» filehunter-win32.exe
Overview
Analysis
File Details

filehunter-win32.exe

EliteCom LLC

The application filehunter-win32.exe by EliteCom has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. It is also typically executed from the user's temporary directory.

File name:

Publisher:

EliteCom LLC (signed and verified)

MD5:

c8b1edc66d830c7cb980541fb3c59643

SHA-1:

475723e8272921de6103d5aef6fe4a2448c4de27

SHA-256:

be795186d09b4299e48e8358b02e597eb0ab885d8093cc0fb830b4f0c7cea931

Scanner detections:

16 / 68

Status:

Adware

Explanation:

The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:

4/23/2024 2:55:44 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.WinPump

7.1.1

Avira AntiVirus

ADWARE/Yontoo.Gen

7.11.149.178

avast!

Win32:WinPump-F [PUP]

2014.9-150524

AVG

AdInstaller.SoGe

2016.0.3099

Comodo Security

UnclassifiedMalware

18274

Dr.Web

Tool.WinPump.9

9.0.1.0144

ESET NOD32

Win32/Adware.WinPump (variant)

9.9801

Fortinet FortiGate

Adware/Agent

5/24/2015

F-Prot

W32/Swizzor.ESU

v6.4.7.1.166

IKARUS anti.virus

AdWare.Yontoo

t3scan.1.6.1.0

Kaspersky

not-a-virus:AdWare.Win32.Agent

14.0.0.1991

Malwarebytes

PUP.Optional.BabylonToolBar.A

v2015.05.24.07

NANO AntiVirus

Riskware.Win32.WinPump.huhhs

0.28.0.59826

Quick Heal

Trojan.NSIS.Adload.A

5.15.14.00

Reason Heuristics

PUP.Installer.EliteCom

15.5.24.15

VIPRE Antivirus

Adware.Win32.WinPump.a

29218

File size:

5.4 MB (5,682,400 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\temp\filehunter-win32.exe

Digital Signature

Signed by:

EliteCom LLC

Authority:

VeriSign, Inc.

Valid from:

5/23/2011 7:00:00 PM

Valid to:

5/23/2012 6:59:59 PM

Subject:

CN=EliteCom LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=EliteCom LLC, L=Moscow, S=Moscow, C=RU

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0D46ED94C2490FD92EB443BD7FC803C9

File PE Metadata

Compilation timestamp:

12/5/2009 4:50:41 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:aKmfO4tMj0OC22I//CFImkUAL6v7pODVWNedFXGEKSw2SePZQbIAwbXO:n8TOhHqFDkUjv7axtGED7StkAwb

Entry address:

0x30CB

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9997

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

Remove filehunter-win32.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.