» winplayersetupru.exe
Overview
Analysis
File Details
Downloads (1)

winplayersetupru.exe

Product Installer

ITVA

The application winplayersetupru.exe, “iTVA Software Installer” by ITVA has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from download.windowsplayer.ru.

File name:

Publisher:

iTVA LLC (signed by ITVA)

Product:

Product Installer

Description:

iTVA Software Installer

Version:

1.1.0.0

MD5:

e8b38085cf922b988a04af29b0baf983

SHA-1:

980c1e7932fc8ce432e0a60b3cd82713cdc25aca

SHA-256:

05b2c4bd759184520903832776f9295f9f77f08f54dff7d8ba37bb0d8233f8ad

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

5/16/2024 11:39:58 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Installer.ITVA

15.6.5.21

File size:

15.2 MB (15,934,496 bytes)

Product version:

1.1.0.0

Trademarks:

iTVA,InstallTraffic.

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\winplayersetupru.zip\winplayersetupru.exe

Digital Signature

Signed by:

ITVA

Authority:

COMODO CA Limited

Valid from:

9/26/2014 4:00:00 AM

Valid to:

9/27/2015 3:59:59 AM

Subject:

CN=ITVA, O=ITVA, STREET="27/2 Liter A Pom 6-N, prospekt Parkhomenko", L=Saint-Petersburg, S=RU, PostalCode=194356, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

303B020D4BEC85F9AC725DFC5A02D1E8

File PE Metadata

Compilation timestamp:

10/13/2014 6:49:30 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

393216:ArZRCMv1gDmeXq4x9ZX0yYGTuzRIKjezzeAmIjahQ:GBymeXq4x9ZX0oTuWKmzeAmIj

Entry address:

0x6C5B0

Entry point:

60, BE, 00, F0, 44, 00, 8D, BE, 00, 20, FB, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, E4, A5, 06, 00, 57, 83, C3, 04, 53, 68, 9F, D5, 01, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Code size:

124 KB (126,976 bytes)

The file winplayersetupru.exe has been seen being distributed by the following URL.

http://download.windowsplayer.ru/WinPlayerSetupRU.exe

Remove winplayersetupru.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.