» installer_microsoft_word_english.exe
Overview
Analysis
File Details
Network (3)

installer_microsoft_word_english.exe

Vittalia Internet S.L.

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application installer_microsoft_word_english.exe by Vittalia Internet S.L has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the Vittalia DM installer. According to Microsoft Security Essentials, the software bundles and installs the Lolliport adware program (in many cases without a user's knowledge). It usually gets on your PC as an installer for a free game or application. This software bundler installs other potentially unwanted software, including Adware:Win32/Lollipop, at the same time as other software.

File name:

Publisher:

Vittalia Internet S.L. (signed and verified)

MD5:

734bb7dc5ac7997ce83a4b9317ec1ea3

SHA-1:

6ff10e0895804721be22468e0c6915db61b33019

SHA-256:

8d959fc17d3a02bacf8f1fcb452cee5db6048238380774627dc3af88ed7b29d8

Scanner detections:

19 / 68

Status:

Adware

Explanation:

This software bundler installs other potentially unwanted software, including Adware:Win32/Lollipop during isntallation without a user's consent.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/26/2024 9:51:48 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware

7.1.1

Avira AntiVirus

Adware/Vittalia.AB

7.11.145.40

AVG

Startpage

2015.0.3495

Baidu Antivirus

Hacktool.Win32.Agent

4.0.3.14424

Bkav FE

W32.HfsOval

1.3.0.4959

Dr.Web

Adware.Downware.744

9.0.1.0114

ESET NOD32

Win32/Vittalia

8.9717

Fortinet FortiGate

Riskware/Vittalia

4/24/2014

IKARUS anti.virus

Trojan.Agent4

t3scan.2.2.29

Kaspersky

not-a-virus:RiskTool.Win32.Agent

14.0.0.3968

McAfee

RDN/Generic PUP.x!yh

5600.7151

Microsoft Security Essentials

SoftwareBundler:Win32/Lolliport

1.10401

NANO AntiVirus

Trojan.Win32.Downware.cnwpvm

0.28.0.59492

Qihoo 360 Security

Win32/Virus.RiskTool.3ea

1.0.0.1015

Reason Heuristics

PUP.VittaliaInternetSL.a

14.8.7.21

SUPERAntiSpyware

Adware.Downware/Variant

10646

Trend Micro House Call

TROJ_GEN.R0C1C0PGI13

7.2.121

Trend Micro

TROJ_GEN.R0C1C0PGI13

10.465.01

VIPRE Antivirus

Vittalia Installer

28570

File size:

1.1 MB (1,110,720 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Vittalia DM

Common path:

C:\users\{user}\downloads\installer_microsoft_word_english.exe

Digital Signature

Signed by:

Vittalia Internet S.L.

Authority:

VeriSign, Inc.

Valid from:

6/4/2012 8:00:00 PM

Valid to:

5/8/2013 7:59:59 PM

Subject:

CN=Vittalia Internet S.L., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Vittalia Internet S.L., L=Mostoles, S=Madrid, C=ES

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7952CFD9EF040B59F3C140BA1DA97A60

File PE Metadata

Compilation timestamp:

12/4/2012 3:27:43 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:L9WC988bu6Coe3xz82LEbXZK8mLESwai4VMePPgMRj:LB88TCoKxz820XY8mmaiyMeHg2j

Entry address:

0xE39A

Entry point:

E8, 8D, 88, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B8, D1, 42, 00, E8, 50, 57, 00, 00, E8, 32, 29, 00, 00, 0F, B7, F0, 6A, 02, E8, 20, 88, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 5E, 5D, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.6362

Code size:

139.5 KB (142,848 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.uplstatsone.com (93.189.33.84:80)

TCP (HTTP):

Connects to services.upd4ter.com (93.189.33.101:80)

TCP (HTTP):

Connects to media.vitavita.com.es (109.70.128.135:80)

Remove installer_microsoft_word_english.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.