bittorrent.exe

DownInstall

Vitbian telecom sl

The application bittorrent.exe by Vitbian telecom sl has been detected as adware by 7 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.softmillon.com and multiple other hosts.
Publisher:
Vitbian telecom sl  (signed and verified)

Product:
DownInstall

Version:
1.3.0.0

MD5:
4deda20c2ab9d8dafea3783af3c0b80c

SHA-1:
8689d86275de1c21e645b505aa3accab36837672

SHA-256:
a417ab1ba31756631b02c685daf61ab3ac6b9d24ef6417972b8ee5c176a7e11a

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
12/23/2024 7:03:47 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Rogue.1232108
7.11.107.120

avast!
Win32:Linkuar-B [PUP]
2014.9-151030

AVG
Skodna.Generic_c
2016.0.2940

IKARUS anti.virus
Win32.Linkuar
t3scan.2.0.127

McAfee
Artemis!4DEDA20C2AB9
5600.6596

Panda Antivirus
Adware/MultiToolbar
15.10.30.06

Reason Heuristics
PUP.Vitbiantelecomsl (M)
15.10.30.18

File size:
1.2 MB (1,239,400 bytes)

Product version:
1.3.0.0

Copyright:
Copyright © 2013

Original file name:
DownInstall.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\bittorrent.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
2/1/2013 1:00:00 AM

Valid to:
2/2/2014 12:59:59 AM

Subject:
CN=Vitbian telecom sl, O=Vitbian telecom sl, STREET=calle durango 45, L=madrid, S=madrid, PostalCode=28023, C=ES

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2B1E042090F8B8A605FB4A8E606FAF59

File PE Metadata
Compilation timestamp:
8/7/2013 4:40:31 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:grkRAQlnlh6Zf+qKnRZsoNgq9MxzzppB7QlIC/yYVK8xu2YQoK8feNMj:grCll1qcRSq9MRtpSlDn3YQoK8Ga

Entry address:
0x12E04E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.2 MB (1,229,312 bytes)

The file bittorrent.exe has been seen being distributed by the following 9 URLs.

http://www.softmillon.com/down.php?name=Windows-Movie-Maker

http://www.softmillon.com/down.php?name=Minecraft

http://www.softmillon.com/down.php?name=Malwarebytes-AntiMalware

Remove bittorrent.exe - Powered by Reason Core Security