home

installer_jflap_english.exe

Vittalia Internet S.L.

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application installer_jflap_english.exe by Vittalia Internet S.L has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the Vittalia DM installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. While running, it connects to the Internet address services.upd4ter.com on port 80 using the HTTP protocol.
Publisher:
Vittalia Internet S.L.  (signed and verified)

MD5:
8b26dc15be082e2c13fd882bd53a3342

SHA-1:
c2aed35adbe62c67b4234ad2ea95608ddff4113a

SHA-256:
cc7cd517d5c5ae9a1f169914f98c94b470765f19ddc9678e8842385bfbfbc609

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
5/11/2024 1:37:28 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
PUA/InstallCore.Gen7
8.3.1.6

avast!
Evo-gen [Susp]
150521-0

AVG
Generic
2016.0.3101

Dr.Web
Trojan.Vittalia.35
9.0.1.05190

ESET NOD32
Win32/TrojanDropper.Addrop.C trojan
7.0.302.0

Malwarebytes
PUP.Optional.BundleInstaller.A
v2015.05.23.11

Norman
InstallCore.WTRR
11.20150523

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Reason Heuristics
PUP.Vittalia.Bundler
15.5.23.11

VIPRE Antivirus
Threat.4782551
40432

File size:
682.5 KB (698,848 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Vittalia DM (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\installer_jflap_english.exe

Digital Signature
Signed by:
Vittalia Internet S.L.

Authority:
Symantec Corporation

Valid from:
3/10/2015 2:00:00 AM

Valid to:
3/10/2016 1:59:59 AM

Subject:
CN=Vittalia Internet S.L., OU=IT, O=Vittalia Internet S.L., L=Mostoles, S=Madrid, C=ES

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
00A20A10D6AEDC59EDBF0C852C5534C4

File PE Metadata
Compilation timestamp:
12/6/2009 12:52:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:L6py4ug4dkE6u6l/MibcU1pR/CTzSAPIMUA0Gh+cLccHvFP6LveBNxLEl0P:L6E4ruywU3Ryz4M7vh+K9Lh/

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9525

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.uplstatsone.com  (93.189.33.84:80)

TCP (HTTP):
Connects to services.upd4ter.com  (93.189.33.101:80)

TCP (HTTP):
Connects to media.vitavita.com.es  (109.70.128.135:80)

Remove installer_jflap_english.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.