» VDownloader4OC.exe
Overview
Analysis
File Details
Downloads (2)

VDownloader4OC.exe

VDownloader

Somoto-inc Limited

The application VDownloader4OC.exe by Somoto-inc Limited has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup program which is used to install the application. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for third party applications, mostly adware toolbars, with legitimate softare. These offers are typically installed onto users' PCs by default, but may include an option to 'opt-out' during or after the installation process. The file has been seen being downloaded from s3.amazonaws.com and multiple other hosts.

File name:

VDownloader4OC.exe

Publisher:

Vitzo Limited (signed by Somoto-inc Limited)

Product:

VDownloader

Version:

1.00

MD5:

2e6bf7bf3c80108b50d853e3df3714ad

SHA-1:

ae8765df829bd0a885864723f5df99e715a0c92b

SHA-256:

e28613fd25c7d51762ad4c578986736c2097ade8f550652022f61eda7d9dc645

Scanner detections:

5 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 7:14:41 AM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.HfsAdware

1.3.0.7062

Dr.Web

Adware.Somoto.143

9.0.1.0236

Malwarebytes

PUP.Optional.Somoto.A

v2015.08.24.12

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Somoto.Somotoinc (M)

16.1.29.10

File size:

170.7 KB (174,808 bytes)

Product version:

1.00

Original file name:

VDownloader4OC.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\vdownloader4oc.exe

Digital Signature

Signed by:

Somoto-inc Limited

Authority:

Unizeto Technologies S.A.

Valid from:

1/28/2015 10:16:27 AM

Valid to:

1/28/2016 10:16:27 AM

Subject:

E=support@somoto-inc.com, CN="Open Source Developer, Somoto-inc Limited", O=Somoto-inc Limited, C=BR

Issuer:

CN=Certum Level III CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

29F1A62452FF40BB83A6D4AC14453838

File PE Metadata

Compilation timestamp:

8/14/2015 8:33:09 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:pL9OOAgtd92JjJYBxqV2XZ8JBJwROhbAVK7OZ9oKC:pL9OOBt2JjJEG2JIBJ9R7OZa/

Entry address:

0x116C

Entry point:

68, 34, 7E, 41, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 76, B9, 45, 79, 28, 91, 40, 46, AB, 26, 5B, 89, 28, 60, 50, CE, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 56, 44, 6F, 77, 6E, 6C, 6F, 61, 64, 65, 72, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 02, FA, 35, C4, 00, 09, 4A, 76, 47, 95, 26, EA, F0, C9, 2D, 25, 40, 61, 66, A8, E8, C3, 94, 54, 43, 8D, 82, 6B, 03, 8B, 8F, AE, EF, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

96 KB (98,304 bytes)

The file VDownloader4OC.exe has been seen being distributed by the following 2 URLs.

https://s3.amazonaws.com/.../VDownloader4OC.exe

http://vdownloader.com.br/.../?p=button

Remove VDownloader4OC.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.