home

Microsoft.NET Framework Setup.exe

Microsoft .NET Framework

Install Assistant

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application Microsoft.NET Framework Setup.exe by Install Assistant has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Vittalia DM installer.
Publisher:
Install Assistant  (signed and verified)

Product:
Microsoft .NET Framework

Version:
3.0.0.97

MD5:
addce064e01c823c5c15ba34b4ee42d5

SHA-1:
b6d93c537c41efd75d499759ed3ec9cf11a3f05c

SHA-256:
9925558b8a94934e68a10a4ddd94dd26606d2d39cf74217b1a912c17b7762b66

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/22/2024 11:44:37 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Vittalia (M)
17.3.12.5

File size:
999.2 KB (1,023,152 bytes)

Product version:
3.0.0.97

Copyright:
(c) Install Assistant

Original file name:
Microsoft .NET Framework Setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Vittalia DM

Language:
English (United States)

Common path:
C:\users\{user}\downloads\microsoft.net framework setup.exe

Digital Signature
Signed by:
Install Assistant

Authority:
Symantec Corporation

Valid from:
3/9/2015 7:00:00 PM

Valid to:
3/9/2016 5:59:59 PM

Subject:
CN=Install Assistant, O=Install Assistant, L=Wilmington, S=Delaware, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
22447A22A7271728A9B013CFD533476D

File PE Metadata
Compilation timestamp:
5/6/2015 2:49:17 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x126A

Entry point:
55, 8B, EC, 83, EC, 10, 53, 56, 57, 6A, 00, FF, 15, 08, 10, 49, 00, 8B, F8, 33, D2, 8B, CF, 8B, 5F, 3C, 03, DF, 2B, 05, 1C, 10, 40, 00, 89, 45, F4, 1B, D2, F7, D8, 89, 55, F8, 0F, B7, 73, 14, 83, D2, 00, F7, DA, 89, 75, F0, 52, 8B, 93, A0, 00, 00, 00, 50, 8B, 44, 1E, 24, 03, 05, 28, 10, 40, 00, 50, FF, B3, A4, 00, 00, 00, E8, 88, FD, FF, FF, 8B, 54, 1E, 28, 83, C4, 10, A1, 28, 10, 40, 00, 2B, D0, 83, FA, 01, 76, 0D, 8B, 4C, 1E, 24, 03, C8, 03, CF, E8, F2, FE, FF, FF, A1, 20, 10, 40, 00, 83, C6, 40, 03, F3...
 
[+]

Entropy:
7.0703

Developed / compiled with:
Microsoft Visual C++

Code size:
574.5 KB (588,288 bytes)

Remove Microsoft.NET Framework Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.