» installer_adobe_acrobat_professional_10_spanish.exe
Overview
Analysis
File Details
Network (3)

installer_adobe_acrobat_professional_10_spanish.exe

Vittalia Internet S.L

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application installer_adobe_acrobat_professional_10_spanish.exe by Vittalia Internet S.L has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Vittalia DM installer. While running, it connects to the Internet address calculus.adlooxtracking.com on port 80 using the HTTP protocol.

File name:

Publisher:

Vittalia Internet S.L (signed and verified)

MD5:

61f7ff0b12d626020ed0ac00f27ec841

SHA-1:

a9aff98785c7b238515d3b686febc8d2c922a9e5

SHA-256:

13294694400e386c5db2fbe742d4e2ba07704e4f48bb44025ee4e6a5eabe877c

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/24/2024 11:43:43 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Vittalia (M)

16.8.23.21

File size:

339.1 KB (347,248 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Vittalia DM

Digital Signature

Signed by:

Vittalia Internet S.L

Authority:

GlobalSign nv-sa

Valid from:

6/14/2011 4:29:05 PM

Valid to:

6/8/2012 11:13:35 AM

Subject:

CN=Vittalia Internet S.L, O=Vittalia Internet S.L, C=ES

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

010000000001308E97D50D

File PE Metadata

Compilation timestamp:

12/2/2011 5:11:54 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:IT1XOJ8h/qhuOgHc8IrQMRpchEwJ0H9vdA1ZFsVvIf6vqgCNVH:IT1XOJ8h/fbcD+Wu0HVu/J/VH

Entry address:

0x22C39

Entry point:

E8, 56, 50, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, C0, 54, 44, 00, E8, C1, 15, 00, 00, 33, F6, 89, 75, E4, 33, C0, 8B, 5D, 08, 3B, DE, 0F, 95, C0, 3B, C6, 75, 20, E8, 92, 19, 00, 00, C7, 00, 16, 00, 00, 00, 56, 56, 56, 56, 56, E8, 55, F4, FF, FF, 83, C4, 14, 83, C8, FF, E9, CD, 00, 00, 00, 33, C0, 39, 75, 0C, 0F, 95, C0, 3B, C6, 74, D4, 89, 5D, 08, 53, E8, 6A, 51, 00, 00, 59, 89, 75, FC, F6, 43, 0C, 40, 75, 77, 53, E8, 76, 5B, 00, 00, 59, 83, F8, FF, 74, 1B, 83, F8, FE, 74, 16, 8B, D0, C1, FA, 05, 8B, C8... 
[+]

Code size:

244 KB (249,856 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to calculus.adlooxtracking.com (188.165.14.160:80)

TCP (HTTP):

Connects to a23-52-91-27.deploy.static.akamaitechnologies.com (23.52.91.27:80)

TCP (HTTP):

Connects to a23-52-85-163.deploy.static.akamaitechnologies.com (23.52.85.163:80)

Remove installer_adobe_acrobat_professional_10_spanish.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.