installer_openoffice_dutch.exe

Vittalia Internet S.L.

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application installer_openoffice_dutch.exe by Vittalia Internet S.L has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the Vittalia DM installer. This setup program installs potentially unwanted software on the user's PC at the same time as the expected/marketing software, without adequate consent. The program is typically installed via a form of malvertising With this installer, users are expecting to download the free Apache OpenOffice but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Vittalia Internet S.L.  (signed and verified)

MD5:
19b8dd508431750f59adaf2f46b0112d

SHA-1:
4653293fe0aca5c78d360beba9c4dec7feaffae6

SHA-256:
a644d902bd2857e40bdeb7ee939e8ca65d2da9d111e0b8ae51235886625b5610

Scanner detections:
17 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/26/2024 2:58:03 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware
7.1.1

Avira AntiVirus
Adware/Vittalia.AB
7.11.163.74

AVG
Trojan horse Startpage.TQC
2014.0.3986

Clam AntiVirus
Win.Worm.Chir-552
0.98/19185

Comodo Security
TrojWare.Win32.Agent.IEXT
18926

Dr.Web
Adware.Downware.744
9.0.1.05190

ESET NOD32
Win32/Vittalia.C potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Vittalia
7/21/2014

IKARUS anti.virus
Trojan.Win32.StartPage
t3scan.1.6.1.0

Kaspersky
not-a-virus:RiskTool.Win32.Agent
15.0.0.494

McAfee
RDN/Generic PUP.x!cf3
5600.7062

NANO AntiVirus
Trojan.Win32.Downware.cnwpvm
0.28.2.60881

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.VittaliaInternetSL.AA
14.8.7.21

Sophos
Lolliport SoftwareBundler
4.98

SUPERAntiSpyware
Adware.Downware/Variant
10470

VIPRE Antivirus
Threat.4782551
31208

File size:
1 MB (1,092,720 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Vittalia DM

Common path:
C:\users\{user}\downloads\installer_openoffice_dutch.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/5/2012 2:00:00 AM

Valid to:
5/9/2013 1:59:59 AM

Subject:
CN=Vittalia Internet S.L., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Vittalia Internet S.L., L=Mostoles, S=Madrid, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7952CFD9EF040B59F3C140BA1DA97A60

File PE Metadata
Compilation timestamp:
12/4/2012 9:27:43 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:l9WC988bu6Cowsz82LENXjo39xQ1mPbjRP4V2ziLd1ZtiPJ:lB88TCoNz82Wo3Hem1y2ziJ1ZMPJ

Entry address:
0xE39A

Entry point:
E8, 8D, 88, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B8, D1, 42, 00, E8, 50, 57, 00, 00, E8, 32, 29, 00, 00, 0F, B7, F0, 6A, 02, E8, 20, 88, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 5E, 5D, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
139.5 KB (142,848 bytes)

The file installer_openoffice_dutch.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.uplstatsone.com  (93.189.33.84:80)

TCP (HTTP):
Connects to services.upd4ter.com  (93.189.33.101:80)

TCP (HTTP):
Connects to media.vitavita.com.es  (109.70.128.135:80)

TCP (HTTP):
Connects to download.upd4ter.com  (93.189.33.101:80)

 
http://download.upd4ter.com/installers/down.php

Remove installer_openoffice_dutch.exe - Powered by Reason Core Security