ecvl_whj.exe

Armadillo Incorporated

The file ecvl_whj.exe by Armadillo has been detected as a potentially unwanted program by 19 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup.
Publisher:
Armadillo Incorporated  (signed and verified)

MD5:
a622891cdcfdc6641ed5289f7dd15e6c

SHA-1:
b9a3dc285323c53cdec6a902ea9df713a877091f

SHA-256:
61d263b0bd8ee1a6bf6e3f0d8878710cde7c23ff2c045f097ab41905ec076759

Scanner detections:
19 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
11/24/2024 2:37:14 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Razy.32273
316

Avira AntiVirus
PUA/DownloadAdmin.KK
8.3.3.4

Arcabit
Trojan.Razy.D7E11
1.0.0.662

AVG
Downloader.Generic14
2017.0.2794

Bitdefender
Gen:Variant.Razy.32273
1.0.20.420

Bkav FE
W32.HfsAdware
1.3.0.7744

Dr.Web
Trojan.Vittalia.8677
9.0.1.084

Emsisoft Anti-Malware
Gen:Variant.Razy.32273
8.16.03.24.01

ESET NOD32
Win32/TrojanDownloader.Adload.NQO (variant)
10.13228

F-Secure
Gen:Variant.Razy.32273
11.2016-24-03_5

G Data
Gen:Variant.Razy.32273
16.3.25

K7 AntiVirus
Unwanted-Program
13.2119098

Kaspersky
not-a-virus:HEUR:Downloader.Win32.DownloAdmin
14.0.0.467

MicroWorld eScan
Gen:Variant.Razy.32273
17.0.0.252

NANO AntiVirus
Trojan.Win32.Vittalia.eawpur
1.0.18.7201

Qihoo 360 Security
HEUR/QVM20.1.0000.Malware.Gen
1.0.0.1120

Reason Heuristics
PUP.DownloadAdmin (M)
16.3.24.13

Trend Micro House Call
Possible_Virus
7.2.84

Trend Micro
Possible_Virus
10.465.24

File size:
469.3 KB (480,560 bytes)

Common path:
C:\users\{user}\appdata\local\temp\ecvl_whj.exe.part

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
3/8/2016 11:17:38 PM

Valid to:
3/8/2017 11:17:38 PM

Subject:
CN=Armadillo Incorporated, O=Armadillo Incorporated, L=SAN FRANCISCO, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
30F1E885B799F0DA

File PE Metadata
OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:a7/+l7amYIf7VxzXMQhJC65Nw98OjkrMXP41s2N1EZH:a7Wl7amdf7LzXMGNU98OjuM/41sa1Ep

Entry address:
0x47130

Entry point:
55, 8B, EC, 64, 8B, 15, 00, 00, 00, 00, 6A, FF, 68, 34, D1, 46, 00, 68, A8, C0, 44, 00, 52, 64, 89, 25, 00, 00, 00, 00, 83, EC, 08, 50, 53, 56, 57, 89, 65, E8, C7, 45, FC, 00, 00, 00, 00, EB, 1D, FF, 75, EC, E8, 63, 55, 00, 00, 83, C4, 04, C3, 8B, 65, E8, C7, 45, FC, FF, FF, FF, FF, 6A, 01, E8, 2E, 55, 00, 00, E8, 5D, 54, 00, 00, 8B, C4, A3, 7C, 12, 47, 00, E8, 5D, 56, 00, 00, 6A, 00, FF, 15, F4, 1A, 40, 00, A3, 84, 12, 47, 00, E8, 2F, 56, 00, 00, FF, 15, B0, 1A, 40, 00, A3, 80, 12, 47, 00, E8, AF, 59, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
315 KB (322,560 bytes)

Remove ecvl_whj.exe - Powered by Reason Core Security