home

filehunter.exe

EliteCom LLC

The application filehunter.exe by EliteCom has been detected as adware by 22 anti-malware scanners.
Publisher:
EliteCom LLC  (signed and verified)

MD5:
eff4e5948e96277583eb035e210d868a

SHA-1:
b45876a9fb41511bb38c1c52d1928933582f1f7f

SHA-256:
0f31a92a8c13208cd3370adab9d3a8cd77f06fa96775d4cf02c0a74ca88e66fc

Scanner detections:
22 / 68

Status:
Adware

Analysis date:
4/25/2024 1:36:00 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.403825
490

Agnitum Outpost
Adware.WinPump
7.1.1

Avira AntiVirus
Adware/WinPump.tuza
7.11.146.82

avast!
Win32:PUP-gen [PUP]
2014.9-151003

AVG
AdInstaller.SoGe
2016.0.2968

Baidu Antivirus
AdWare.Win32.WinPump
4.0.3.15103

Bitdefender
Application.Generic.403825
1.0.20.1380

Comodo Security
UnclassifiedMalware
18192

ESET NOD32
Win32/Adware.WinPump (variant)
9.9740

Fortinet FortiGate
W32/Adware_fam.NB
10/3/2015

F-Prot
W32/Banker.T.gen
v6.4.7.1.166

F-Secure
Application.Generic.403825
11.2015-03-10_7

G Data
Application.Generic.403825
15.10.24

McAfee
Artemis!EFF4E5948E96
5600.6624

MicroWorld eScan
Application.Generic.403825
16.0.0.828

NANO AntiVirus
Riskware.Win32.WinPump.rdwoi
0.28.0.59608

Qihoo 360 Security
Win32/Virus.Adware.7e9
1.0.0.1015

Reason Heuristics
PUP.EliteCom (M)
15.10.3.9

Sophos
Generic PUA LE
4.98

Trend Micro House Call
TROJ_GEN.R0CBC0EHO13
7.2.276

Trend Micro
TROJ_GEN.R0CBC0EHO13
10.465.03

VIPRE Antivirus
Adware.Win32.WinPump.a
28710

File size:
2.1 MB (2,231,920 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\filehunter.exe

Digital Signature
Signed by:
EliteCom LLC

Authority:
VeriSign, Inc.

Valid from:
5/24/2011 8:00:00 AM

Valid to:
5/24/2012 7:59:59 AM

Subject:
CN=EliteCom LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=EliteCom LLC, L=Moscow, S=Moscow, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0D46ED94C2490FD92EB443BD7FC803C9

File PE Metadata
Compilation timestamp:
11/13/2011 3:09:53 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:/PVySufD3M4tFtlHqWqVTs5K8ixET4TsAnssv:Xx4tFvkrrssv

Entry address:
0x15B4F8

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, D4, 27, 55, 00, E8, 87, F7, EA, FF, 8B, 1D, FC, 80, 56, 00, 8B, 03, E8, 0E, EA, F5, FF, 8B, 03, B2, 01, E8, 41, 07, F6, FF, 8B, 03, 33, D2, E8, 18, E4, F5, FF, 8B, 0D, 34, 83, 56, 00, 8B, 03, 8B, 15, EC, DB, 54, 00, E8, 01, EA, F5, FF, 8B, 0D, 9C, 83, 56, 00, 8B, 03, 8B, 15, 10, D6, 54, 00, E8, EE, E9, F5, FF, 8B, 03, E8, 37, EB, F5, FF, 5B, E8, 9D, AF, EA, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5482

Developed / compiled with:
Microsoft Visual C++

Code size:
1.4 MB (1,416,192 bytes)

Remove filehunter.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.