» lovivideosetup.exe
Overview
Analysis
File Details
Downloads (1)

lovivideosetup.exe

ЛовиVideo

iTVA LLC

The application lovivideosetup.exe, “ЛовиVideo Setup ” by iTVA has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from download.lovivideo.ru.

File name:

lovivideosetup.exe

Publisher:

iTVA, Co. Ltd. (signed by iTVA LLC)

Product:

ЛовиVideo

Description:

ЛовиVideo Setup

Version:

1.5.0.0

MD5:

06867ec796378e3e408ebc0a14389b76

SHA-1:

8f2d6d2f7bc680fdba7bbc7ac8e537b7e684ab89

SHA-256:

e47bdb08816093eb5c0ed1f00960163f4499cdd0d90ee58cdca69189a1d49a16

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/14/2024 10:57:39 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Installer.iTVA.O

14.9.27.16

File size:

32 MB (33,558,312 bytes)

Product version:

1.5.0.0

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\lovivideosetup.exe

Digital Signature

Signed by:

iTVA LLC

Authority:

VeriSign, Inc.

Valid from:

11/23/2012 3:00:00 AM

Valid to:

11/24/2014 2:59:59 AM

Subject:

CN=iTVA LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=iTVA LLC, L=St.Petersburg, S=Russian Federation, C=RU

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

65EB772671D39CAF088B0D4A828C5E61

File PE Metadata

Compilation timestamp:

10/9/2012 11:48:22 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

786432:zpGsCALu/67UXrO2MSMsjmq1O9az+dEKx+94cq75N+Z:z88ui7UXrO2MSGqR/I+7I

Entry address:

0xF3BC

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 64, ED, 40, 00, E8, E8, 71, FF, FF, 33, C0, 55, 68, 89, FA, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 45, FA, 40, 00, 64, FF, 32, 64, 89, 22, A1, 48, 3B, 41, 00, E8, BE, F7, FF, FF, E8, 65, F3, FF, FF, 8D, 55, EC, 33, C0, E8, F7, C3, FF, FF, 8B, 55, EC, B8, 4C, 66, 41, 00, E8, 6A, 58, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 4C, 66, 41, 00, B2, 01... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

59 KB (60,416 bytes)

The file lovivideosetup.exe has been seen being distributed by the following URL.

http://download.lovivideo.ru/setup_lovivideo.exe

Remove lovivideosetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.