home

installer_picasa_english.exe

One Installer LLC

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application installer_picasa_english.exe by One Installer has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the Vittalia DM installer.
Publisher:
One Installer LLC  (signed and verified)

MD5:
cd106153dc7a441efd82f7da6c723c0d

SHA-1:
26d2dc53982068a09b770dd900f72cbef65ed256

SHA-256:
12185c23a4037265e1665827d91f833ecc2dfbfe78eb462aaed0db76ea2c9af9

Scanner detections:
15 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/19/2024 2:18:54 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
APPL/Downloader.Gen9
3.6.1.96

AVG
Win.Threat.Medium
2014.0.4311

Clam AntiVirus
Win.Trojan.Vittalia-10
0.98/21511

Comodo Security
TrojWare.Win32.Agent.IEXT
21663

Dr.Web
Adware.Downware.1556
9.0.1.05190

ESET NOD32
Win32/Vittalia.J potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Vittalia
4/6/2015

K7 AntiVirus
Trojan
13.202.15489

Malwarebytes
PUP.Optional.Vittalia
v2015.04.06.02

NANO AntiVirus
Trojan.Win32.Downware.cqixaf
0.30.8.659

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Reason Heuristics
PUP.OneInstaller
15.4.5.21

Rising Antivirus
PE:Malware.Vittalia!6.1FDB
23.00.65.15404

VIPRE Antivirus
Threat.4782551
38950

File size:
3.8 MB (3,941,152 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Vittalia DM

Digital Signature
Signed by:
One Installer LLC

Authority:
GoDaddy.com, Inc.

Valid from:
9/16/2013 5:37:01 AM

Valid to:
6/24/2016 11:26:08 AM

Subject:
CN=One Installer LLC, O=One Installer LLC, L=Wilmington, S=Delaware, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2795ED8C3E155C

File PE Metadata
Compilation timestamp:
10/16/2013 4:22:35 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:zOJP+tXRig9Run6QJar6QTbYUeofQTbYGaKz0YcFEUmQf7fqOvh4nrpH2z6aB79p:JFcO819z88Crhfl5

Entry address:
0x111B1

Entry point:
E8, 6A, 98, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 78, 0D, 43, 00, E8, D9, 54, 00, 00, E8, 49, 43, 00, 00, 0F, B7, F0, 6A, 02, E8, FD, 97, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 35, 77, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.4532

Code size:
148.5 KB (152,064 bytes)

Remove installer_picasa_english.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.