» installer_driver_epson_t22_spanish.exe
Overview
Analysis
File Details
Downloads (1)
Network (3)

installer_driver_epson_t22_spanish.exe

Vittalia Internet S.L.

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application installer_driver_epson_t22_spanish.exe by Vittalia Internet S.L has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Vittalia DM installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from dv.1aab810gfl.com. While running, it connects to the Internet address services.upd4ter.com on port 80 using the HTTP protocol.

File name:

Publisher:

Vittalia Internet S.L. (signed and verified)

MD5:

20a7090ec1be6da2fb07f503f01fc40f

SHA-1:

ce5e1e7401ca96b85b06432065c78f50820d6223

SHA-256:

f8ada0c3db4876eea6dbcc04ff5bcb46728bf221463c0bce30d5e6fb19e8fcfb

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

5/13/2024 1:37:05 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Vittalia (M)

16.7.21.14

File size:

772.2 KB (790,696 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Vittalia DM (using Nullsoft Install System)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\installer_driver_epson_t22_spanish.exe

Digital Signature

Signed by:

Vittalia Internet S.L.

Authority:

Symantec Corporation

Valid from:

3/9/2015 6:00:00 PM

Valid to:

3/9/2016 5:59:59 PM

Subject:

CN=Vittalia Internet S.L., OU=IT, O=Vittalia Internet S.L., L=Mostoles, S=Madrid, C=ES

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

00A20A10D6AEDC59EDBF0C852C5534C4

File PE Metadata

Compilation timestamp:

12/5/2009 4:52:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:idoqIRFgFeQkKAyDcGpcmEoSKAEzhdGA7atnLb1RhxV3pSsTK:iBIUIQpAyDcG5ddbatnLb1R3V5vO

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file installer_driver_epson_t22_spanish.exe has been seen being distributed by the following URL.

http://dv.1aab810gfl.com/installers/axtan_installers/get.php?ne=1&ik=r3q0sHE3nNzmC9DLjQFH A2TXQWWejQOkcImbH1B5to=&ut=68854b75868d6c317ae8f0c8d4fbcc3f&aa=ax/1/solodriverses//&ua=generic&u=JXiJ52sKObpyhYKYVYyXcmgao9NjM3YdE8mtQdA5ifjonjNZhJvQL3O0bBa0XI6S/dch3VlkDyyIK1x0JGJZYeUTMd4N4hOoaddjAksFwT R0B8jylF Px1bXIbyCYBSB0LVGmRQQnvFJ fPKcjIq2xDwf7hQDEkezqVTSTDEVlsr6A bW6 Yu1fqyB4rsYelQNFZ2KtggWy38VAdSi9zXLLq4KeIm3QLves7hzVTaLpAoR2Ul/7ygVoZ jwTpjiFezQiybNfIExVh1A/UMf4uyrmhwry9yKlCbWuH8ilXji37OPAU4PixApa68K/ZHuKiHAhcyduDbXJ/ Vm9zY/QNp0k2sal0YlLxUGjevDsA4uEFUAgyMAtUh6kS1eFs9UMygNJbyCNQ0pnjcYClDM7AzJEiplP2V6bxEOBfgXg0f8gn8vUMJ3kWVuv2bQ6k3Y8saNTCiFTbWom3JwdmWOw==&p=U09MT0RSSVZFUlNFUw==&x=R9ZctQHiGMl3Cpa0Fncem/7onx KO4b5sIA5E1S2vviZPcoVUJEcc90ZX6yoPZeKcsjH6oO6aRmMOxVkMopuLH1lkO8nOisBiqFBD0X0cEK6B1u2XS3dR1WuiATbsqmCxYdW2JS83s0o4B iOws2Pgiua6yyn0khTevc9LQ09TWI56ZP1Z2t06hD/5y6MN5g12SILeK4xXj/1Je9bqOCgdYybg2sLpw/.../6Fn3JwW8ulvaWSY7Ye J

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.uplstatsone.com (93.189.33.84:80)

TCP (HTTP):

Connects to services.upd4ter.com (93.189.33.101:80)

TCP (HTTP):

Connects to media.vitavita.com.es (109.70.128.135:80)

Remove installer_driver_epson_t22_spanish.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.