Setup.exe

Vittalia Internet S.L

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file Setup.exe by Vittalia Internet S.L has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the Vittalia DM installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.
Publisher:
Vittalia Internet S.L  (signed and verified)

MD5:
fdada7e3ab5fa9034f735e92aec18d20

SHA-1:
274c5858b5bbdfc370b1ae461288dce144c1fec7

SHA-256:
dd47c2f1f413295259451df95f5829eb40e05b5f34bb127f4eed68d9005d17e5

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/28/2024 4:21:20 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
7.11.179.116

AVG
Generic
2015.0.3315

Baidu Antivirus
Adware.Win32.Bbylon
4.0.3.141020

Dr.Web
Trojan.Packed.28459
9.0.1.0293

ESET NOD32
Win32/InstallCore.QH (variant)
8.10583

Fortinet FortiGate
Riskware/InstallCore
10/20/2014

F-Prot
W32/InstallCore.AC.gen
v6.4.7.1.166

K7 AntiVirus
Unwanted-Program
13.184.13727

Malwarebytes
PUP.Optional.Vittalia
v2014.10.20.03

Qihoo 360 Security
Win32/Trojan.Adware.37e
1.0.0.1015

Reason Heuristics
PUP.VittaliaInternetSL.CC
14.10.20.15

Sophos
Generic PUA CH
4.98

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
3.12.26.3

VIPRE Antivirus
Adware.InstallCore
34036

File size:
762 KB (780,288 bytes)

Bundler/Installer:
Vittalia DM (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
7/9/2014 4:18:24 AM

Valid to:
8/9/2015 4:18:24 AM

Subject:
CN=Vittalia Internet S.L, O=Vittalia Internet S.L, L=Mostoles, S=Madrid, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121296DFC83F15C4B1C19CE7B920AA7D12F

File PE Metadata
Compilation timestamp:
6/19/1992 4:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:HPFafJduqBYuk26xsMmJDIYfM8N7NvI/0ILAtWTuSbIQHdFzZ+OV36:HPFKJduJ1xefzm0F8TFXdP+OV36

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8814

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file Setup.exe has been seen being distributed by the following 8 URLs.

http://freempr9.softsofast.com/.../download?p=ADCASH&trckid=33609462961413904574

http://freempr9.softsofast.com/.../download?p=ADCASH&trckid=31998843281413916718

http://freempr9.softsofast.com/.../download?p=ADCASH&trckid=14361830741413636718

http://freempr9.softsofast.com/.../download?p=ADCASH&trckid=u29c5290254323817424a54c9d2&track_curl=0

http://freempr9.softsofast.com/.../download?p=ADCASH&trckid=6909277161413596862

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to pf.vitplatform.com  (149.202.192.156:80)

TCP (HTTP):
Connects to ec2-52-214-247-42.eu-west-1.compute.amazonaws.com  (52.214.247.42:80)

TCP (HTTP):
Connects to ec2-52-208-40-227.eu-west-1.compute.amazonaws.com  (52.208.40.227:80)

TCP (HTTP):
Connects to ec2-176-34-130-130.eu-west-1.compute.amazonaws.com  (176.34.130.130:80)

Remove Setup.exe - Powered by Reason Core Security