home

{v3}.exe

7-Zip

Install Assistant

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application {v3}.exe by Install Assistant has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Vittalia DM installer.
Publisher:
Igor Pavlov  (signed by Install Assistant)

Product:
7-Zip

Description:
7z SFX

Version:
9.20

MD5:
a33313b416eaf20ec1a54bae324d88e4

SHA-1:
52170903a8508b9f0febc76a0a5d98b0c44e388d

SHA-256:
e23152529fed7b765c8eb23ad2a097a71ed395e3502613a9b67e5e45212952b5

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/22/2024 11:32:52 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Vittalia (M)
17.3.11.14

File size:
1.1 MB (1,152,896 bytes)

Product version:
9.20

Copyright:
Copyright (c) 1999-2010 Igor Pavlov

Original file name:
7z.sfx.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Vittalia DM

Language:
English (United States)

Common path:
C:\users\{user}\downloads\{v3}.exe

Digital Signature
Signed by:
Install Assistant

Authority:
Symantec Corporation

Valid from:
5/19/2015 9:00:00 PM

Valid to:
5/19/2016 8:59:59 PM

Subject:
CN=Install Assistant, O=Install Assistant, L=Wilmington, S=Delaware, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
264A6ADE8EACA4A4ABF5E871A3DF7813

File PE Metadata
Compilation timestamp:
11/18/2010 2:27:33 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x1D262

Entry point:
55, 8B, EC, 6A, FF, 68, 20, 1E, 42, 00, 68, 5C, D2, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 04, 11, 42, 00, 59, 83, 0D, 90, BD, 42, 00, FF, 83, 0D, 94, BD, 42, 00, FF, FF, 15, 00, 11, 42, 00, 8B, 0D, 70, 9D, 42, 00, 89, 08, FF, 15, FC, 10, 42, 00, 8B, 0D, 6C, 9D, 42, 00, 89, 08, A1, 64, 11, 42, 00, 8B, 00, A3, 8C, BD, 42, 00, E8, 1C, 01, 00, 00, 39, 1D, 20, 7A, 42, 00, 75, 0C, 68, EA, D3, 41, 00, FF, 15, 0C, 11...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
126.6 KB (129,684 bytes)

Remove {v3}.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.