updater.exe

7-Zip

Install Assistant

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application updater.exe by Install Assistant has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Vittalia DM installer. The file has been seen being downloaded from wx7vt4e26f.down-load-soft-fast.com.
Publisher:
Igor Pavlov  (signed by Install Assistant)

Product:
7-Zip

Description:
7z SFX

Version:
9.20

MD5:
d300a9cb4cab527006b179137b22712c

SHA-1:
5fb45f9ac56d840d3599c220252936674d8c55a5

SHA-256:
3dd09d998bcef29a87adfa33a1c131e8c876a29487d4137508dedcac43574361

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/26/2024 12:15:56 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Vittalia.InstallA (M)
16.3.13.5

File size:
1.1 MB (1,178,784 bytes)

Product version:
9.20

Copyright:
Copyright (c) 1999-2010 Igor Pavlov

Original file name:
7z.sfx.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Vittalia DM

Language:
English (United States)

Common path:
C:\users\{user}\downloads\updater.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
12/2/2015 12:00:00 AM

Valid to:
12/1/2016 11:59:59 PM

Subject:
CN=Install Assistant, O=Install Assistant, L=Wilmington, S=Delaware, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
08E92E5C80AD2907C83D98EDED9100D6

File PE Metadata
Compilation timestamp:
11/18/2010 4:27:33 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:mWvknOMEdlNxN7hmdBOAqicWcQ7RVv8IOq8G+3hLXZVHQZSbdpCoomXOK:mUeOMc9Lf+9VEI3ixrHaSn7B

Entry address:
0x1D262

Entry point:
55, 8B, EC, 6A, FF, 68, 20, 1E, 42, 00, 68, 5C, D2, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 04, 11, 42, 00, 59, 83, 0D, 90, BD, 42, 00, FF, 83, 0D, 94, BD, 42, 00, FF, FF, 15, 00, 11, 42, 00, 8B, 0D, 70, 9D, 42, 00, 89, 08, FF, 15, FC, 10, 42, 00, 8B, 0D, 6C, 9D, 42, 00, 89, 08, A1, 64, 11, 42, 00, 8B, 00, A3, 8C, BD, 42, 00, E8, 1C, 01, 00, 00, 39, 1D, 20, 7A, 42, 00, 75, 0C, 68, EA, D3, 41, 00, FF, 15, 0C, 11...
 
[+]

Entropy:
6.9640

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
126.5 KB (129,536 bytes)

The file updater.exe has been seen being distributed by the following URL.

Remove updater.exe - Powered by Reason Core Security