coolvertersetupru.exe

Product Installer

iTVA LLC

The application coolvertersetupru.exe, “Installer for InstallTraffic.com” by iTVA has been detected as a potentially unwanted program by 10 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from download.coolverter.ru.
Publisher:
iTVA LLC  (signed and verified)

Product:
Product Installer

Description:
Installer for InstallTraffic.com

Version:
1.0.20.0

MD5:
95faaf954bf5f04d508e9428c171fd9f

SHA-1:
48c18a5f9ae0b15a3e2bfebb0db6ccaf577edb9d

SHA-256:
241755800eaa46332e5e549c957a96bcad144ae4b377ca75da701ba68670dff3

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
11/14/2024 11:01:22 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AVG
iTVA
2015.0.3331

Dr.Web
Adware.Downware.6456
9.0.1.0277

ESET NOD32
Win32/Itva
8.10505

IKARUS anti.virus
PUA.Itva
t3scan.1.7.8.0

McAfee
Artemis!95FAAF954BF5
5600.6987

NANO AntiVirus
Riskware.Win32.Downware.dfoovl
0.28.2.62440

Reason Heuristics
PUP.Installer.iTVA.R
14.10.4.23

Rising Antivirus
PE:Trojan.Win32.Generic.175CCA17!391957015
23.00.65.141002

VIPRE Antivirus
Trojan.Win32.Generic
33626

File size:
18 MB (18,822,256 bytes)

Product version:
1.0.20.0

Copyright:
Copyright © 2004-2014 iTVA LLC.

Trademarks:
iTVA,InstallTraffic.

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\coolvertersetupru.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
11/23/2012 7:00:00 AM

Valid to:
11/24/2014 6:59:59 AM

Subject:
CN=iTVA LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=iTVA LLC, L=St.Petersburg, S=Russian Federation, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
65EB772671D39CAF088B0D4A828C5E61

File PE Metadata
Compilation timestamp:
7/14/2014 9:39:14 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
393216:YRKj3+by6CV2dRjVLWpmRBQhEYc7bs9/iSFfcrh3Axbe:YgKby6f7jApqB8Hc3Y/J5crUe

Entry address:
0x61EB0

Entry point:
60, BE, 00, 80, 44, 00, 8D, BE, 00, 90, FB, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 8C, F5, 05, 00, 57, 83, C3, 04, 53, 68, A8, 9E, 01, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
108 KB (110,592 bytes)

The file coolvertersetupru.exe has been seen being distributed by the following URL.

Remove coolvertersetupru.exe - Powered by Reason Core Security