screencapturesetupru.exe

Product Installer

ITVA

The application screencapturesetupru.exe, “ITVA Software Installer” by ITVA has been detected as adware by 3 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from download.screencapture.ru.
Publisher:
ITVA LLC  (signed by ITVA)

Product:
Product Installer

Description:
ITVA Software Installer

Version:
1.1.1.1

MD5:
133218b941ee2769046f3ce01fa89554

SHA-1:
f8b399ab64d36e1e296ac60df33f5e0529a2e546

SHA-256:
96f3b6e16412b929900e1e3ea3ef8d0e4547142673713200d9e555b33b391414

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
11/14/2024 10:55:55 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.10462
9.0.1.0160

ESET NOD32
Win32/Itva.D potentially unwanted (variant)
9.11587

Reason Heuristics
PUP.Installer.ITVA
15.6.5.21

File size:
11.5 MB (12,106,912 bytes)

Product version:
1.1.1.1

Copyright:
Copyright © 2004-2014 ITVA LLC.

Trademarks:
ITVA,InstallTraffic.

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\screencapturesetupru.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
9/26/2014 3:00:00 AM

Valid to:
9/27/2015 2:59:59 AM

Subject:
CN=ITVA, O=ITVA, STREET="27/2 Liter A Pom 6-N, prospekt Parkhomenko", L=Saint-Petersburg, S=RU, PostalCode=194356, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
303B020D4BEC85F9AC725DFC5A02D1E8

File PE Metadata
Compilation timestamp:
1/12/2015 1:39:16 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:EVZ2a/NuN6zq+k6DvF5b/NUzmqhB+yxauJlxyg7swxYeiEq4k6lnKn:SJ/oN6m+zDviN+yxaaVKEJKn

Entry address:
0x6B530

Entry point:
60, BE, 00, E0, 44, 00, 8D, BE, 00, 30, FB, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 73, 96, 06, 00, 57, 83, C3, 04, 53, 68, 2C, D5, 01, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
124 KB (126,976 bytes)

The file screencapturesetupru.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Remove screencapturesetupru.exe - Powered by Reason Core Security