installer_ares_2_3_0_spanish.exe

Vittalia Internet S.L

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application installer_ares_2_3_0_spanish.exe by Vittalia Internet S.L has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the Vittalia DM installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from downloadv.mp3.es and multiple other hosts. While running, it connects to the Internet address pf.vitplatform.com on port 80 using the HTTP protocol.
Publisher:
Vittalia Internet S.L  (signed and verified)

MD5:
3a3dffe329a6ac1c99e8ad02b063f3c4

SHA-1:
fa8b5254990553417836c2615dc390d0746b2439

SHA-256:
0ddd648951ec3acfee6cbde1d809bb5e14994b1c8a0076da3960b2ea67607f36

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/26/2024 3:21:38 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
7.11.182.106

avast!
Malware-gen
2014.9-150414

AVG
Generic
2016.0.3140

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.15414

Comodo Security
ApplicUnwnt
19463

Dr.Web
Trojan.Packed.28459
9.0.1.0104

ESET NOD32
Win32/InstallCore.QH potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Riskware/InstallCore
4/14/2015

F-Prot
W32/InstallCore.AC.gen
v6.4.7.1.166

K7 AntiVirus
Unwanted-Program
13.185.13853

Malwarebytes
PUP.Optional.Vittalia
v2015.04.14.06

McAfee
Program.Artemis!3A3DFFE329A6
16.8.708.2

Qihoo 360 Security
Win32/Trojan.Adware.37e
1.0.0.1015

Reason Heuristics
Threat.Vittalia.Bundler
15.4.14.6

Sophos
PUA 'Install Core Click run software'
5.12

Trend Micro House Call
Suspicious_GEN.F47V0922
7.2.104

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
3.12.26.3

VIPRE Antivirus
Threat.4150696
34232

File size:
763.6 KB (781,920 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Vittalia DM (using Inno Setup)

Common path:
C:\users\{user}\downloads\installer_ares_2_3_0_spanish.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
7/9/2014 5:18:24 AM

Valid to:
8/9/2015 5:18:24 AM

Subject:
CN=Vittalia Internet S.L, O=Vittalia Internet S.L, L=Mostoles, S=Madrid, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121296DFC83F15C4B1C19CE7B920AA7D12F

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:C7FaDPMfQHv8BMgAXbvhieNjNuS2twXeNjEEb9Oet4j3rEg5KOaBkAF31EmJnuCB:C7FyEfQHUBlALhiUjo9twmEyMz3rXPgt

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8870

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file installer_ares_2_3_0_spanish.exe has been seen being distributed by the following 2 URLs.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to pf.vitplatform.com  (149.202.192.156:80)

TCP (HTTP):
Connects to hosted-by.leaseweb.com  (199.58.87.155:80)

TCP (HTTP):
Connects to ec2-34-198-66-66.compute-1.amazonaws.com  (34.198.66.66:80)

TCP (HTTP):
Connects to 50.115.122.45.static.westdc.net  (50.115.122.45:80)

TCP (HTTP):
Connects to ec2-54-213-173-59.us-west-2.compute.amazonaws.com  (54.213.173.59:80)

TCP (HTTP):
Connects to ec2-54-191-59-48.us-west-2.compute.amazonaws.com  (54.191.59.48:80)

TCP (HTTP):
Connects to ec2-54-186-117-168.us-west-2.compute.amazonaws.com  (54.186.117.168:80)

TCP (HTTP):
Connects to ec2-52-26-136-207.us-west-2.compute.amazonaws.com  (52.26.136.207:80)

TCP (HTTP):
Connects to ec2-52-25-117-203.us-west-2.compute.amazonaws.com  (52.25.117.203:80)

Remove installer_ares_2_3_0_spanish.exe - Powered by Reason Core Security