home

watchdogs_game_downloader.exe

Siho

Mode Quality (Alpha Criteria Ltd.)

The application watchdogs_game_downloader.exe, “Siho Setup ” by Mode Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.vaultsconceptsapps.com.
Publisher:
Mode Quality (Alpha Criteria Ltd.)  (signed and verified)

Product:
Siho

Description:
Siho Setup

MD5:
782120b438225b9d4172328f53abc9d0

SHA-1:
f6913209bdb484e71ad61dbdd9586158e153706c

SHA-256:
83bc2725ce0350752cf604f91d2735367be8e29fb1b262de82793949621de5e0

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/27/2024 6:15:28 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
16.12.3.8

File size:
936.5 KB (958,992 bytes)

Product version:
3.6

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\watchdogs_game_downloader.exe

Digital Signature
Signed by:
Mode Quality (Alpha Criteria Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
1/7/2016 5:37:46 AM

Valid to:
8/3/2016 10:20:26 AM

Subject:
CN=Mode Quality (Alpha Criteria Ltd.), O=Mode Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121F7B537910FF19F9FCEA90DA601703349

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:5Xi5/68mam5i9pqDwozteXc/NwaPugLnvTI6rn4weFZsNxs:5ypmamQ9p3oZeXc/zNvTdr4nFZszs

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9341

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file watchdogs_game_downloader.exe has been seen being distributed by the following URL.

http://www.vaultsconceptsapps.com/82WfUZIgo9IOXxH1N83VsdegoeGHKJazjLTYHHFKkHAHiQ0Y1iHBxULTRToOe1GBYfGlhlBAoJjco mx3QzzELOnNbT9g sl0M0gz6PZS3dD LvpvS56F4DlPTsckTZwoNykwZQaYO1bS3cVQMtuCn9auKWu8M_cxT5CStMtnpvmYb z82fvlV2EFiCXSrEXg6jdKQ EEcP653aYpAxczHntsSYo1kGg__A1flfxupjsWjoicEaJ4mpwNPe3Q5q6lgP48lhOZrJjGzMN5vLInfNRog5vxtkS4N_MOOqyuS1aKdHDrvYQ AVk_xeIx1BLa7bbn2PbUNVkJVbrXqs38NVK5VVBVQmICm6sx3hgRZw0kDEX2kWLbpwFvkFokVYPcWbgNR2H2_80qDS3h0a0VvggOJ9D6ZqabYhhU1fMx5X1uab_ic JftVOQuL9YpxO08I6QsGCt6S McW pGDzFcbqLcy_ELJlgTrSuO4wfRwGUVJ5__N0hq6tLv75jQ7ssWGgLySDuiQGbNI6g Bw7Aah2YWSkbcT_QYWR6z6D436qEyiZRz9XLN8INhaUpj0oZIv6H7aaDLjDGW3UPUJlwmQUbMgjPDbv BDQXwGmO5 0Qol1 U=-GyoAAMQuF5svWSAJxQko5rZ1IZLMopDGNg_Ejbt9TzoBxFoOet4HC6tFUQ8=

Remove watchdogs_game_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.