» Setup.exe
Overview
Analysis
File Details
Downloads (8)
Network (4)

Setup.exe

Vittalia Internet S.L

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file Setup.exe by Vittalia Internet S.L has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the Vittalia DM installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.

File name:

Setup.exe

Publisher:

Vittalia Internet S.L (signed and verified)

MD5:

fdada7e3ab5fa9034f735e92aec18d20

SHA-1:

274c5858b5bbdfc370b1ae461288dce144c1fec7

SHA-256:

dd47c2f1f413295259451df95f5829eb40e05b5f34bb127f4eed68d9005d17e5

Scanner detections:

14 / 68

Status:

Adware

Explanation:

Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/24/2024 9:52:51 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/InstallCore.Gen9

7.11.179.116

AVG

Generic

2015.0.3315

Baidu Antivirus

Adware.Win32.Bbylon

4.0.3.141020

Dr.Web

Trojan.Packed.28459

9.0.1.0293

ESET NOD32

Win32/InstallCore.QH (variant)

8.10583

Fortinet FortiGate

Riskware/InstallCore

10/20/2014

F-Prot

W32/InstallCore.AC.gen

v6.4.7.1.166

K7 AntiVirus

Unwanted-Program

13.184.13727

Malwarebytes

PUP.Optional.Vittalia

v2014.10.20.03

Qihoo 360 Security

Win32/Trojan.Adware.37e

1.0.0.1015

Reason Heuristics

PUP.VittaliaInternetSL.CC

14.10.20.15

Sophos

Generic PUA CH

4.98

Vba32 AntiVirus

Malware-Cryptor.InstallCore.gen

3.12.26.3

VIPRE Antivirus

Adware.InstallCore

34036

File size:

762 KB (780,288 bytes)

Bundler/Installer:

Vittalia DM (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Vittalia Internet S.L

Authority:

GlobalSign nv-sa

Valid from:

7/9/2014 4:18:24 AM

Valid to:

8/9/2015 4:18:24 AM

Subject:

CN=Vittalia Internet S.L, O=Vittalia Internet S.L, L=Mostoles, S=Madrid, C=ES

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121296DFC83F15C4B1C19CE7B920AA7D12F

File PE Metadata

Compilation timestamp:

6/19/1992 4:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:HPFafJduqBYuk26xsMmJDIYfM8N7NvI/0ILAtWTuSbIQHdFzZ+OV36:HPFKJduJ1xefzm0F8TFXdP+OV36

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Entropy:

7.8814

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file Setup.exe has been seen being distributed by the following 8 URLs.

http://freempr9.softsofast.com/.../download?p=ADCASH&trckid=33609462961413904574

http://freempr9.softsofast.com/.../download?p=ADCASH&trckid=31998843281413916718

http://freempr9.softsofast.com/.../download?p=ADCASH&trckid=14361830741413636718

http://freempr9.softsofast.com/.../download?p=ADCASH&trckid=u29c5290254323817424a54c9d2&track_curl=0

http://freempr9.softsofast.com/.../download?p=ADCASH&trckid=6909277161413596862

http://freempr8.softsofast.com/.../download?p=ADCASH&trckid=15082411831413999994

http://freempr9.downloadallre.com/.../download?p=ADCASH&trckid=35785660431413727163

http://freempr9.softsofast.com/.../download?p=ADCASH&trckid=15120193681413861666

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to pf.vitplatform.com (149.202.192.156:80)

TCP (HTTP):

Connects to ec2-52-214-247-42.eu-west-1.compute.amazonaws.com (52.214.247.42:80)

TCP (HTTP):

Connects to ec2-52-208-40-227.eu-west-1.compute.amazonaws.com (52.208.40.227:80)

TCP (HTTP):

Connects to ec2-176-34-130-130.eu-west-1.compute.amazonaws.com (176.34.130.130:80)

Remove Setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.