lovivksetupru.exe

Product Installer

iTVA LLC

The application lovivksetupru.exe, “Installer for InstallTraffic.com” by iTVA has been detected as a potentially unwanted program by 12 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from download.lovivkontakte.ru and multiple other hosts.
Publisher:
iTVA LLC  (signed and verified)

Product:
Product Installer

Description:
Installer for InstallTraffic.com

Version:
1.0.20.0

MD5:
20fd45091068ec37d5177084dfa1c034

SHA-1:
e01d72b19412745c1695a5190ac73e239477db53

SHA-256:
0d4b0750d4431a7035aed0c77593db802010eaf9c95ad7ca923399dd00152ebe

Scanner detections:
12 / 68

Status:
Potentially unwanted

Analysis date:
11/26/2024 11:42:37 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AVG
iTVA
2016.0.3150

Dr.Web
Adware.Downware.6456
9.0.1.094

ESET NOD32
Win32/Itva.A potentially unwanted
9.11423

Fortinet FortiGate
Riskware/Itva
4/4/2015

IKARUS anti.virus
PUA.Itva
t3scan.1.8.9.0

K7 AntiVirus
Adware
13.202.15480

McAfee
Artemis!20FD45091068
5600.6806

NANO AntiVirus
Riskware.Win32.Downware.dgvnpv
0.30.8.659

Reason Heuristics
PUP.Installer.iTVA
15.4.4.6

Sophos
Generic PUA OA
4.98

VIPRE Antivirus
Trojan.Win32.Generic
39032

File size:
10 MB (10,469,120 bytes)

Product version:
1.0.20.0

Copyright:
Copyright © 2004-2014 iTVA LLC.

Trademarks:
iTVA,InstallTraffic.

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\lovivksetupru.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
11/23/2012 4:00:00 AM

Valid to:
11/24/2014 3:59:59 AM

Subject:
CN=iTVA LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=iTVA LLC, L=St.Petersburg, S=Russian Federation, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
65EB772671D39CAF088B0D4A828C5E61

File PE Metadata
Compilation timestamp:
7/14/2014 5:39:14 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:zN2oB8HGjeR5XzR6gLmK6foQccZEyINnB+HRQQUvk:EGRzzjcGcna8v

Entry address:
0x61EB0

Entry point:
60, BE, 00, 80, 44, 00, 8D, BE, 00, 90, FB, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 8C, F5, 05, 00, 57, 83, C3, 04, 53, 68, A8, 9E, 01, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
108 KB (110,592 bytes)

The file lovivksetupru.exe has been seen being distributed by the following 3 URLs.

http://download.lovivkontakte.ru/LoviVKSetupRU.exe

https://cloclo26.datacloudmail.ru/weblink/get/.../5HVwGLdHb?x-email=undefined

Remove lovivksetupru.exe - Powered by Reason Core Security