installer_avg__anti-virus_free_edition_2012_english.exe

Vittalia Internet S.L.

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application installer_avg__anti-virus_free_edition_2012_english.exe by Vittalia Internet S.L has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the Vittalia DM installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Vittalia Internet S.L.  (signed and verified)

MD5:
c02b01d5f232fbae0ad062ac4c175af9

SHA-1:
37dd18f1803150247f12fa1b6d60174f59865603

SHA-256:
6632528d77fbc91e9b09c622839fc72ad903c214c34870b9d3d9a6cb31c39de5

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/28/2024 4:01:15 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Kryptik
7.1.1

Avira AntiVirus
Adware/Vittalia.AB
7.11.210.156

AVG
Adware AdInstaller.Vitalia
2014.0.4257

Comodo Security
Application.Win32.Vittalia.AB
21106

Dr.Web
Adware.Downware.1139
9.0.1.05190

ESET NOD32
Win32/Vittalia.H potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Vittalia
2/17/2015

F-Secure
Adware.Eorezo.BZ
5.13.68

IKARUS anti.virus
AdWare.Win32.Vittalia
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.195.14984

Kaspersky
not-a-virus:RiskTool.Win32.Agent
15.0.0.543

Malwarebytes
PUP.Optional.Vittalia
v2015.02.17.11

NANO AntiVirus
Trojan.Win32.Downware.bxpixu
0.30.0.65070

Norman
InstallCore.WTRR
11.20150217

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Reason Heuristics
PUP.Vittalia
15.2.17.10

SUPERAntiSpyware
Adware.Downware/Variant
10048

VIPRE Antivirus
Threat.4782551
36694

File size:
2.2 MB (2,272,088 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Vittalia DM

Common path:
C:\users\{user}\downloads\installer_avg__anti-virus_free_edition_2012_english.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/5/2012 1:00:00 AM

Valid to:
5/9/2013 12:59:59 AM

Subject:
CN=Vittalia Internet S.L., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Vittalia Internet S.L., L=Mostoles, S=Madrid, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7952CFD9EF040B59F3C140BA1DA97A60

File PE Metadata
Compilation timestamp:
4/17/2013 11:46:00 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:PtPeSiVIvs9JJtj8E+KdKWHcW9h8ykW9ceuE+LgJAPwDQvgpgBWm8b0sZcx20oXV:VP2pJLj7dq1YVUw+WmQzZZzRNgi

Entry address:
0x65070

Entry point:
60, BE, 00, 20, 44, 00, 8D, BE, 00, F0, FB, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
6.4751

Packer / compiler:
UPX 2.90LZMA

Code size:
144 KB (147,456 bytes)

The file installer_avg__anti-virus_free_edition_2012_english.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.uplstatsone.com  (93.189.33.84:80)

TCP (HTTP):
Connects to services.upd4ter.com  (93.189.33.101:80)

TCP (HTTP):
Connects to media.vitavita.com.es  (109.70.128.135:80)

TCP (HTTP):
Connects to download.upd4ter.com  (93.189.33.101:80)

 
http://download.upd4ter.com/installers/down.php