home

installer_microsoft_excel_english.exe

Vittalia Internet S.L

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application installer_microsoft_excel_english.exe by Vittalia Internet S.L has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the Vittalia DM installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Vittalia Internet S.L  (signed and verified)

MD5:
2915301408726f2beefec37572fb58c3

SHA-1:
b53076c74cf6f1921716a7978e530525234548b8

SHA-256:
51d0241ac565ad7e8977503bc1c647645d3be6aca626a8f2ff12d0da35730bdf

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/19/2024 8:26:49 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/InstallCore.Gen7
7.11.180.228

avast!
Adware-gen [Adw]
141023-1

AVG
InstallC
2015.0.3312

ESET NOD32
Win32/InstallCore.PL potentially unwanted application
7.0.302.0

K7 AntiVirus
Unwanted-Program
13.184.13741

McAfee
Adware-DomaIQ
5600.6968

NANO AntiVirus
Riskware.Win32.InstallCore.dddwte
0.28.2.62841

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Reason Heuristics
PUP.VittaliaInternetSL.b
14.10.23.21

Sophos
Install Core Click run software
4.98

Vba32 AntiVirus
Downware.InstallCore
3.12.26.3

VIPRE Antivirus
Threat.4150696
33706

File size:
860.8 KB (881,480 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Vittalia DM (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\installer_microsoft_excel_english.exe

Digital Signature
Signed by:
Vittalia Internet S.L

Authority:
GlobalSign nv-sa

Valid from:
7/9/2014 10:18:24 PM

Valid to:
8/9/2015 10:18:24 PM

Subject:
CN=Vittalia Internet S.L, O=Vittalia Internet S.L, L=Mostoles, S=Madrid, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121296DFC83F15C4B1C19CE7B920AA7D12F

File PE Metadata
Compilation timestamp:
12/6/2009 11:52:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:KiQZAWWQfIj0CnK49ceYAcDc4tG1+/WNJTvi:oZAFmIN2AYc4AgkVi

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9893

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.uplstatsone.com  (93.189.33.84:80)

TCP (HTTP):
Connects to services.upd4ter.com  (93.189.33.101:80)

TCP (HTTP):
Connects to media.vitavita.com.es  (109.70.128.135:80)

TCP (HTTP):
Connects to download.upd4ter.com  (93.189.33.101:80)

 
http://download.upd4ter.com/installers/down.php

Remove installer_microsoft_excel_english.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.