home

screencapturesetupru.exe

Product Installer

iTVA LLC

The application screencapturesetupru.exe, “Installer for InstallTraffic.com” by iTVA has been detected as a potentially unwanted program by 12 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from download.screencapture.ru.
Publisher:
iTVA LLC  (signed and verified)

Product:
Product Installer

Description:
Installer for InstallTraffic.com

Version:
1.0.20.0

MD5:
2c315b2e5cf5d49a7b1e288cc64b92cd

SHA-1:
a2303fadabd39dab472fcef33bd9a6ddf2e8693f

SHA-256:
32c8fb563f4276d1ac243cfe478da681a185dfc1b14af3210cae004d8b53c713

Scanner detections:
12 / 68

Status:
Potentially unwanted

Analysis date:
11/14/2024 11:11:37 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AVG
iTVA
2015.0.3297

Dr.Web
Adware.Downware.6456
9.0.1.0312

ESET NOD32
Win32/Itva
8.10682

Fortinet FortiGate
Riskware/Itva
11/8/2014

IKARUS anti.virus
PUA.Itva
t3scan.1.8.3.0

K7 AntiVirus
Trojan
13.185.13930

McAfee
Artemis!2C315B2E5CF5
5600.6953

NANO AntiVirus
Riskware.Win32.Downware.dgvnpv
0.28.6.62995

Reason Heuristics
PUP.Installer.iTVA
15.5.20.13

Sophos
Generic PUA KC
4.98

VIPRE Antivirus
Trojan.Win32.Generic
34568

File size:
11.3 MB (11,863,904 bytes)

Product version:
1.0.20.0

Copyright:
Copyright © 2004-2014 iTVA LLC.

Trademarks:
iTVA,InstallTraffic.

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\screencapturesetupru.exe

Digital Signature
Signed by:
iTVA LLC

Authority:
VeriSign, Inc.

Valid from:
11/23/2012 7:00:00 AM

Valid to:
11/24/2014 6:59:59 AM

Subject:
CN=iTVA LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=iTVA LLC, L=St.Petersburg, S=Russian Federation, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
65EB772671D39CAF088B0D4A828C5E61

File PE Metadata
Compilation timestamp:
7/14/2014 9:39:14 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:4lJywu1OxiCgakbHjThLVPJqNUraWu2EigBpm6LTrMft0wspRSadjodUgkORJEGM:4LywuSiCgdvPJqNEaWazpm67M1akApgM

Entry address:
0x61EB0

Entry point:
60, BE, 00, 80, 44, 00, 8D, BE, 00, 90, FB, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 8C, F5, 05, 00, 57, 83, C3, 04, 53, 68, A8, 9E, 01, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
108 KB (110,592 bytes)

The file screencapturesetupru.exe has been seen being distributed by the following URL.

http://download.screencapture.ru/ScreenCaptureSetupRU.exe

Remove screencapturesetupru.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.