installer_bad_piggies_english.exe

Vittalia Internet S.L.

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application installer_bad_piggies_english.exe by Vittalia Internet S.L has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the Vittalia DM installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from download.fwinnet.net. While running, it connects to the Internet address services.upd4ter.com on port 80 using the HTTP protocol.
Publisher:
Vittalia Internet S.L.  (signed and verified)

MD5:
43a2ae894366b1c2f4bff3ca66508e1b

SHA-1:
813383f34c15f71cd912f0cc091984d7d8513df4

SHA-256:
00eb0b7d5eded603eb7dcb43daea14cd65d638c7af8d92fdc20822ce05e56ab6

Scanner detections:
17 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/28/2024 4:20:38 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Kryptik
7.1.1

Avira AntiVirus
Adware/Vittalia.AB
7.11.204.248

AVG
Adware AdInstaller.Vitalia
2014.0.4253

Comodo Security
Application.Win32.Vittalia.AB
20833

Dr.Web
Adware.Downware.1139
9.0.1.05190

ESET NOD32
Win32/Vittalia.H potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Vittalia
1/24/2015

IKARUS anti.virus
AdWare.Win32.Vittalia
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.192.14744

Kaspersky
not-a-virus:RiskTool.Win32.Agent
15.0.0.543

Malwarebytes
PUP.Optional.Vittalia
v2015.01.24.07

NANO AntiVirus
Trojan.Win32.Downware.bxpixu
0.30.0.64812

Norman
InstallCore.WTRR
11.20150124

Qihoo 360 Security
Malware.QVM01.Gen
1.0.0.1015

Reason Heuristics
PUP.Vittalia
15.1.24.19

SUPERAntiSpyware
Adware.Downware/Variant
10095

VIPRE Antivirus
Threat.4782551
36694

File size:
2.2 MB (2,275,224 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Vittalia DM

Common path:
C:\users\{user}\downloads\installer_bad_piggies_english.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/4/2012 8:00:00 PM

Valid to:
5/8/2013 7:59:59 PM

Subject:
CN=Vittalia Internet S.L., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Vittalia Internet S.L., L=Mostoles, S=Madrid, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7952CFD9EF040B59F3C140BA1DA97A60

File PE Metadata
Compilation timestamp:
4/17/2013 6:46:00 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:qPkHmuncE6QTbYU4ug1LP9DMpySV2U1V17wjWUYgSk:qH4Mxidk

Entry address:
0x65070

Entry point:
60, BE, 00, 20, 44, 00, 8D, BE, 00, F0, FB, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
6.4742

Packer / compiler:
UPX 2.90LZMA

Code size:
144 KB (147,456 bytes)

The file installer_bad_piggies_english.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.uplstatsone.com  (93.189.33.84:80)

TCP (HTTP):
Connects to services.upd4ter.com  (93.189.33.101:80)

TCP (HTTP):
Connects to media.vitavita.com.es  (109.70.128.135:80)

Remove installer_bad_piggies_english.exe - Powered by Reason Core Security