhdNwX9 z tTeYqqYUP0NOE2QiEYTj6IiJEQo8AV6AzA1Bfn0XRkfy6BzGVpHnQIACjHVnILGLYwfEGR5ozjykONeWenSOzKIfFLaF7aiFCPHjqpRuEWj9A6eSN8OYQ0zppPpqcn_S0 N9AcGLwdMgCT4-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/qYJiequTQDosgU6AQU647IDpwR51MEfVpn4LWwR3VjEpMlVb1p7U8q_e78sxjQTfJOU08azxWaLNphNNbBIwBRnNDW5Nn5KWNlsg8MH4xnfAU3yqyuzfONefyq1CY5nsXvGERKmI8V_fIN70ixRaJ_RQOCI5vSZnvn3I98UgDrIn1Ug8dqN_5NWU7AuxairLc7rk6Jiy-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/biBPpYiysez9Cy yFTiRvUb MyTo_zMr g1UinEdrmqdvOIYXtfJtZU978hIGSCpXfvUBgBjdBZtpvjoxvezrvq8uaQOhXxzq0qzgl9rpdbW5UuDq1ErW LO0ZdTDinjFJDaBtlyCubnV8MUekp6wIZRIMQSsDW9aBsPE2pakM7NvBzADZtJ7HR5u84Yn4MwK5MlNaUM-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/psT1hl7BE7GNm5uqTfUr3RcTC81V830x3ueEev0op3NBJ_mxgihuEHwONQR3ae8Gn_XRPaZwgR4qEavgGDG36qHuteYdPw0uJ5oWNmrOcz9g6GF5cZfpJJBO_wbi8lr7boz2RZVZhh 3teefuvoY55OFyXEh1PLIMdBrB8aZM8VWp nWDp2t06SZR3rrpzGIPS1R7GPr-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.vaultbytehead.com/c?x=Rmrvd0t V83nJSjRuQVUeRcDkuibERCfiU1MDENEi7s=&c=KjhOwha2m7Ab9qT/4YxiI1LkX1G8Cn/7u/sW3qvb4exoR0g2RJVoZEr7TfJ69NigCzvMX37L6BIQjbmq JhjI1hL3syXd3zYpm4zkjXUh2G7AHYp3igMRz0V9Lm4Buh8Mce9eYtT 6ftda3InhAx9Ayh13MbZmHW1sltuWG eI4=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.capitalsharetours.com/Cupg9ds2GmEBlfwFxdi_fn0cDyVf9uQ3tOsqkzxC2z_VfmRRm9CCNCRimKq6X1G1KlrrM3aiiAaZn3F9vIl81zCYSmsVa94C7nh7ntf3w3cN3gDfcdPLK3cT7Bo5ofmUhiB2Dr99_E LLuBiirEretdlF2CqzlDh79pT1kr59qXYB7BFMT7_WNMApnk8YBmyc2UKdFg8-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/oaheuH5AF14ExA1OBbNNHzQxan80dI7zObnLLbzJ03CPRv5dfmjro7Y2LoAgzSCuD7u4iZMuftfRL9NwlKrAR9amtumOstuf_TkzKe_aoMdhhExaUuwej916NjmCn_0t6S0wgpk72e6D66MSWf8 3qo5ArYixnqKT4O4m XzWZuR_MHfXxIIBh ybetrLnf11LpLFi-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/ybddGEeR9ChSslAHIYip7_E6M7huEyjab0A2FRuNikousFyaIBxdCx6OF1zjP4ZTlmcuQjPKBf6CMijtGFgbytK4y Kpnp0LMQx1aRTCvrnp0l1LseTx0NPKEysZT9Alu ZpHfGOnSoi1lPeiY_t41JFQvFtuefJ6yLdewz4FEIKLcC qenyvtBZPseBoyJqV_Onm2 r-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/MtI6vKQGrkF5NxXx_dy4VqE5gdazPOJYokG_qRpdJoCZwTl nESVE1JdkKTIUQd9RbfbFbH_EtkJY057nj_fyD_5x41iMm97eaDMg5XbqSvBPXB_bSGeOCtpNptKWK3KGb8do5V86pLDUgaoG3gdQCl1BmJwF7cH3_sdlucAJ1yQ5vX2dMRgQ2B8J14Q1FhNWui6BDqY-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/9s6xiJCGLaY6YQbovIIimdpXGeAd4UZE HSd1lZRNT1ZRrB9Fk6WRxn5bt1tzzAYTB_T6jzmqkSEpu9oTB5bjQMZIgeMHOe6yGMBqv24jg4P5ooWYBwfx7yquUMii78UUIA8oRsZGazptPPG4p3FeHcdC848v8hkzOdEhL0xIkWJcjOMNhm5KOAhzw3rJvrXx0houNVr-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/eXGcjBUw17oJKXXqCZI3d8rr7qc0iiHmV bbmCVa 5AESnxjXYXq2XpPDRoUScXOC5c39eGYw37Xk19NcQMiAgg3g_Irnt8R0nF1bhD4RbnEcaVjdYIJQobSi3Rh Pj9zz4JUuHA_iGVxSEBcVLTn3ZLxrYBaxLt4XE8IaRzhqZ97L1J7DZDZApBre6ECfTtu4W3NaiX-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/o6oDHgbHH7MIOHL uoPLmPJHm3hKPsIv8cMdwXjnnCKqE51ImSDyENLFftly1QSb 26LavghKIgmk3NOStySrmoBA_5oAYVaiXEuk73IXClZEv4uchh0bWRoxfpEDaf_nuCRWTKR5nBbAeUPG1Lcopzyh6xt39kubfqQhwD5SfmhdHzaGUU=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/MONAcatS2t Qn7fabtnXLVo96lRX9lMGa5iAIGOe9KtCZxNkbrtYVqT27cGNWG1bw3Vxcu5Fm6PnFo8LJpR 0fykMT_nZIOmrItQSjMib2w4vqJjhhhBsruQSsZReHCOi3xJ4YlJaqXro2mHbH2tUB1ad0qAiNWDYx8LuyjBCbPylNzx4cJpCKZGbbYYcdc GjwiOzGW-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/_WkW6WKMbbG_n17IGA4FuO96g97 vyZyC6 H kXenCRU4x8TklyyFz6DU2jXcMt2pAnWYn1jRblZPjEH4ni8TSdf9zMEp9fjEa8Zxo2ennfY Fn8IiDUnIA2XOMYMFRj6ltzuyEyj8qJFZdbtj dAhp04eg PtVyQa4xzvP0VXJeynKPsXRg4cMXe2t5avaMQWXEQ_U-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/9bUft2FW0LxddPjCf5W5Z9nAFi525QbUFEaZuva56FF0H JmZ5v7hsMN7xAPKvFBiD8saqHFKKN4h9x161uOyOydvp GRLdYRDukwgRA_zda9sMXdiNVexubAu2w 4rM6 iyNZR9prWPe99jppamjorPElEB5wjlfPuGMoT ERsNDDj_7C1l64BD1UAy_I4hlvmSyTEV-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/ypaifNGuCtDU4sP7L0xBKNTqUyqpk3cRZtKfjLZitCpdMDmeCK679jDEMIzDxWmwewO58LZcGrnhiaoRNQiAzLXMDs5BdygBgTEr8hoH43qD2lzRulfHmT51JU0Y _d3GXadPVWHG0XyF3_kRUN5su7km_e5Qk_hoJgx_8MiKG0gHLr2Ce1n9CVC8SXufHt_4_ HKk62-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/MlKZuVCUTsOqrPA7ujqfPfyfDu5denpx6VqxJAoWPZKI6D2lrmpbutXUl3xBZ2TsfXSUOzzSt iGVYm23_TTTEHdmFy8ZK_YDjpyu29JfybTFb8wQsTii4fhYJcO8f7O2EhN6kWesWj3jj9F52xbXMeGO0 QUeM3q7jGrZX7_dprw3WP87c=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/i VSlWx78i7YP_asAwqneOQSxnRWlvLUr77k9WZdLbzxmiyuJE5O3GCK9ztg3dK7zQ5ZV3KoEtfs04AgnbTy1vwjgloJgbhCJPTgAl JGCdYFr5iG9lvLusmP lZn pv u_WdY7l2W7yIjIujJ7VF5sZ0ul2lOm7l KVE0rWXgiR8nDdNtu9hBCe9zR7d9F686iu2YAM-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/eaBfbbn28sJ_hM2VnAlZACHxA1VKEA1Wgb Zw57c7mfOIiGzzQRJKcX4eBbGnbIXazgehQ0Jtxybo7SSJhUp1l WfkhGM60M3GCKdRJMnZdKcgE2f60nymhZTnzIjEfvaP89oNB7eZm4zLeV5XsTXgTb7FvbzkW4YEq9dGizx8sqqfX Unk=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/pCQ1yFpa_lQLSQccgfUOBTNgK_IwvfZygDCqioJuNUhOjrrXSZxswtPMcjcws_q20WZcjq4YDvfLV3e_5LlxY2nHTWZhBvbia0afyF5JojWWqoa URlyKy8aJ7D8qhrOqXUvZ9AfcmobVbDxE_qz2VwIjJVq9HFbTuUSqGquCP7 OMUZjyQ=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/jMXRcarcPDTx6KWZ3663FDUqLg_kx0M35pmn31hqg2TjLYL2moZsiHKWUDmu91E27Lg6Ysdr1i9eyj2F89GC9oqg_rn5kmODO0oqIiqJlzXove6JxxN9HGqF4NpjQsekErOLHNLvHXLLDs588Go MRlTKKfGz0uQ0HuSoEdlz4brPRYeefXPlwL31 XsiBHisFFac6Im-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/xNXv1jmLcy2bWTpEhyKN2Dj7u4l4zvMHuNWmvM9Iu0bUy2pgfmod9iWcAvoDin9pRa6kae7NfaYMBfDffS0v7Sz7zchcblfGknlzjDDNAAOfMu VeyhWmhk8yz3nragHjE21y43wq94qnMNt1KGryJy9AJwh9nrbBizmtLjAcfkeMsizW3aEt7i kQMvkqEdJeaBnmZO-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/EURC0pJ2l93I7CXLwgaXk3e5AvOXpNw 2e_mgDw1DpZhTELBVA2iew9MFG5ecTzBSg1ULdRpjwLLNvPSHq iAGArVVAnroR345KTozmVNHz6Pzcf51rbPtywWzwjx14M7OhLzQ75LuGszZfOJZx0LeijqsgeY9sRhvK3HmBHqYhNSBzzpicbKZ W JuKYQkjE1869ZoW-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/ZtEl3Eddz9mbXIVyLM4VGND_U8B7lRrDLJOVcjSso pjATIHm 7Hizdbep5aotLX_tlxkUSkA9X6O9paIaSQujKAf9ybYMhCQbabaj2jisnFmql3oqwREL3GncvrIsSKQyeY9NzmwJbpSe4TB2lxllu9rJbsmchSZt_67gwfrbwBx5LoiCE=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/hNuRQWCRQj8dtxbwFli MsX1BOreSmkXOk9yF1L0r0bg17PeiQBI93rb2kyNKG80h12cIKd dK0TgeH7Du01Xo9NVpsuv1lZaS5eZQrPZ7bPmgN FBt9qOHDwGWMRVzkP92T jMjIuE1AVU_3daFJvOJMdWudb4pON gZiKZBWGWTYB8R2M=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/oF1_DOPphR_Jozs_ 6vwi3fJLCl14d nWtdoT1A4tN6jod2xT5xU3ZhLGr vqM0gUk8J6gq2oNrz_BrZUKRzMZLclPcjURrIyZjMJZywH6BTblHphQk fEiJjQ6RmNXlU8NPMAQEjZuU_mTdxpArkzrCec2BYiJdYKm06xFOBDboR2pDsPo=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/KfRuxNujRf6L_OMFHfyfgKK22GrGEtLkEIb9YZ0gyU0Co PdmPMyMxLSXTxkqbtE9Jd4Z_SQRn5E4rniHlVTIW 56fDxOwgHvow8kIc nUJLsHCAxHq5kAj_eknrec3_gcRxs8HVy4YJ44XzJUG3YxINc3Bkpc9Kk9fIKKrSiPoOYZM_bY TNvVi6EFqBfJqHUpyqNwk-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/GptanigWNmoJBnBFgaEsMyuMuywM84vTrD4B_oAYOwxwlxWB9foZ4L06OaTmP42c l2EiCqO1avD2grQ4sbBP4Kxjs2pgUyYLdX0Bq8fD 4H6XSHhT_jUf8NoaiA6NbYTM_n06gBNXcnpt4rcsragZNKIsaIe9o0CgCIZj TDSkETkRnWBo=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

http://www.capitalsharetours.com/aOV8Z6rq1iWgVHxu1cbmWR4G7YbidbG38llN1QJFyo6iy4_ki727gVZkhA_8HAwH3wOI4B9JOI4E7_T1rcl9QPpC_8 bh0GWJBBRryzmETMOOKskWsm_QnJZg12Dm4ivZEsZpkoHvRRJubw4tyEeEjuu_TtW wbEI24ItNxcjQaNcLMdiGrWUqQ9SB91KNpqMyIaRaQb-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H

http://www.capitalsharetours.com/M6YZpMKajar3aMdxbTiSyrz16shXskkwrGo_8kbeYMmsw26z9ZkMntWCL4Pt_hVpOQwjnwLp2yUACDBBnPCM0CnIuJMk43MAJbl1T94_3u9Q4zSrhZeeIcc3tcrmLcdPZedGtb5aMyYRFW_o_cYcbmptNH1K0bdoOZq VPvQBuzaAWe7cII=-Gy0AAATqZLEpSWg2od1Us2dgAw6cAgoCW AesA3EjVfoZDJFpfOBto0H-e

Latest 30 of 36 download URLs

Remove vdownloader_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.