home

installer_dvd_shrink_english.exe

Vittalia Internet S.L.

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application installer_dvd_shrink_english.exe by Vittalia Internet S.L has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the Vittalia Offer Manager installer. While running, it connects to the Internet address services.upd4ter.com on port 80 using the HTTP protocol.
Publisher:
Vittalia Internet S.L.  (signed and verified)

MD5:
71d6bf6a00300099531c1de495ba0ba3

SHA-1:
5636b34358841c99d09ce0791c23303a1f7f393d

SHA-256:
317354dab33edbf7560f641c931edf000e56b6bb9a98e733680296c2cacfb9ec

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
4/24/2024 4:19:22 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
Adware/InstaCore.onb
7.11.189.64

AVG
Adware BundleApp_r.Z
2014.0.4189

Clam AntiVirus
Win.Trojan.Agent-760080
0.98/21511

Comodo Security
TrojWare.Win32.Agent.IEXT
20215

Dr.Web
Trojan.DownLoader11.20646
9.0.1.05190

ESET NOD32
Win32/Vittalia.Q potentially unwanted application
7.0.302.0

F-Prot
W32/A-cae7983a
v6.4.7.1.166

IKARUS anti.virus
AdWare.BundleApp
t3scan.1.8.3.0

Malwarebytes
PUP.Optional.Vittalia
v2014.11.28.01

McAfee
CryptVittalia
5600.6933

Norman
Vittalia.AXXN
11.20141128

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Reason Heuristics
PUP.VittaliaInternetSL.FF
14.11.28.0

VIPRE Antivirus
Threat.4782551
35088

Zillya! Antivirus
Trojan.Black.Win32.17248
2.0.0.1995

File size:
5.2 MB (5,501,808 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Vittalia Offer Manager

Common path:
C:\users\{user}\downloads\installer_dvd_shrink_english.exe

Digital Signature
Signed by:
Vittalia Internet S.L.

Authority:
GoDaddy.com, Inc.

Valid from:
7/31/2014 9:02:13 PM

Valid to:
2/7/2015 2:02:08 AM

Subject:
CN=Vittalia Internet S.L., O=Vittalia Internet S.L., L=Mostoles, S=Madrid, C=ES

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2786630BF69FCE

File PE Metadata
Compilation timestamp:
7/8/2014 7:25:50 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:Is70+WDuPgqh2m9hpX7BgE/uE9ZNPDpezA1Y:I0kb

Entry address:
0x1C0BB

Entry point:
E8, B7, 9D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, D5, 43, 00, E8, 6F, 41, 00, 00, E8, 60, 37, 00, 00, 0F, B7, F0, 6A, 02, E8, 4A, 9D, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 48, 68, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
3.9677

Code size:
192.5 KB (197,120 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.uplstatsone.com  (93.189.33.84:80)

TCP (HTTP):
Connects to services.upd4ter.com  (93.189.33.101:80)

TCP (HTTP):
Connects to media.vitavita.com.es  (109.70.128.135:80)

Remove installer_dvd_shrink_english.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.