home

sev_cobundle.exe

One Installer LLC

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application sev_cobundle.exe by One Installer has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the Vittalia DM installer. It is also typically executed from the user's temporary directory.
Publisher:
One Installer LLC  (signed and verified)

MD5:
a2a8e55576b5652cbde6bf44e310402e

SHA-1:
847344d8a29a482a0b6537ccfcd82a12e8a32110

SHA-256:
95f6b2bce7e3623081d7e9380c3eed42ceae7f97e3c90b0ecd38421f42d20874

Scanner detections:
14 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 5:33:55 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
NSIS:Adware-KQ [PUP]
2014.9-140215

Bkav FE
W32.Clod0a0.Trojan
1.3.0.4415

Comodo Security
ApplicUnwnt
17250

Dr.Web
Trojan.Siggen5.61629
9.0.1.046

ESET NOD32
Win32/AdWare.DownloadWare
8.9029

K7 AntiVirus
Unwanted-Program
13.173.10137

Kaspersky
not-a-virus:RiskTool.Win32.Agent
14.0.0.4309

McAfee
Artemis!A2A8E55576B5
5600.7219

NANO AntiVirus
Riskware.Win32.Downware.bsaemx
0.26.0.56179

Reason Heuristics
PUP.OneInstaller.M
14.8.7.21

Sophos
Generic PUA IE
4.94

SUPERAntiSpyware
Adware.Lollipop/Variant
10782

Trend Micro House Call
TROJ_GEN.R0CBH07K413
7.2.46

VIPRE Antivirus
BubbleDock
23248

File size:
636.3 KB (651,568 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Vittalia DM

Common path:
C:\users\{user}\appdata\local\temp\sev_cobundle.exe

Digital Signature
Signed by:
One Installer LLC

Authority:
GoDaddy.com, Inc.

Valid from:
9/16/2013 12:37:01 PM

Valid to:
6/24/2016 6:26:08 PM

Subject:
CN=One Installer LLC, O=One Installer LLC, L=Wilmington, S=Delaware, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2795ED8C3E155C

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:ejuyXysd7pkd8jVv9DgNTFbYyVJqi0vv7NFJh2osqBUAy7x3rCzpSH55J:ouyCS6d8pxgnUYF0bNrAFgyd3r9H5b

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Code size:
23.5 KB (24,064 bytes)

Remove sev_cobundle.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.