home

installer_photoscape_english.exe

One Installer LLC

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application installer_photoscape_english.exe by One Installer has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the Vittalia DM installer.
Publisher:
One Installer LLC  (signed and verified)

MD5:
c8050983a3a1410d1d8ac963d4a035e2

SHA-1:
eeca0d1890f42a029fd7c3f954cf742d3a2e04e9

SHA-256:
fe1e4f7468c06ea954a7f5ff7bb6b53fdd4c29ac23a1399470da6c5ff6c748a5

Scanner detections:
15 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 3:29:20 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AVG
Adware Skodna.Bundle.CB
2014.0.4311

Clam AntiVirus
Win.Trojan.Vittalia-10
0.98/21511

Comodo Security
TrojWare.Win32.Agent.IEXT
21663

Dr.Web
Adware.Downware.1556
9.0.1.05190

ESET NOD32
Win32/Vittalia.J potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Vittalia
4/6/2015

K7 AntiVirus
Trojan
13.202.15489

Malwarebytes
PUP.Optional.Vittalia
v2015.04.06.02

NANO AntiVirus
Trojan.Win32.Downware.cqixaf
0.30.8.659

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Reason Heuristics
PUP.OneInstaller
15.4.5.21

Rising Antivirus
PE:Malware.Vittalia!6.1FDB
23.00.65.15404

VIPRE Antivirus
Threat.4782551
38882

File size:
3.7 MB (3,907,384 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Vittalia DM

Digital Signature
Signed by:
One Installer LLC

Authority:
GoDaddy.com, Inc.

Valid from:
9/16/2013 5:37:01 AM

Valid to:
6/24/2016 11:26:08 AM

Subject:
CN=One Installer LLC, O=One Installer LLC, L=Wilmington, S=Delaware, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2795ED8C3E155C

File PE Metadata
Compilation timestamp:
10/16/2013 4:22:35 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:eOJP+tXRrPNugpe+K3l5TW1e03lGh5E0SM3QpEDlnQlxQPjN1oN+C5W3ORZ:6BPMgp4BhzekElGKZ

Entry address:
0x111B1

Entry point:
E8, 6A, 98, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 78, 0D, 43, 00, E8, D9, 54, 00, 00, E8, 49, 43, 00, 00, 0F, B7, F0, 6A, 02, E8, FD, 97, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 35, 77, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.4178

Code size:
148.5 KB (152,064 bytes)

Remove installer_photoscape_english.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.