home

face-win32.exe

EliteCom LLC

The application face-win32.exe by EliteCom has been detected as adware by 22 anti-malware scanners. The file has been seen being downloaded from files.downloadnow.com and multiple other hosts.
Publisher:
EliteCom LLC  (signed and verified)

MD5:
e4489b7c6ea94a37ed38d901d7df491c

SHA-1:
ced01826cffde3ce2acb5276f2ca846a4d493fed

SHA-256:
2501b6cf3c78168844bf670724214bfb01074249498f04b3b5141b40d91c65c1

Scanner detections:
22 / 68

Status:
Adware

Analysis date:
4/25/2024 6:20:56 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.WinPump
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.211.246

avast!
Win32:WinPump-F [PUP]
2014.9-150611

AVG
AdInstaller.SoGe
2016.0.3081

Bitdefender
Gen:Variant.FakeAV.21
1.0.20.810

Comodo Security
UnclassifiedMalware
21160

Dr.Web
Tool.WinPump.11
9.0.1.0162

Emsisoft Anti-Malware
Gen:Variant.FakeAV.21
8.15.06.11.12

ESET NOD32
Win32/Adware.WinPump (variant)
9.11212

Fortinet FortiGate
Adware/WinPump
6/11/2015

F-Secure
Gen:Variant.FakeAV.21
11.2015-11-06_5

G Data
Gen:Variant.FakeAV.21
15.6.25

Kaspersky
not-a-virus:Downloader.Win32.FileHunter
14.0.0.1879

Malwarebytes
PUP.FileHunter
v2015.06.16.05

MicroWorld eScan
Gen:Variant.FakeAV.21
16.0.0.486

NANO AntiVirus
Riskware.Win32.WinPump.huhif
0.30.0.296

Norman
Gen:Variant.Adware.Graftor.22035
11.20150616

Qihoo 360 Security
Win32/Trojan.d7e
1.0.0.1015

Reason Heuristics
PUP.EliteCom
15.6.11.12

Sophos
PUA 'WinPump Installer' (of type Adware)
5.15

Vba32 AntiVirus
Riskware.WinPump
3.12.26.3

VIPRE Antivirus
Adware.Win32.WinPump.a
37762

File size:
1.9 MB (2,027,424 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\face-win32.exe

Digital Signature
Signed by:
EliteCom LLC

Authority:
VeriSign, Inc.

Valid from:
5/24/2011 3:00:00 AM

Valid to:
5/24/2012 2:59:59 AM

Subject:
CN=EliteCom LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=EliteCom LLC, L=Moscow, S=Moscow, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0D46ED94C2490FD92EB443BD7FC803C9

File PE Metadata
Compilation timestamp:
7/15/2011 11:59:01 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:8D3E79amMTjKyUOIurBR2YMoIpKuFD+Z08Cz/:/m55RMXptG0Dz

Entry address:
0xCC0C4

Entry point:
55, 8B, EC, 83, C4, F0, B8, 5C, AA, 4C, 00, E8, C4, BF, F3, FF, A1, D0, 45, 4D, 00, 8B, 00, E8, 34, 3C, FA, FF, A1, D0, 45, 4D, 00, 8B, 00, B2, 01, E8, 8E, 57, FA, FF, 8B, 0D, B0, 47, 4D, 00, A1, D0, 45, 4D, 00, 8B, 00, 8B, 15, 00, 9F, 4C, 00, E8, 26, 3C, FA, FF, A1, D0, 45, 4D, 00, 8B, 00, E8, 6A, 3D, FA, FF, E8, 69, 90, F3, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.3224

Developed / compiled with:
Microsoft Visual C++

Code size:
812.5 KB (832,000 bytes)

The file face-win32.exe has been seen being distributed by the following 2 URLs.

http://files.downloadnow.com/s/software/12/04/82/.../Face-Win32.exe

http://software-files-a.cnet.com/s/software/12/04/82/.../Face-Win32.exe

Remove face-win32.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.