home

dictersetupru.exe

Product Installer

iTVA LLC

The application dictersetupru.exe, “Installer for InstallTraffic.com” by iTVA has been detected as a potentially unwanted program by 12 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from download.dicter.ru.
Publisher:
iTVA LLC  (signed and verified)

Product:
Product Installer

Description:
Installer for InstallTraffic.com

Version:
1.0.20.0

MD5:
e55bcd53a0d14649c2bf107d41dbc6d5

SHA-1:
3f2d04752d592de01efd001595286067a9591ee2

SHA-256:
17f017a9c1662d79fb8301a5da7010c6b8ff03ad82da767f94dfe8c47efa2b9f

Scanner detections:
12 / 68

Status:
Potentially unwanted

Analysis date:
11/14/2024 10:58:16 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
TR/avti.A
7.11.171.22

AVG
iTVA
2015.0.3401

Dr.Web
Adware.Downware.6456
9.0.1.0270

ESET NOD32
Win32/Itva
8.10377

Fortinet FortiGate
Riskware/Itva
9/27/2014

IKARUS anti.virus
PUA.Itva
t3scan.1.7.5.0

K7 AntiVirus
Trojan
13.183.13286

McAfee
Artemis!79B68F292E6C
5600.6994

Norman
Suspicious_Gen4.GYDSI
11.20140927

Reason Heuristics
PUP.Installer.iTVA.N
14.9.27.16

Sophos
Generic PUA MI
4.98

File size:
9.4 MB (9,904,240 bytes)

Product version:
1.0.20.0

Copyright:
Copyright © 2004-2014 iTVA LLC.

Trademarks:
iTVA,InstallTraffic.

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\dictersetupru.exe

Digital Signature
Signed by:
iTVA LLC

Authority:
VeriSign, Inc.

Valid from:
11/23/2012 7:00:00 AM

Valid to:
11/24/2014 6:59:59 AM

Subject:
CN=iTVA LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=iTVA LLC, L=St.Petersburg, S=Russian Federation, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
65EB772671D39CAF088B0D4A828C5E61

File PE Metadata
Compilation timestamp:
7/14/2014 8:39:14 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:K2Pdexzh5O8Diwk7ZvgxT63opQj0w1ZvSh+HGXG6qdD92EhaDtjqmM2Yrk:72h5PelWI3oG0sHGXEdD9Za5TMfk

Entry address:
0x61EB0

Entry point:
60, BE, 00, 80, 44, 00, 8D, BE, 00, 90, FB, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 8C, F5, 05, 00, 57, 83, C3, 04, 53, 68, A8, 9E, 01, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
108 KB (110,592 bytes)

The file dictersetupru.exe has been seen being distributed by the following URL.

http://download.dicter.ru/DicterSetupRU.exe

Remove dictersetupru.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.