» coolvertersetupru.exe
Overview
Analysis
File Details
Downloads (1)
Network (1)

coolvertersetupru.exe

Product Installer

ITVA

The application coolvertersetupru.exe, “!TVA Software Installer” by ITVA has been detected as adware by 15 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. The file has been seen being downloaded from download.coolverter.ru.

File name:

Publisher:

!TVA LLC (signed by ITVA)

Product:

Product Installer

Description:

!TVA Software Installer

Version:

1.2.1.0

MD5:

66bd32e2d2d157f840a901175e5d4c7d

SHA-1:

af504735d4e76468abacc61fe57072740ce35d9a

SHA-256:

cfb2916c8d761c81c01f0adec396d10070ba233b64731210bb68c6c4b144251b

Scanner detections:

15 / 68

Status:

Adware

Explanation:

May bundle additional potentially unwanted software such as adware during setup.

Analysis date:

9/22/2024 8:34:48 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

Bkav FE

W32.HfsAdware

1.3.0.7383

Dr.Web

Adware.Downware.11337

9.0.1.0335

ESET NOD32

Win32/Itva.E potentially unwanted

9.12641

Fortinet FortiGate

Riskware/Itva

12/1/2015

G Data

Win32.Application.Agent.YS2NG6

15.12.25

IKARUS anti.virus

PUA.Itva

t3scan.1.9.5.0

K7 AntiVirus

Adware

13.212.17997

Malwarebytes

PUP.Optional.BundleInstaller

v2015.12.01.12

McAfee

Artemis!66BD32E2D2D1

5600.6564

NANO AntiVirus

Riskware.Win32.Downware.dsdvwr

0.30.26.4751

Reason Heuristics

PUP.iTVA.Installer (M)

15.12.1.12

Trend Micro

TROJ_GEN.R047C0OFL15

10.465.01

VIPRE Antivirus

Trojan.Win32.Generic

45488

Zillya! Antivirus

Adware.Amonetize.Win32.13259

2.0.0.2536

File size:

10.6 MB (11,082,400 bytes)

Product version:

1.2.1.0

Trademarks:

!TVA, InstallTraffic.

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Digital Signature

Signed by:

ITVA

Authority:

COMODO CA Limited

Valid from:

9/26/2014 5:00:00 AM

Valid to:

9/27/2015 4:59:59 AM

Subject:

CN=ITVA, O=ITVA, STREET="27/2 Liter A Pom 6-N, prospekt Parkhomenko", L=Saint-Petersburg, S=RU, PostalCode=194356, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

303B020D4BEC85F9AC725DFC5A02D1E8

File PE Metadata

Compilation timestamp:

5/21/2015 2:28:47 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

196608:1oeL9rkq0Kos5dBb94RLAxs4vawLRMoHFrohlcipG3/EWSMVm:CYLN9b94+xR1HF0ls3/EWSe

Entry address:

0x5D9E0

Entry point:

60, BE, 00, 40, 44, 00, 8D, BE, 00, D0, FB, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 71, B3, 05, 00, 57, 83, C3, 04, 53, 68, D9, 99, 01, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Code size:

108 KB (110,592 bytes)

The file coolvertersetupru.exe has been seen being distributed by the following URL.

http://download.coolverter.ru/CoolVerterSetupRU.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to a23-51-123-27.deploy.static.akamaitechnologies.com (23.51.123.27:80)

Remove coolvertersetupru.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.