» installer_optimized_over_current_relay_co-ordination_scripts_english.exe
Overview
Analysis
File Details
Downloads (1)
Network (4)

installer_optimized_over_current_relay_co-ordination_scripts_english.exe

Vittalia Internet S.L.

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application installer_optimized_over_current_relay_co-ordination_scripts_english.exe by Vittalia Internet S.L has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the Vittalia Offer Manager installer. The file has been seen being downloaded from www.downloadplex.com. While running, it connects to the Internet address services.upd4ter.com on port 80 using the HTTP protocol.

File name:

Publisher:

Vittalia Internet S.L. (signed and verified)

MD5:

9d9fb079f9a5ed0db18e100406c4574a

SHA-1:

f1165f8c88951da28ef630e2b166a688eaa4bc6f

SHA-256:

02dcfa0579f48029408fa530d7c9a7b8c75b42426a62bd8e7f9aa1fa344b7ae5

Scanner detections:

15 / 68

Status:

Adware

Explanation:

Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:

4/19/2024 1:34:28 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

Avira AntiVirus

Adware/InstaCore.onb

7.11.173.134

AVG

Adware BundleApp_r.Z

2014.0.4015

Clam AntiVirus

Win.Trojan.Agent-760080

0.98/19406

Comodo Security

TrojWare.Win32.Agent.IEXT

19569

Dr.Web

Trojan.DownLoader11.20646

9.0.1.05190

ESET NOD32

Win32/Vittalia.Q potentially unwanted application

7.0.302.0

IKARUS anti.virus

AdWare.BundleApp

t3scan.1.7.8.0

Malwarebytes

PUP.Optional.Vittalia

v2014.09.20.02

McAfee

CryptVittalia

5600.7001

Norman

Vittalia.AXXN

11.20140920

Qihoo 360 Security

Trojan.Generic

1.0.0.1015

Reason Heuristics

PUP.VittaliaInternetSL.?

14.9.20.12

VIPRE Antivirus

Threat.4782551

32938

Zillya! Antivirus

Trojan.Black.Win32.17248

2.0.0.1928

File size:

5.2 MB (5,501,968 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Vittalia Offer Manager

Digital Signature

Signed by:

Vittalia Internet S.L.

Authority:

Starfield Technologies, Inc.

Valid from:

7/22/2014 2:15:00 PM

Valid to:

2/6/2015 6:02:08 PM

Subject:

CN=Vittalia Internet S.L., O=Vittalia Internet S.L., L=Mostoles, S=Madrid, C=ES

Issuer:

SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

0418F16686AE11

File PE Metadata

Compilation timestamp:

7/8/2014 12:25:50 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:xs70+We6yHPgae9Wm4BDrF4nqbXQaWjJd6nniSvi+WQ5QSjmfnGtj8pzADKGU:x0kn

Entry address:

0x1C0BB

Entry point:

E8, B7, 9D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, D5, 43, 00, E8, 6F, 41, 00, 00, E8, 60, 37, 00, 00, 0F, B7, F0, 6A, 02, E8, 4A, 9D, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 48, 68, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

5.7285

Code size:

192.5 KB (197,120 bytes)

The file installer_optimized_over_current_relay_co-ordination_scripts_english.exe has been seen being distributed by the following URL.

http://www.downloadplex.com/go.php?pro=340499&num=1&url=http://www.mathworks.com/matlabcentral/fx_files/30336/.../Over_Current_Relay_Co_ordination.zip

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.uplstatsone.com (93.189.33.84:80)

TCP (HTTP):

Connects to services.upd4ter.com (93.189.33.101:80)

TCP (HTTP):

Connects to media.vitavita.com.es (109.70.128.135:80)

TCP (HTTP):

Connects to download.upd4ter.com (93.189.33.101:80)

http://download.upd4ter.com/installers/down.php

Remove installer_optimized_over_current_relay_co-ordination_scripts_english.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.