home

litefile.bin

FELT LTD

This is the bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file litefile.bin by FELT has been detected as adware by 3 anti-malware scanners. The program is a setup application that uses the Winner Download Manager installer. While running, it connects to the Internet address ppp-98-27.31-151.wind.it on port 56817.
Publisher:
FELT LTD  (signed and verified)

MD5:
ce43fe2e53f1f1c45f442360dba30d01

SHA-1:
30aaa8dd03d1b85cc993c6a73402dc5f974c4a28

SHA-256:
581564701132a2fb8b43f2ade04468b1b5fee0c5c41642e7bdf9cfef81cc1f1d

Scanner detections:
3 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 9:49:30 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3277

G Data
Win32.Adware.FeltSoftware
14.11.24

Reason Heuristics
PUP.FELT.L
14.11.27.14

File size:
2.5 MB (2,643,720 bytes)

Bundler/Installer:
Winner Download Manager

Common path:
C:\users\{user}\appdata\local\lite file downloader\litefile.bin

Digital Signature
Signed by:
FELT LTD

Authority:
COMODO CA Limited

Valid from:
6/19/2014 5:00:00 AM

Valid to:
6/20/2015 4:59:59 AM

Subject:
CN=FELT LTD, O=FELT LTD, STREET=Dzerzhinskaya Street 16, L=Dzerzhinsky, S=Moscovskaya oblast', PostalCode=140090, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
31F9B93D116C600219FBC64B8D334372

File PE Metadata
Compilation timestamp:
11/24/2014 3:16:30 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:GCfJU2CjvP6W0gby+vPe3BdXXFFXc2xmP5p/NloypRCqtR:zJUtH6W0g2+vMFFXPcHNloy/

Entry address:
0x19AFBF

Entry point:
E8, E8, D7, 01, 00, E9, 39, FE, FF, FF, 55, 8B, EC, FF, 75, 14, FF, 75, 10, FF, 75, 0C, 6A, FF, FF, 75, 08, E8, 05, 00, 00, 00, 83, C4, 14, 5D, C3, 55, 8B, EC, 83, EC, 10, 83, 7D, 10, 00, 8B, 4D, 08, 8B, 45, 0C, 53, 56, 57, 89, 4D, FC, 89, 45, F8, 74, 1B, 8B, 5D, 14, 85, DB, 74, 14, 85, C9, 75, 19, E8, 8E, E4, FF, FF, C7, 00, 16, 00, 00, 00, E8, 6E, C3, 00, 00, 33, C0, 5F, 5E, 5B, 8B, E5, 5D, C3, 8B, 75, 18, 85, F6, 74, 0C, 83, C8, FF, 33, D2, F7, 75, 10, 3B, D8, 76, 24, 83, 7D, 0C, FF, 74, 0E, FF, 75, 0C...
 
[+]

Code size:
1.8 MB (1,935,872 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to unassigned-87.236.195.181.coolhousing.net  (87.236.195.181:80)

TCP (HTTP):
Connects to scssoft.vshosting.cz  (93.185.103.132:80)

TCP:
Connects to a79-168-190-74.cpe.netcabo.pt  (79.168.190.74:11119)

TCP:
Connects to catv-89-134-232-129.catv.broadband.hu  (89.134.232.129:52276)

TCP:
Connects to 89.205.125.180.robi.com.mk  (89.205.125.180:61904)

TCP (HTTP):
Connects to 82-102-187-20.orange.net.il  (82.102.187.20:80)

TCP:
Connects to pw138.internet.piotrkow.pl  (155.133.52.138:28857)

TCP:
Connects to ppp-98-27.31-151.wind.it  (151.31.27.98:56817)

TCP:
Connects to host-197.48.120.112.tedata.net  (197.48.120.112:40642)

TCP:
Connects to fibhost-67-160-50.fibernet.hu  (85.67.160.50:58830)

TCP:
Connects to 86-125-208-16.rdsnet.ro  (86.125.208.16:30683)

TCP:
Connects to 5-12-48-174.residential.rdsnet.ro  (5.12.48.174:54063)

TCP:
Connects to 27.204.8.213.static.012.net.il  (213.8.204.27:22930)

TCP:
Connects to 189-10-253-102.pltce301.ipd.brasiltelecom.net.br  (189.10.253.102:12685)

TCP:
Connects to 177-069-167-245.static.ctbctelecom.com.br  (177.69.167.245:47247)

TCP:
Connects to 135-218-91-219.static.youbroadband.in  (219.91.218.135:18318)

TCP:
Connects to 052-65.telrad.net  (77.239.65.52:1687)

TCP:
Connects to WIN-MGIB0IP4L15  (96.47.144.250:47719)

TCP:
Connects to user-94-254-226-60.play-internet.pl  (94.254.226.60:23926)

TCP:
Connects to static.vnpt.vn  (14.191.50.222:3801)

Remove litefile.bin - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.