home

toolsvillage.downloader.got.s4.e9.exe_full-version.exe

One Installer LLC

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application toolsvillage.downloader.got.s4.e9.exe_full-version.exe by One Installer has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the Vittalia DM installer. The file has been seen being downloaded from dld.oinst02.eu.
Publisher:
One Installer LLC  (signed and verified)

MD5:
b91ef1a457dc6f9f6dcc650a46f933a7

SHA-1:
76da37ad781a0503163ec884cc4b5ded2c01277b

SHA-256:
36e4fa77cb2e58d4fa5a511b269c438d895b2486dffa0c200dda001c58819115

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/27/2024 2:56:07 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Adware/Win32.Lollipop
2014.10.25

Avira AntiVirus
APPL/Downloader.Gen9
7.11.181.44

avast!
Adware-NI [PUP]
141025-0

AVG
Generic
2015.0.3311

Dr.Web
Trojan.Packed.25820
9.0.1.05190

ESET NOD32
Win32/OneInstaller.D potentially unwanted application
7.0.302.0

IKARUS anti.virus
PUA.OneInstaller
t3scan.1.7.8.0

K7 AntiVirus
Adware
13.185.13802

Malwarebytes
PUP.Optional.OneInstaller
v2014.10.25.03

NANO AntiVirus
Riskware.Nsis.Downloader.cuognw
0.28.2.62841

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Reason Heuristics
PUP.OneInstaller.k
14.10.25.3

Sophos
Lollipop
4.98

SUPERAntiSpyware
Adware.Lollipop/Variant
10279

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Vittalia Installer
34228

File size:
162.2 KB (166,136 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Vittalia DM (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\toolsvillage.downloader.got.s4.e9.exe_full-version.exe

Digital Signature
Signed by:
One Installer LLC

Authority:
GoDaddy.com, Inc.

Valid from:
11/6/2013 7:20:03 AM

Valid to:
6/24/2016 9:26:08 AM

Subject:
CN=One Installer LLC, O=One Installer LLC, L=Wilmington, S=Delaware, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
280F69FCB8F054

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:LgXdZt9P6D3XJC4BIl0CXcNFme75+wITUi2jUzK93iMknyWJt4kycPlOn:Le34g2CMNRJITIUza5knnJukycPl+

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.5908

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file toolsvillage.downloader.got.s4.e9.exe_full-version.exe has been seen being distributed by the following URL.

http://dld.oinst02.eu/.../ToolsVillage.Downloader.got.s4.e9.exe_Full-version.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.