» ecvl_whj.exe
Overview
Analysis
File Details

ecvl_whj.exe

Armadillo Incorporated

The file ecvl_whj.exe by Armadillo has been detected as a potentially unwanted program by 19 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup.

File name:

ecvl_whj.exe

Publisher:

Armadillo Incorporated (signed and verified)

MD5:

a622891cdcfdc6641ed5289f7dd15e6c

SHA-1:

b9a3dc285323c53cdec6a902ea9df713a877091f

SHA-256:

61d263b0bd8ee1a6bf6e3f0d8878710cde7c23ff2c045f097ab41905ec076759

Scanner detections:

19 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:

11/24/2024 2:37:14 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Razy.32273

316

Avira AntiVirus

PUA/DownloadAdmin.KK

8.3.3.4

Arcabit

Trojan.Razy.D7E11

1.0.0.662

AVG

Downloader.Generic14

2017.0.2794

Bitdefender

Gen:Variant.Razy.32273

1.0.20.420

Bkav FE

W32.HfsAdware

1.3.0.7744

Dr.Web

Trojan.Vittalia.8677

9.0.1.084

Emsisoft Anti-Malware

Gen:Variant.Razy.32273

8.16.03.24.01

ESET NOD32

Win32/TrojanDownloader.Adload.NQO (variant)

10.13228

F-Secure

Gen:Variant.Razy.32273

11.2016-24-03_5

G Data

Gen:Variant.Razy.32273

16.3.25

K7 AntiVirus

Unwanted-Program

13.2119098

Kaspersky

not-a-virus:HEUR:Downloader.Win32.DownloAdmin

14.0.0.467

MicroWorld eScan

Gen:Variant.Razy.32273

17.0.0.252

NANO AntiVirus

Trojan.Win32.Vittalia.eawpur

1.0.18.7201

Qihoo 360 Security

HEUR/QVM20.1.0000.Malware.Gen

1.0.0.1120

Reason Heuristics

PUP.DownloadAdmin (M)

16.3.24.13

Trend Micro House Call

Possible_Virus

7.2.84

Trend Micro

Possible_Virus

10.465.24

File size:

469.3 KB (480,560 bytes)

Common path:

C:\users\{user}\appdata\local\temp\ecvl_whj.exe.part

Digital Signature

Signed by:

Armadillo Incorporated

Authority:

GoDaddy.com, Inc.

Valid from:

3/8/2016 11:17:38 PM

Valid to:

3/8/2017 11:17:38 PM

Subject:

CN=Armadillo Incorporated, O=Armadillo Incorporated, L=SAN FRANCISCO, S=California, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

30F1E885B799F0DA

File PE Metadata

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:a7/+l7amYIf7VxzXMQhJC65Nw98OjkrMXP41s2N1EZH:a7Wl7amdf7LzXMGNU98OjuM/41sa1Ep

Entry address:

0x47130

Entry point:

55, 8B, EC, 64, 8B, 15, 00, 00, 00, 00, 6A, FF, 68, 34, D1, 46, 00, 68, A8, C0, 44, 00, 52, 64, 89, 25, 00, 00, 00, 00, 83, EC, 08, 50, 53, 56, 57, 89, 65, E8, C7, 45, FC, 00, 00, 00, 00, EB, 1D, FF, 75, EC, E8, 63, 55, 00, 00, 83, C4, 04, C3, 8B, 65, E8, C7, 45, FC, FF, FF, FF, FF, 6A, 01, E8, 2E, 55, 00, 00, E8, 5D, 54, 00, 00, 8B, C4, A3, 7C, 12, 47, 00, E8, 5D, 56, 00, 00, 6A, 00, FF, 15, F4, 1A, 40, 00, A3, 84, 12, 47, 00, E8, 2F, 56, 00, 00, FF, 15, B0, 1A, 40, 00, A3, 80, 12, 47, 00, E8, AF, 59, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

315 KB (322,560 bytes)

Remove ecvl_whj.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.