» 00000000
Overview
Analysis
File Details

00000000

One Installer LLC

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file 00000000 by One Installer has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the Vittalia DM installer.

File name:

00000000

Publisher:

One Installer LLC (signed and verified)

MD5:

a897c45715b9d37b67eb05f33fc5aba3

SHA-1:

8d1e39bf394b9ec14c93665a414d091ffcfb2348

SHA-256:

205840d8480946c414d387afe4072c1494b77a3aff619806d455a0e36d6f85c7

Scanner detections:

16 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/28/2024 6:44:50 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Adware/Win32.Lollipop

2014.09.30

Avira AntiVirus

APPL/Downloader.Gen9

7.11.175.170

avast!

Adware-NI [PUP]

140929-0

AVG

Generic

2015.0.3336

Dr.Web

Trojan.Packed.25820

9.0.1.05190

ESET NOD32

Win32/OneInstaller.C potentially unwanted application

7.0.302.0

IKARUS anti.virus

PUA.OneInstaller

t3scan.1.7.8.0

K7 AntiVirus

Adware

13.183.13521

Malwarebytes

PUP.Optional.OneInstaller

v2014.09.30.07

NANO AntiVirus

Riskware.Nsis.Downloader.cuognw

0.28.2.62440

Qihoo 360 Security

Trojan.Generic

1.0.0.1015

Reason Heuristics

PUP.OneInstaller.I

14.9.30.6

Sophos

Lollipop

4.98

SUPERAntiSpyware

Adware.Lollipop/Variant

10328

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

VIPRE Antivirus

Threat.4782551

33120

File size:

162.2 KB (166,072 bytes)

Bundler/Installer:

Vittalia DM (using Nullsoft Install System)

Common path:

C:\users\{user}\appdata\local\google\chrome\user data\default\file system\000\t\00\00000000

Digital Signature

Signed by:

One Installer LLC

Authority:

GoDaddy.com, Inc.

Valid from:

11/7/2013 12:20:03 AM

Valid to:

6/25/2016 1:26:08 AM

Subject:

CN=One Installer LLC, O=One Installer LLC, L=Wilmington, S=Delaware, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

280F69FCB8F054

File PE Metadata

Compilation timestamp:

12/6/2009 7:50:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:3gXdZt9P6D3XJC4BIl0CXclme75+wITUi2jUzK93iMknyWJt4kycPlOf:3e34g2CMxJITIUza5knnJukycPl4

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.5905

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove 00000000 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.