» installer_openoffice_french.exe
Overview
Analysis
File Details
Downloads (1)
Network (4)

installer_openoffice_french.exe

Vittalia Internet S.L.

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application installer_openoffice_french.exe by Vittalia Internet S.L has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the Vittalia DM installer. This setup program installs potentially unwanted software on the user's PC at the same time as the expected/marketing software, without adequate consent. The program is typically installed via a form of malvertising With this installer, users are expecting to download the free Apache OpenOffice but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.

File name:

Publisher:

Vittalia Internet S.L. (signed and verified)

MD5:

066969b8509a55e7e4ec3e674170c7ce

SHA-1:

47bdabcb18d63723ca01ed9d93924643f4fac798

SHA-256:

b66aa015461c31fe737b857484c64f1bfdc8e6a997d4406f4fa3256938f35797

Scanner detections:

20 / 68

Status:

Adware

Explanation:

Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/16/2024 9:43:00 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware

7.1.1

Avira AntiVirus

Adware/Vittalia.AB

7.11.180.60

avast!

Dropper-gen [Drp]

141003-0

AVG

Trojan horse Startpage.TQC

2014.0.4040

Baidu Antivirus

HackTool.Win32.Agent

4.0.3.141021

Comodo Security

TrojWare.Win32.Agent.IEXT

19867

Dr.Web

Adware.Downware.744

9.0.1.05190

ESET NOD32

Win32/Vittalia.C potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/Vittalia

10/21/2014

IKARUS anti.virus

Trojan.Win32.StartPage

t3scan.1.7.8.0

K7 AntiVirus

Unwanted-Program

13.184.13741

Kaspersky

not-a-virus:RiskTool.Win32.Agent

15.0.0.494

McAfee

RDN/Generic PUP.x!cjx

5600.6970

NANO AntiVirus

Trojan.Win32.Downware.cnwpvm

0.28.2.62841

Qihoo 360 Security

Win32/Virus.RiskTool.3ea

1.0.0.1015

Reason Heuristics

PUP.VittaliaInternetSL.BB

14.10.21.16

Sophos

Lolliport SoftwareBundler

4.98

SUPERAntiSpyware

Adware.Downware/Variant

10286

VIPRE Antivirus

Vittalia Installer

34122

Zillya! Antivirus

Trojan.Agent.Win32.303708

2.0.0.1962

File size:

1008.1 KB (1,032,256 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Vittalia DM

Common path:

C:\users\{user}\downloads\installer_openoffice_french.exe

Digital Signature

Signed by:

Vittalia Internet S.L.

Authority:

VeriSign, Inc.

Valid from:

6/5/2012 2:00:00 AM

Valid to:

5/9/2013 1:59:59 AM

Subject:

CN=Vittalia Internet S.L., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Vittalia Internet S.L., L=Mostoles, S=Madrid, C=ES

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7952CFD9EF040B59F3C140BA1DA97A60

File PE Metadata

Compilation timestamp:

12/4/2012 9:27:43 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:k9WC988bu6Co+hz82LEVXjo39xQ1mPbjm4EBjMP9GF:kB88TCokz82Qo3Hemu/BjMVGF

Entry address:

0xE39A

Entry point:

E8, 8D, 88, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B8, D1, 42, 00, E8, 50, 57, 00, 00, E8, 32, 29, 00, 00, 0F, B7, F0, 6A, 02, E8, 20, 88, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 5E, 5D, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

139.5 KB (142,848 bytes)

The file installer_openoffice_french.exe has been seen being distributed by the following URL.

http://download.telechargers.net/installers/out/fr/37/telechargers.net/fr/11aedd0e432747c2bcd97b82808d24a0/2b/c5/b889807b1805c7a00ad775a28e8d/.../installer_openoffice_French.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.uplstatsone.com (93.189.33.84:80)

TCP (HTTP):

Connects to services.upd4ter.com (93.189.33.101:80)

TCP (HTTP):

Connects to media.vitavita.com.es (109.70.128.135:80)

TCP (HTTP):

Connects to download.upd4ter.com (93.189.33.101:80)

http://download.upd4ter.com/installers/down.php

Remove installer_openoffice_french.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.