» 1366231712itinstallerp.exe
Overview
Analysis
File Details

1366231712itinstallerp.exe

Software Updater LLC

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application 1366231712itinstallerp.exe by Software Updater has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Vittalia DM installer.

File name:

Publisher:

Software Updater LLC (signed and verified)

MD5:

008244aa1fc191ae7ca7194ab739260b

SHA-1:

5421e5c8c3a0c1aa7568b15f60c36ba309f90ab6

SHA-256:

c29b9dafcd7af1413db9c0d07f58df2880a2823162ccbbefc487dcba1c57cf71

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/26/2024 1:56:20 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Vittalia.SoftwareUpdater.Bundler (M)

16.2.14.21

File size:

2.8 MB (2,899,464 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Vittalia DM

Common path:

C:\windows\temp\1366231712itinstallerp.exe

Digital Signature

Signed by:

Software Updater LLC

Authority:

GoDaddy.com, Inc.

Valid from:

3/6/2013 10:08:14 AM

Valid to:

2/14/2014 6:49:07 PM

Subject:

CN=Software Updater LLC, O=Software Updater LLC, L=Wilmington, S=DE, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

080BC15D744636

File PE Metadata

Compilation timestamp:

4/17/2013 12:46:00 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:VPF4CBx1+5JWuF99708F/fRpwXCSQV1lZZ37nbvzGzJ:VN4CscSNZpQ

Entry address:

0x65070

Entry point:

60, BE, 00, 20, 44, 00, 8D, BE, 00, F0, FB, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Packer / compiler:

UPX 2.90LZMA

Code size:

144 KB (147,456 bytes)

Remove 1366231712itinstallerp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.