» installer.exe
Overview
Analysis
File Details

installer.exe

Software Updater LLC

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application installer.exe by Software Updater has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the Vittalia DM installer.

File name:

installer.exe

Publisher:

Software Updater LLC (signed and verified)

MD5:

9c008aae3cce15a2d1e4ff16635c7360

SHA-1:

71e4ecea735cabc3f315733249148448849cebb6

SHA-256:

6aa8a19ee234ea38a9eb652b2037e96ea926ec7076eb5cc13188f236a898561c

Scanner detections:

19 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 6:18:00 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Agent

7.1.1

Avira AntiVirus

APPL/Downloader.Gen

7.11.164.196

avast!

Installer-T [PUP]

140617-1

AVG

Adware Skodna.Bundle.AH

2014.0.3986

Comodo Security

TrojWare.Win32.Agent.IEXT

19037

Dr.Web

Adware.Downware.1139

9.0.1.05190

ESET NOD32

Win32/ToolkitOffers.A potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/ToolkitOffers.A

7/31/2014

IKARUS anti.virus

not-a-virus:RiskTool.Win32

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.182.12911

Kaspersky

not-a-virus:RiskTool.Win32.Agent

15.0.0.494

McAfee

RDN/Generic PUP.x!yh

5600.7053

Microsoft Security Essentials

Threat.Undefined

1.179.1619.0

NANO AntiVirus

Trojan.Win32.Click2.coonal

0.28.2.61148

Qihoo 360 Security

Malware.QVM06.Gen

1.0.0.1015

Reason Heuristics

PUP.SoftwareUpdater.J

14.7.31.10

Sophos

ToolKit Offers

4.98

SUPERAntiSpyware

Adware.Lollipop/Variant

10450

VIPRE Antivirus

Threat.4782551

31208

File size:

1.8 MB (1,915,208 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Vittalia DM (using Nullsoft Install System)

Common path:

C:\windows\temp\installer.exe

Digital Signature

Signed by:

Software Updater LLC

Authority:

GoDaddy.com, Inc.

Valid from:

3/6/2013 4:08:14 AM

Valid to:

2/14/2014 12:49:07 PM

Subject:

CN=Software Updater LLC, O=Software Updater LLC, L=Wilmington, S=DE, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

080BC15D744636

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:BY84S4V95Ol2448fURKg084i4aqjT3OB9zrG6SCCQaTcfCi+CEjmbwipfqN:m9X5334UY99eET8rGDQaTQCiuaEiu

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9946

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.