home

installer_excel_spanish.exe

The application installer_excel_spanish.exe has been detected as a potentially unwanted program by 25 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from domsem.com.edgesuite.net and multiple other hosts.
MD5:
13ae8487c6cc7e765f0a86749c94f760

SHA-1:
decd6b1c57b58743804355ececdadf71330fefbb

SHA-256:
9df8d058b3a5da6f15380e1c026bf4c470b5b0d477d58aed8b3b4f25d105dc0c

Scanner detections:
25 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
12/26/2024 5:07:33 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.416847
777

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
TR/Kazy.416847.81
7.11.164.56

avast!
Win32:Installer-T [PUP]
2014.9-141219

AVG
Adware BundleApp_r.Z
2014.0.4235

Bitdefender
Gen:Variant.Kazy.416847
1.0.20.1765

Clam AntiVirus
Win.Trojan.Agent-760080
0.98/19807

Comodo Security
TrojWare.Win32.Agent.IEXT
18868

Dr.Web
Trojan.DownLoader11.20646
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Kazy.416847
8.14.12.19.09

ESET NOD32
Win32/Vittalia.Q potentially unwanted application
7.0.302.0

F-Prot
W32/A-0f9e1723
v6.4.7.1.166

F-Secure
Gen:Variant.Kazy.416847
11.2014-19-12_6

G Data
Gen:Variant.Kazy.416847
14.12.24

IKARUS anti.virus
PUA.Vittalia
t3scan.1.6.1.0

Malwarebytes
PUP.Optional.InstallCore
v2014.12.19.09

McAfee
Program.CryptVittalia
16.8.708.2

MicroWorld eScan
Gen:Variant.Kazy.416847
15.0.0.1059

Norman
Vittalia.AXXN
11.20141219

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.12.19.21

Rising Antivirus
PE:Trojan.Win32.Generic.16FF4EF2!385830642
23.00.65.141217

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10167

VIPRE Antivirus
Threat.4782551
31208

Zillya! Antivirus
Trojan.Black.Win32.17248
2.0.0.1906

File size:
1.1 MB (1,136,342 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\installer_excel_spanish.exe

File PE Metadata
Compilation timestamp:
7/8/2014 4:25:50 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:4YLPXiW0+W/laLBjzXh3pNSCFjR3k4P3w8Jnam:4s70+W6DvPgu

Entry address:
0x1C0BB

Entry point:
E8, B7, 9D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, D5, 43, 00, E8, 6F, 41, 00, 00, E8, 60, 37, 00, 00, 0F, B7, F0, 6A, 02, E8, 4A, 9D, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 48, 68, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.6888

Code size:
192.5 KB (197,120 bytes)

The file installer_excel_spanish.exe has been seen being distributed by the following 2 URLs.

http://domsem.com.edgesuite.net/installers/out/007280072900730/piid-01234567899874563210012345678912/ax/descargares/spanish/seo/chrome/excel/d/782198027fc5094c479d3ef9a43b22b5/vit/.../installer_excel_Spanish.exe

http://excel.descargar.es/down.php

Remove installer_excel_spanish.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.