home

installer_adobe_flash_player_arabe.exe

Software Updater LLC

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application installer_adobe_flash_player_arabe.exe by Software Updater has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Vittalia DM installer. The file has been seen being downloaded from dk.baretkos.com.
Publisher:
Software Updater LLC  (signed and verified)

MD5:
ecaa8f91d3eed8e737cde24cb2481379

SHA-1:
58b3a743cc8779d3295e002eb63c1027f2a0c084

SHA-256:
7c2038b86f98c68aafc67f1d1cca5c90fb33e7b6ccbe896e88e588f8f94c1244

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
5/26/2024 1:27:50 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Vittalia.Software.Bundler (M)
16.7.8.10

File size:
895.2 KB (916,720 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Vittalia DM (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\installer_adobe_flash_player_arabe.exe

Digital Signature
Signed by:
Software Updater LLC

Authority:
GoDaddy.com, Inc.

Valid from:
1/13/2014 2:50:03 PM

Valid to:
6/21/2016 8:31:04 PM

Subject:
CN=Software Updater LLC, O=Software Updater LLC, L=Wilmington, S=Delaware, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B6CAE0143C59A

File PE Metadata
Compilation timestamp:
12/6/2009 12:52:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:VoEQ0kdsgBVcpsyTvIFEUJnW2fMtQAl/Rw8yww+AXLJPj:ydsg/jyFsneN6N+OLlj

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.6161

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file installer_adobe_flash_player_arabe.exe has been seen being distributed by the following URL.

http://dk.baretkos.com/installers/axtan_installers/get.php?ik=tig&ua=chrome&ut=1e81a99299c6b6335e64d9abb2505899&loop=5&x=L2hvbWUvZG93bl9jcm9ucy9wdWJsaWNfaHRtbC9pbnN0YWxsZXJzL291dC9vbi8xL2ZyZWVzb2Z0c3RvcmVjb20vYXJhYmUvYWRzdGVycmEvY2hyb21lL2Fkb2JlX2ZsYXNoX3BsYXllci9kLzI3NTg3NmUzNGNmNjA5ZGIxMThmM2Q4NGI3OTlhNzkwL3RpZy9uYS9uYS8wL2luc3RhbGxlcl9hZG9iZV9mbGFzaF9wbGF5ZXJfQXJhYmUuZXhl&redir=1&p=RlJFRVNPRlRTVE9SRUNPTQ==&r=1746802&u=L2Rvd25sb2FkLmZyZWVzb2Z0c3RvcmUyLmNvbS9pbnN0YWxsZXJzL291dC8wMDMwNzAwMzA4MDAzMDkvcGlpZC01NGZjZDM0YzZjNjBiNS4wOTM4MDY3MC9vbi8xL2ZyZWVzb2Z0c3RvcmVjb20vYXJhYmUvYWRzdGVycmEvY2hyb21lL2Fkb2JlX2ZsYXNoX3BsYXllci9kLzI3NTg3NmUzNGNmNjA5ZGIxMThmM2Q4NGI3OTlhNzkwL3RpZy9uYS9uYS8wL2luc3RhbGxlcl9hZG9iZV9mbGFzaF9wbGF5ZXJfQXJhYmUuZXhl&aa=on/1/freesoftstorecom//&LN=76&IM=12&GK=33&FB=98&JF=65&DI=70&FC=68&NG=5&EB=66&GG=56&t=1425855838&s=

Remove installer_adobe_flash_player_arabe.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.