home

installer_excel_spanish.exe

The application installer_excel_spanish.exe has been detected as a potentially unwanted program by 34 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from domsem.com.edgesuite.net and multiple other hosts.
MD5:
4c7b49cb7bc9374f2759a09fa01a1792

SHA-1:
29a78a46fae8db5565019ad98fbb60089376498f

SHA-256:
e3124a8308aff71ea033c02707bc3b198ab4eb0113bbd5b771b70a0dd0d42579

Scanner detections:
34 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
1/13/2025 11:34:30 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.416847
777

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
TR/Kazy.416847.81
7.11.164.56

avast!
Win32:Installer-T [PUP]
2014.9-141219

AVG
Adware BundleApp_r.Z
2014.0.4235

Bitdefender
Gen:Variant.Kazy.416847
1.0.20.1765

Clam AntiVirus
Win.Trojan.Agent-760080
0.98/19807

Comodo Security
TrojWare.Win32.Agent.IEXT
18868

Dr.Web
Trojan.DownLoader11.20646
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Kazy.416847
8.14.12.19.09

ESET NOD32
Win32/Vittalia.Q potentially unwanted application
7.0.302.0

F-Prot
W32/A-0f9e1723
v6.4.7.1.166

F-Secure
Gen:Variant.Kazy.416847
11.2014-19-12_6

G Data
Gen:Variant.Kazy.416847
14.12.24

IKARUS anti.virus
PUA.Vittalia
t3scan.1.6.1.0

Malwarebytes
PUP.Optional.InstallCore
v2014.12.19.09

McAfee
Program.CryptVittalia
16.8.708.2

MicroWorld eScan
Gen:Variant.Kazy.416847
15.0.0.1059

Norman
Vittalia.AXXN
11.20141219

Panda Antivirus
Trj/Genetic.gen
14.12.19.10

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.12.19.21

Rising Antivirus
PE:Trojan.Win32.Generic.16FF4EF2!385830642
23.00.65.141217

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10167

VIPRE Antivirus
Threat.4782551
31208

Zillya! Antivirus
Trojan.Black.Win32.17248
2.0.0.1906

File size:
1.3 MB (1,368,022 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer_excel_spanish.exe

File PE Metadata
Compilation timestamp:
7/8/2014 4:25:50 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:4YLPXiW0+W/laLBjzXh3pNSCFjR3k4P3w8JnaSe98sE/lC+:4s70+W6DvPgae9WU+

Entry address:
0x1C0BB

Entry point:
E8, B7, 9D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, D5, 43, 00, E8, 6F, 41, 00, 00, E8, 60, 37, 00, 00, 0F, B7, F0, 6A, 02, E8, 4A, 9D, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 48, 68, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.6293

Code size:
192.5 KB (197,120 bytes)

The file installer_excel_spanish.exe has been seen being distributed by the following 2 URLs.

http://domsem.com.edgesuite.net/installers/out/007280072900730/piid-01234567899874563210012345678912/ax/descargares/spanish/seo/chrome/excel/d/782198027fc5094c479d3ef9a43b22b5/vit/.../installer_excel_Spanish.exe

http://excel.descargar.es/down.php

Remove installer_excel_spanish.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.