home

installer_minecraft_italian.exe

Vittalia Internet S.L.

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application installer_minecraft_italian.exe by Vittalia Internet S.L has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the Vittalia DM installer. The installer is marketed through download protals and search ads as Minecraft but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Vittalia Internet S.L.  (signed and verified)

MD5:
9185b37df84abb1b50661c8bbdcf6056

SHA-1:
5a8aafbb2364388778368cc78deb0ecf56acfe10

SHA-256:
02b714bf87a7a2c4ef0272d8e8d378028fb1188b369bf4047b6f3b2ae3d508ca

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/5/2024 6:49:19 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Kryptik
7.1.1

Avira AntiVirus
APPL/Vittalia.onema
8.3.1.6

AVG
Adware AdInstaller.Vitalia
2014.0.4311

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Trojan.Vittalia-1
0.98/20550

Comodo Security
Application.Win32.Vittalia.AB
22336

Dr.Web
Trojan.Vittalia.42
9.0.1.05190

ESET NOD32
Win32/Vittalia.H potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Vittalia
6/4/2015

IKARUS anti.virus
AdWare.Win32.Vittalia
t3scan.1.9.5.0

K7 AntiVirus
Unwanted-Program
13.204.16143

Kaspersky
not-a-virus:RiskTool.Win32.Agent
15.0.0.543

Malwarebytes
PUP.Optional.Vittalia
v2015.06.04.05

NANO AntiVirus
Trojan.Win32.Downware.bxpixu
0.30.24.1636

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Quick Heal
PUA.Vittaliain.Gen
6.15.14.00

Reason Heuristics
PUP.Vittalia.Bundler
15.6.4.17

SUPERAntiSpyware
Adware.Downware/Variant
9834

VIPRE Antivirus
Vittalia Installer
40830

File size:
2.7 MB (2,814,624 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Vittalia DM

Common path:
C:\users\{user}\downloads\installer_minecraft_italian.exe

Digital Signature
Signed by:
Vittalia Internet S.L.

Authority:
VeriSign, Inc.

Valid from:
10/1/2012 2:00:00 AM

Valid to:
10/2/2015 1:59:59 AM

Subject:
CN=Vittalia Internet S.L., OU=IT, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Vittalia Internet S.L., L=Mostoles, S=Madrid, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
00B5B17F6085B2B530BA3A0FF637EE1A

File PE Metadata
Compilation timestamp:
4/17/2013 12:46:00 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:7Pjun6QJar6QTbYULuQTkYzbguUz+6A82SKZZ37zPYJl4Fogm/:7bcOZCfF2jZpXAH4u/

Entry address:
0x65070

Entry point:
60, BE, 00, 20, 44, 00, 8D, BE, 00, F0, FB, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
144 KB (147,456 bytes)

The file installer_minecraft_italian.exe has been seen being distributed by the following URL.

http://itall.filewin.com/.../down.php?numar=150&p=it-adc

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.uplstatsone.com  (93.189.33.84:80)

TCP (HTTP):
Connects to services.upd4ter.com  (93.189.33.101:80)

TCP (HTTP):
Connects to media.vitavita.com.es  (109.70.128.135:80)

Remove installer_minecraft_italian.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.