divx-plus.exe

DownInstall

Vitbian telecom sl

The application divx-plus.exe by Vitbian telecom sl has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.softmillon.com and multiple other hosts. While running, it connects to the Internet address ocsp.comodoca.com on port 80 using the HTTP protocol.
Publisher:
Vitbian telecom sl  (signed and verified)

Product:
DownInstall

Version:
1.0.0.0

MD5:
ef5d8a66b83f151996ce7823b896ca14

SHA-1:
6b8450b0796578f08af1ec45e27539d2aa7060fb

SHA-256:
7171f2ab9b14925515451479d469596850631f259b21c314eccfb41ad58bb7df

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/23/2024 7:14:56 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Vitbiantelecomsl.J
14.4.28.10

File size:
2.5 MB (2,624,944 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2013

Original file name:
DownInstall.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\divx-plus.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
2/1/2013 1:00:00 AM

Valid to:
2/2/2014 12:59:59 AM

Subject:
CN=Vitbian telecom sl, O=Vitbian telecom sl, STREET=calle durango 45, L=madrid, S=madrid, PostalCode=28023, C=ES

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2B1E042090F8B8A605FB4A8E606FAF59

File PE Metadata
Compilation timestamp:
11/7/2013 2:14:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:kiEnvi99ZUljPMoC8Wv5aWqmy2RIthXSCllQqcRIq9ARtDllDn3YQoK8Gs:ki6a/OwoDA55qhqcXxQ9Iqec

Entry address:
0x27FFAE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 50, 00, 00, 80, 10, 00, 00, 00, 68, 00, 00, 80, 18, 00, 00, 00, 80, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.5 MB (2,613,248 bytes)

The file divx-plus.exe has been seen being distributed by the following 5 URLs.

http://www.softmillon.com/down.php?name=Whatsapp-para-PC

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ocsp.comodoca.com  (178.255.83.1:80)

Remove divx-plus.exe - Powered by Reason Core Security