home

vdownloader_setup.exe

Dotora

Setup Alpha ((New Media Holdings Ltd)

The application vdownloader_setup.exe, “Dotora Setup ” by Setup Alpha ((New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from www.vaultbytehead.com and multiple other hosts.
Publisher:
Setup Alpha ((New Media Holdings Ltd)  (signed and verified)

Product:
Dotora

Description:
Dotora Setup

Version:
3.5.4.8

MD5:
13cb1ef2b30e3a29d1bd7845e4dcab8b

SHA-1:
fba4a4c098435d3b7e0db70051d7d1bf0ce6e288

SHA-256:
36a5a3935df945530023487c1810cbcc4307aae6967ee1ef7eb440844056fa4c

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
1/13/2025 8:21:27 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewMedia.NMH.Bundler (M)
16.5.8.10

File size:
1.3 MB (1,365,832 bytes)

Product version:
3.1

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\vdownloader_setup.exe

Digital Signature
Signed by:
Setup Alpha ((New Media Holdings Ltd)

Authority:
GlobalSign nv-sa

Valid from:
12/17/2015 11:41:44 AM

Valid to:
5/25/2016 8:42:13 AM

Subject:
CN=Setup Alpha ((New Media Holdings Ltd), O=Setup Alpha ((New Media Holdings Ltd), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216F55CB04783E0F0E5AC4C45115E1BCCC

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:WRMxD0xjYs64B9fuhlUZbhEM0/3UitYb7Y7/68NUA5W1Hn1:WWKlY8B2lUZbz0Mc5/JNUAI1

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file vdownloader_setup.exe has been seen being distributed by the following 50 URLs.

http://www.vaultbytehead.com/c?x=ZrBoC98RyUepSMn7uMvDsF95luZbeUmov0ISFdWD7D0=&c=/SJ 1pF3x4UPTjggUJ4SXGJG8O/W0EkY9NL8b5 i9W/gLIRS/cVLs9 jpyP7vGfRx/IUNRfF94tZ9elpJ /g4CCGj8fhFZoyCPq/H4Jhv2fevjY7/h3R6q qQ7kbF 7ZhzstedkINO f3CHayeq 3kBN3PYhharfnkTj3pTxqbo=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=T3GJHIIGSNEc8ellacw Tlve8 HFkl8YkSg85kVyqNc=&c=CqvDMurQ9HdYewA3Ztpc0S4pQMzdoY vDEYB F9PenF2V5BDpQJboq9Y0Oo/3InmeYYlJzGt XHdMk5QPCC77Wbf/d6my8Zm/5dqlEwAN /kyZ/xC3mQMFORfQVTak/jbbQWfYeck2wEkatFukL/iss27ZysI1u7C31tWaMn7u4=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=r4oIqHeKdLMAZqeTQOkG6Lud/KVbyirz9S /WKy7thI=&c=XaDt7T9Wv24r6L059H3hsEXh15aQ68lb DGZ9dt0ZujVghboffcQVc/kTRshseZyvPhSQD3XLxnkM G551eOw/rruRIww5R8/y/FZYEk4rJJ91 miSGCQoxrEg809bjzr1Ju0RZSQfQecebbIckmMcuaihSn3uoL8tMdahYVyo8=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=w/y0nkMl6eTsUtBktmA 02dgzbNSqHltMg3HUkb/PAc=&c=5e3q8Jztyocvb2SK0uxpO9ZX HBauR5xsGyOIl8nnPU6U2cQEXNC3y9gCGFbGKxFe8QmYw37hiPPETq36Fd6rkD9ns3UcXJlhfgGkXiyNhFh18shwe5l9zGFaoXAtuumsVJwx5tabzIOp3uyQ3wJ1g==&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/WVl6OTRQWFp6Y0ZWSVJTVXlSbVo1UVU1QmRFUnJNakUwTjBKVVIyUjNXVmxESlRKQ1VFWkVNbVpwTWxkdmNUTlJTamRSSlRORUptTTlabUZ0WmpKalVVa3lRVTFMVWxkbFdYaG5RMUJGU25Oa1JtNWlVelkwY0dsWFpXOXRjMDl4Umt4b1JWVnpjRXhMTjNGT1NXSTRKVEpHWjA1SE9XRkpZa2xuZVV0c1UzSkJNblZGYUZFMEpUSkdKVEpDVUdORmJGWTRiR1ZwUTJGcWREQXdTRWxPWlRabk5Xd2xNa1pZVmxVMllrOTJhbTF0Y0ZaeWVIYzNRU1V5Um5KVFVHcFlWSEpvV0UxTFJ6ZEdVa3d6VmxKeFlreEpZakZXTWxwdFFTVXpSQ1V6UkNabFBUQW1aRzkzYm14dllXUkJjejFXUkc5M2JteHZZV1JsY2w5VFpYUjFjQzVsZUdVbVptRnNiR0poWTJ0ZmRYSnNQV2gwZEhBbE0wRWxNa1lsTWtablpYUjJaRzkzYm14dllXUmxjaTVqYjIwbE1rWWxNMFp3SlRORWNHeDFjdz09

http://www.vaultbytehead.com/c?x=cUXFWjLQAT6727P3TcqEggRGl7wQDKXfa3FAMfKnKAQ=&c=/fU8OFIE9Ds1pTCJe6MBgO5rVTlcEKoGGtPTByOUTQMooZrhK7OXVYdNuC2OamY A/RyId5 XWWyZezOZxBA27jP /3ihRD9pTP9p3NganAAAiPwfgTwgtzcI h/CVivOW456rZr/zuplNnAMyfKaA==&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=musrsEheZxUBdLE4Vh4hp52CLxCzoYPorXR1V40nu0w=&c=uo6FxBPXXNpkO/ROkbM4ypk2vhWu0Hs1myZgAT9F0cEyT1l2pc4c9LKBWgNhzt5PYM3NfYRVYVb2J2VICO3AwKKbYsM k6rmSUZ2F7hY2F1oTzrkea6WMV/54GkSvyfKA1ez/GgLyz0Ze3VRcenm3QCnnEa5QeM6unMvrRHfRmM=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=MMO55IaCxbfAWtrsHcUxcYaAVS4zZzk 5BHUK QNSQ=&c=QO9TYxJHCZY UfTHppnaU6tFuipi6lIyjIoG3VkRPCWMjHOIkxN2qZsB8MW3XDGjNuJwcrIMfi63GhlemFC2RBwA hwjnqlijtLOBT7Vi3fqnQyYT1pccf5fr5emh6VwCI/U10jN3LyBwlkFGNeA==&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=CXvCTUrCV9w/JhqEepoBhsrNpkOLXcm9HG9CUYaaJUY=&c=yCEUNZxaoMnVIeEyUqswsAYama4qK9iDQ8Hn7l3c1XJx0f 2qyKM52CEqqk7hNiBjfu6j6F1MbjoZv0yyTo4 OI59yWdle6e72NQ9h6 0b9/ADFmhxssecv xrSR2T50 XuUZpUeDiDqPA/evH71JHHV fYRvTBHTXey1ILD0eM=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=SEvQKz5SdoynPm9hTusoptpy6OxaODdLimsY0Cqx0WY=&c=wTTOCzxHcX5 t6M58RUbMPfzlBj9r/F4qMN0ly2UA5piG1QjCEjiwbxxLgiUnn/FUB0c2GJcsa69n8CLMxB1Efr/GQuLswvBEbH91s62fai8azM8FerZYEMBRfyBTc8dU/itCT39d0Vytq7oHyhrF6v3J0p6KrBRrqFIFp20GGA=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=vJ0FBJ1NnOvFxCyNlsRr9oysyKoUnIJNXtQ/21hzuYQ=&c=K XIINOb828MbFs8hA0 2OjqvUSRnYTsE3yVyBgn4gKwD0QTF8oD8D8Gp0gd/2ARegpN/ XTU6RA0jbxLP8/DBmc8pjMoAiyy53r3jYRLq nxrGQTqNlRTr 2l4eA8a0AWJ0XXyFdNXi/KktaSfYA/Z9B4qYMHxueC1cMZjgcgc=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=ZMGh7B9LczzMDEMEdBrmYE2yDGZ/mMIFT5dp7WJFgdk=&c=4DklVEI789Y3J5FvtW45Tz5u3Et00JPcnHkeAvHgJ8g85ZrlQfyy5lmJKE4M5JY5ZF9oNxB2Ti9FQd9j507kLXjXvDPRfY81zDyvzXx82E0chZbRxU4masrLSSwTxM2kAlRN7pIjKTzRAtukKTPcBblVrIgehlpi49ikOUTBuPs=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=bUpTd jhV1wXa/wQATKLZpTiiMiYEDjN85Ba9 TkfZ0=&c=zHrn2723TfctKNDS1XGxPKYkvtvrFUxhRNeKKdpw nQtUqdWdtk5ZZopLZaN383woV u6Szomnqeu2g7lPPLU4bK3COLA1tR8YbeoEjiIgqJQqwGrXa W3r BiN6PQ2Qo79aR c/v3YtGL0p5Wra2g==&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=b3UBad0SeF83zTbEFevr7o1Iy7xk7lqZ6LrM/SwvNFs=&c=91SwQtM4w9NLq6 mBtRjJjCkm4Fowc4gCC2z2O7CQoa8USpV2cx9Ios 1zgEke1JAJAajwAfX8uKhimkLgGGmQoA25H5N2 qPgpiPBq7X0nc8SrQlUby5bgC8uWNrzE/0eSpbr5f/TBhPJgdK7aU6w==&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=P5ke59lZxrMDEjr wvh 2o7v4/ZcLr6jBXY9o0zSGms=&c=ZeQYkOc8w9LfiGybnTwrTf8GY1fXyE13r3bC q/jTa3XbdTKyeSZbWbCwsvMvGxq/8LTjDX 1ZDI8pBfCKuRzeDkcRP 1J02v3M9c7mVbUPAfe9Kfodq3DBMLba0foJYunwQ9388ON74sIt38ohJmNqbYL2RQeMArduplRtyKMc=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=4jIen/VQ0OKh28LIWHhCq2btRVab4zdAdgvDWhuLdf8=&c=qluc8QNL1DkKN1/qiLFf2PFl8qSlAR17Hl5DBozwiCw7VGqwOAfZLZelN2VElLubh9nX1oQezhX8cW0n1q r0r ARRIl L3urBr0qytk75b6hVmsp7cCWBS7JHmzo45LkB1okPJqPDVuzpmtuG6HEw==&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=r2jSeoO6Q6cNGVS7izs6jll/4 DwCMqT6tMjRuPfOCs=&c=mB04xBtLs HkABQ9SkgQYOtsMt3NtS/A29QKaHjgdcwDf756p0Re94hlUTezO7919VZUATQVo3X2MhoP1VCrIqoyqi4kYx 1VygbId5S0c60kYy2Yb1KalSHHfgnadUMpTQ15cR/vebJ dkOoLFcTg==&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=0W7gcii0jgR2PqepLJEaxWwanFyTEsYUAUvWzn8yW90=&c=NZ3F3fWEeu/mYh Cr2ezeSebvZKX9jGL0geLxseiZM8l765fL/wosC7Cfa0IXkTcTSt1BSIp4Q2GCNf8I/4hTDH6bWeTYIVCx2lRsaUw/VYmI93n Cyb9 lkAbWHS 0kgMz VI LLJGQbbZ3PAsv BrxPJ D3/Nnm/c s2uiM5s=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=TDfKLIORHc8FKZitMVcL00sVas80CR0k LjyVFrjIAI=&c=5Ed1atqTPidaOiARW019FASe1Hp98ciOZn28moSb2vkQZIlOmjPukc6GdmbI4kOx3DoEZr9zLNbEBSy3tQFhdqhv8am5ntWdHqFf7kcBDrrCJN7/woikyEexKdZYv9G3LcPUC6ONCVlsiNOSj9YOaQpdtD18jgwTYPPN8CEosuM=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=61RQCvMGYakRu/XGe0qIrE1fUv5ovEOggoyYeT/zQkg=&c=79VNIf8SnI5NKmpPujV5NyGFMU6BARr2YlQsEWuHDlJ852QxF9yKf7shhI714YD5tSZSaqbCyQGlIUvUknUc9v9NWUsCeRWi4/g3HeC4sXFZONxwEWv sHIPYto bfnj9FYExX8Di0jjfpki4Mt9NCLHy3ZlsjPBX04IqYKXVrY=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=JjKAam1iGQGsOpkrrFhele4PIpM05C/m6rGBcH7eXi4=&c=t8KFAZMaOZLRWdj9aGBv6s0UE15ggmcH1rUgJyyP4OjxfOEv/9LcLPLbu2TKp H0tXedANqYhYu2Fk4SHB3n8 pqFBj8FUD96cHRz0u24Acc2v4UVJQcxEBPdu6bnNU2By6C0d/ef77hKJLiyCXnCOcBsjzhiiV9P OxSeJaeug=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=47wwjFZAA6ya2rFcoNnPhdWXej05tPGrgi/TOmKspIc=&c=NvLbNs2uw kmIwKDIvUAC4sxNfKlpivTQjWYKnkU8FSS/KLck3a1pXv rYrhJkhQrJY2Vg9SUBR3yZRRx/ADYa7Ye0zgwj5pekGfNTWVO9Q8qg/4855HeNenI4zg0YpMWDckdryIrg/V8D3741GhNuykScz2xZleV7NDXIQFfRQ=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=HY6p7oOsJA7xFirLAaPgwL3OQuNfJy6S1ENSO28WkH0=&c=ddtDdlqt4S9KxV5q85rLAXgEvn52L6EItDELdPBYcdK0zJP mW9xmWl4LFDaBjdAxu2F4xI3qIEJDSyXqTR 9pEB79M57Z9IthZVvi1itiKG5n5rVIgFol/qxHcaYxLfnErwpD7U5W5g1fX97UO9SBgZ3EIg4E Fl3nY0IHm9Os=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=iuzTYeDgGlHLn4nvPPqLouDa05yxFTIJgiTpKTPXssU=&c=tPyUsc XiJICeHlzt5mGCeV2sldVf6Lzadg0qKIjZrQJdeNzkRjroKNOg6vEI8wh zugbDsjqCfAbJ89ORNK3H8PAaUSzpltLMh3IPZ5IjJpGif1EEGcTLx2B0YaX5pBrhFEr/INWP76PqVbR81cENxflWFAXbYt lGszYPiK48=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=CpLX199waVB0Iv lM6Op0jmOgK5rIKn 12ZilodG6Z4=&c=w2U2e1mFF2JWDt fCFg0gX2L/TJjkE3CVDPRxDthFPW96FZWPeSfCf206/GYsclTvXFBG2kYO84f2pzdBrTkaTTLMurxv6JvnbUC5yBHwTeM/SBYYvKHq5KP/FW EudqFJLWmZwpPxRSNn9PFyc57juugsBT7wDmgVDyV23YarI=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=X3NsIR8swYqF8LXi WHlOp3Yfc4EA8 99RVYPDXE6c=&c=4FR9wLeBmCOl4/BaSOROWggNbOWFmqdV7jD6mrjhnkv7ZCGWH1IsfTDftytC ljPmI6Ixq2yIv0CdUVgc4jaH6vkSErKlIIzJfmc3XzUFt4jeyb9lnCDqaGEK1XEMf1D0oj5uYgoaPLEYthK7aqDOaRoxIGbPvG/GtIYb50j9wE=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=VJRkPZXd/ItWwEkoVs8n34onqVTELUodYoOydHb3W7Q=&c=OgJtgX830pgmLJawQp5HImDH63uotFQN wPWFhGu TI2MjIy/BmxAdqx9f0/yos215PwpBbLZCT0 EPNu2SShpNiabI5gcrAsvvUWX 5qmWToP11J5FPsUA0NAmGrbFsU7YJEIALb1MpWFQa4e98R/QU9YGXXkPEG0MgwclYyQk=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=5hDJBuzz94u4D3XP7L96kfUl5lJFo8AXZO7S9dsHOCo=&c=JJMSDWZ73WZDJXk298D1MsAFQIFkLmFhdSm/uV9XlZWq51lcTi9RaH/ri9gT/U4eOP6x6IUxnGDH1gpJL3RtIrC9zMqNkbUQluDbS6iLQngbnlKrXRZQa5R1NgAmdb26/ K8ZUdGwY08QynY8S8CqQ==&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=LHXHnnhAVYXQbV9GFsfPycohAC6PaK17rGgcfJQcUYk=&c=Z3cl6MF7CEa 900l58IjbtdQQl2ii nPtMZC8N irYywY3HFdhQHZt8T2Haw6MAhUSqlz0JYcj/SiTfNzKc6tr9m5Tx9QkJ rlb2XMr/MHdEoqeJXRijCAyspXCZNRWs0o5FijzuB0 ET9TTt7sGFCJeCD54P7kMhZItNFi1Bsk=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

http://www.vaultbytehead.com/c?x=qjrjpAlTC2MCYPbXQw Ic013U0FXtuGULI2fJuAgVq0=&c=be7nKcmyBKYiRcm0virAX67iuzeKgtu85 AdlB51gMtqFhMYBxqqL5pKnRXvBdQa49Vgw8m1fT/oI7r0uxMi7wbFKHLKLd5jnKJj4RNRpdnKBSFqi5oQwDI4xDrNvbLSJuHMmNZZRfnYTQFKlF1LioG0SG1Rp9OHEdTSzGPL3/c=&e=0&downloadAs=VDownloader_Setup.exe&fallback_url=http://.../?p=plus

Latest 30 of 109 download URLs

Remove vdownloader_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.