» virusscannersetupru.exe
Overview
Analysis
File Details
Downloads (1)

virusscannersetupru.exe

Product Installer

ITVA

The application virusscannersetupru.exe, “ITVA Software Installer” by ITVA has been detected as adware by 3 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from download.checkfile.ru.

File name:

Publisher:

ITVA LLC (signed by ITVA)

Product:

Product Installer

Description:

ITVA Software Installer

Version:

1.1.1.1

MD5:

a1fd5440cbd84626fd0d4bc2a9fc2f6a

SHA-1:

6863e8fcc706821b91791b37a8f0a9fb169ef34a

SHA-256:

78ebbfcdd235188af05157080bff6fa01181c5bd99937b0efaf7f4434cddbb61

Scanner detections:

3 / 68

Status:

Adware

Analysis date:

11/14/2024 11:04:41 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Dr.Web

Adware.Downware.10462

9.0.1.0160

ESET NOD32

Win32/Itva.D potentially unwanted (variant)

9.11587

Reason Heuristics

PUP.Installer.ITVA

15.6.5.21

File size:

14.2 MB (14,887,984 bytes)

Product version:

1.1.1.1

Trademarks:

ITVA,InstallTraffic.

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\virusscannersetupru.exe

Digital Signature

Signed by:

ITVA

Authority:

COMODO CA Limited

Valid from:

9/26/2014 3:00:00 AM

Valid to:

9/27/2015 2:59:59 AM

Subject:

CN=ITVA, O=ITVA, STREET="27/2 Liter A Pom 6-N, prospekt Parkhomenko", L=Saint-Petersburg, S=RU, PostalCode=194356, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

303B020D4BEC85F9AC725DFC5A02D1E8

File PE Metadata

Compilation timestamp:

1/12/2015 1:39:16 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

393216:LpJds6XX1UgmVsYXk2o4lhfe2zlKSjgHa/ubWx8jtNAdqxIE2sf:FTX1UgCkl4lhfe2zlCHKeWupmdqxTvf

Entry address:

0x6B530

Entry point:

60, BE, 00, E0, 44, 00, 8D, BE, 00, 30, FB, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 73, 96, 06, 00, 57, 83, C3, 04, 53, 68, 2C, D5, 01, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Code size:

124 KB (126,976 bytes)

The file virusscannersetupru.exe has been seen being distributed by the following URL.

http://download.checkfile.ru/VirusScannerSetupRU.exe

Remove virusscannersetupru.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.