home

installer_flv_media_player__english.exe

100Blogs SL

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application installer_flv_media_player__english.exe by 100Blogs SL has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the Vittalia DM installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
100Blogs SL  (signed and verified)

MD5:
510763f6de9053fce744d870eb782d8f

SHA-1:
f7a66a1c189b9778715adac13cb6bce65b51459c

SHA-256:
43fe412952bece61fa4adcbac0b3e427bf5c41d03adf013f3b62d9299ed33bd6

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/29/2024 2:41:55 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/InstallCore.A.1373
7.11.169.150

AVG
InstallC
2015.0.3369

Comodo Security
Application.Win32.Installcore.PM
19333

ESET NOD32
Win32/InstallCore.PK potentially unwanted application
7.0.302.0

IKARUS anti.virus
PUA.Vittalia
t3scan.1.7.5.0

K7 AntiVirus
Unwanted-Program
13.183.13166

Malwarebytes
PUP.Optional.InstallCore
v2014.08.27.04

McAfee
Adware-DomaIQ
5600.7025

NANO AntiVirus
Riskware.Win32.InstallCore.dcwlwu
0.28.2.61861

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.100BlogsSL.d
14.8.27.13

Sophos
Install Core Click run software
4.98

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4782551
32210

File size:
862.2 KB (882,864 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Vittalia DM (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\installer_flv_media_player__english.exe

Digital Signature
Signed by:
100Blogs SL

Authority:
GoDaddy.com, Inc.

Valid from:
10/14/2013 1:18:59 AM

Valid to:
10/14/2016 1:18:59 AM

Subject:
CN=100Blogs SL, O=100Blogs SL, L=CERDANYOLA DEL VALLES, S=BARCELONA, C=ES

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B93142DC69C91

File PE Metadata
Compilation timestamp:
12/5/2009 2:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:hZXHsV2JzbvZIz6O6Ifqtz7W2S5+1+/WNJTv2:vHrJz6n6aYvgkV2

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9891

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove installer_flv_media_player__english.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.