home

installer_ramcleaner_6_82_spanish.exe

Free Software LLC

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application installer_ramcleaner_6_82_spanish.exe by Free Software has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from domseo.com.edgesuite.net.
Publisher:
Free Software LLC  (signed and verified)

MD5:
ba0d9ac090b09926453e4300331b6315

SHA-1:
644f9d3f06508606580479308a88973b1ee01ebb

SHA-256:
d733f22135c3fbf4956f9a7981ec9425a4bba6212730c9067f05dc330d58b992

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/25/2024 10:57:40 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.416847
910

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
TR/Kazy.416847.81
7.11.164.56

avast!
Win32:Installer-T [PUP]
2014.9-140808

AVG
Adware BundleApp_r.Z
2014.0.3986

Bitdefender
Gen:Variant.Kazy.416847
1.0.20.1100

Comodo Security
TrojWare.Win32.Agent.IEXT
18868

Dr.Web
Trojan.DownLoader11.20646
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Kazy.416847
8.14.08.08.05

ESET NOD32
Win32/Vittalia.Q potentially unwanted application
7.0.302.0

F-Secure
Gen:Variant.Kazy.416847
11.2014-08-08_6

G Data
Gen:Variant.Kazy.416847
14.8.24

IKARUS anti.virus
PUA.Vittalia
t3scan.1.6.1.0

Malwarebytes
PUP.Optional.InstallCore
v2014.08.08.05

McAfee
CryptVittalia
5600.7044

MicroWorld eScan
Gen:Variant.Kazy.416847
15.0.0.660

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.8.8.17

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10434

VIPRE Antivirus
Threat.4782551
31208

File size:
5.2 MB (5,501,928 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Digital Signature
Signed by:
Free Software LLC

Authority:
Starfield Technologies, Inc.

Valid from:
8/1/2014 7:08:01 AM

Valid to:
7/22/2015 8:23:49 AM

Subject:
CN=Free Software LLC, O=Free Software LLC, L=Wilmington, S=Delaware, C=US

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
27DD6AADCC34E6

File PE Metadata
Compilation timestamp:
7/8/2014 6:25:50 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:ws70+WcYkSsLrKg5PtLeoaU14oyJNP8VfultWuFhT/CrB45h32p0QWw24ix6rCbx:w0k

Entry address:
0x1C0BB

Entry point:
E8, B7, 9D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, D5, 43, 00, E8, 6F, 41, 00, 00, E8, 60, 37, 00, 00, 0F, B7, F0, 6A, 02, E8, 4A, 9D, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 48, 68, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
192.5 KB (197,120 bytes)

The file installer_ramcleaner_6_82_spanish.exe has been seen being distributed by the following URL.

http://domseo.com.edgesuite.net/installers/out/008070080800809/piid-01234567899874563210012345678912/ax/mp3/spanish/seob/chrome/ramcleaner_6_82/d/782198027fc5094c479d3ef9a43b22b5/vit/.../installer_ramcleaner_6_82_Spanish.exe

Remove installer_ramcleaner_6_82_spanish.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.