» f_000af7
Overview
Analysis
File Details

f_000af7

Product Installer

iTVA LLC

The file f_000af7, “Installer for InstallTraffic.com” by iTVA has been detected as a potentially unwanted program by 13 anti-malware scanners. It is also typically executed from the user's temporary directory.

File name:

f_000af7

Publisher:

iTVA LLC (signed and verified)

Product:

Product Installer

Description:

Installer for InstallTraffic.com

Version:

1.0.20.0

MD5:

8442809fbda8d417818aeba36b3de33d

SHA-1:

62ee126f69bf7380f43634ed3fe2986f1819598f

SHA-256:

c57cae5720884e80668b66d4408bc9741302eef6b68049c17368cd60f0987014

Scanner detections:

13 / 68

Status:

Potentially unwanted

Analysis date:

3/13/2025 4:54:34 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

AVG

iTVA

2015.0.3289

Dr.Web

Adware.Downware.6456

9.0.1.0319

ESET NOD32

Win32/Itva

8.10729

Fortinet FortiGate

Riskware/Itva

11/15/2014

IKARUS anti.virus

PUA.Itva

t3scan.1.8.3.0

K7 AntiVirus

Trojan

13.185.14021

McAfee

Artemis!8442809FBDA8

5600.6945

NANO AntiVirus

Riskware.Win32.Downware.dgvnpv

0.28.6.63362

Reason Heuristics

PUP.Installer.iTVA.I

14.11.15.12

Sophos

Generic PUA GC

4.98

Trend Micro House Call

Suspicious_GEN.F47V1014

7.2.319

VIPRE Antivirus

Trojan.Win32.Generic

34810

File size:

9.8 MB (10,326,976 bytes)

Product version:

1.0.20.0

Trademarks:

iTVA,InstallTraffic.

Original file name:

Installer.exe

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\temp\webkit\cache\f_000af7

Digital Signature

Signed by:

iTVA LLC

Authority:

VeriSign, Inc.

Valid from:

11/23/2012 2:00:00 AM

Valid to:

11/24/2014 1:59:59 AM

Subject:

CN=iTVA LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=iTVA LLC, L=St.Petersburg, S=Russian Federation, C=RU

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

65EB772671D39CAF088B0D4A828C5E61

File PE Metadata

Compilation timestamp:

7/14/2014 4:39:14 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

196608:NgCZ32+V+7a8s/QktWNRVMgWljWtbBixnjDMRoPWE4eH9E2HP4F:NgGV+7WSrMgWlqaFPMRMWE4I9gF

Entry address:

0x61EB0

Entry point:

60, BE, 00, 80, 44, 00, 8D, BE, 00, 90, FB, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 8C, F5, 05, 00, 57, 83, C3, 04, 53, 68, A8, 9E, 01, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Code size:

108 KB (110,592 bytes)

Remove f_000af7 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.