SearchLite.EXE

SearchLite 응용 프로그램

WooJung ITS

The application SearchLite.EXE by WooJung ITS has been detected as a potentially unwanted program by 23 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SearchLite’.
Publisher:
WooJung ITS  (signed and verified)

Product:
SearchLite 응용 프로그램

Version:
1, 0, 0, 2

MD5:
b9c23390beacc85cfe368275e7df5123

SHA-1:
d31d59cba34cf9a509c0efcd07f04aaa47efc96d

SHA-256:
90d8781c3347a6c450b6243b678600892037c8073a94d00bc7044577956bce6d

Scanner detections:
23 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 12:05:17 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.344138
359

AhnLab V3 Security
PUP/Win32.SearchLite
2015.01.17

Avira AntiVirus
SPR/Tool.46224
7.11.202.6

avast!
Win32:PUP-gen [PUP]
2014.9-160211

AVG
Generic4
2017.0.2837

Bitdefender
Application.Generic.344138
1.0.20.210

Comodo Security
Heur.Suspicious
20734

Dr.Web
Trojan.DownLoader3.32047
9.0.1.042

ESET NOD32
Win32/Adware.BonusCash.AB (variant)
10.11027

Fortinet FortiGate
Adware/BonusCash
2/11/2016

F-Secure
Application.Generic.344138
11.2016-11-02_5

G Data
Application.Generic.344138
16.2.24

IKARUS anti.virus
not-a-virus:AdWare.Win32.SideTab
t3scan.1.8.6.0

Malwarebytes
Adware.SideOn
v2016.02.11.11

McAfee
Artemis!B9C23390BEAC
5600.6493

MicroWorld eScan
Application.Generic.344138
17.0.0.126

NANO AntiVirus
Trojan.Win32.BonusCash.ckmfg
0.30.0.64448

Norman
Suspicious_Gen2.KAEFC
11.20160211

Rising Antivirus
PE:Trojan.Win32.Generic.127E9126!310284582
23.00.65.16209

Sophos
Generic PUA ND
4.98

Trend Micro House Call
ADW_BONUSCASH
7.2.42

Trend Micro
ADW_BONUSCASH
10.465.11

VIPRE Antivirus
Trojan.Win32.Generic!SB.0
36718

File size:
45.1 KB (46,224 bytes)

Product version:
1, 0, 0, 2

Copyright:
Copyright (C) 2010

Original file name:
SearchLite.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\searchlite\searchlite.exe

Digital Signature
Signed by:

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
3/26/2010 9:00:00 AM

Valid to:
3/27/2011 8:59:59 AM

Subject:
CN=WooJung ITS, O=WooJung ITS, L="Gangnam-gu ", S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
4D2AAB16F6D4B6BBA36AE03604B21FA9

File PE Metadata
Compilation timestamp:
12/28/2010 11:07:04 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:ao93lfjGbMMwU2k1oUw1Vz/TV3lBjdFjn4LgL:aQ6b52kAzVlRdxn48

Entry address:
0x54AD

Entry point:
55, 8B, EC, 6A, FF, 68, A8, 68, 40, 00, 68, 2C, 54, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, F0, 62, 40, 00, 59, 83, 0D, 9C, 8D, 40, 00, FF, 83, 0D, A0, 8D, 40, 00, FF, FF, 15, F4, 62, 40, 00, 8B, 0D, 90, 8D, 40, 00, 89, 08, FF, 15, F8, 62, 40, 00, 8B, 0D, 8C, 8D, 40, 00, 89, 08, A1, FC, 62, 40, 00, 8B, 00, A3, 98, 8D, 40, 00, E8, 1D, 01, 00, 00, 39, 1D, 70, 8C, 40, 00, 75, 0C, 68, 36, 56, 40, 00, FF, 15, 00, 63...
 
[+]

Entropy:
5.3214

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
20 KB (20,480 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SearchLite

Command:
C:\Program Files\searchlite\searchlite.exe


Remove SearchLite.EXE - Powered by Reason Core Security