» searclh-fits.ru_ru.exe
Overview
Analysis
File Details

searclh-fits.ru_ru.exe

ITEA LLC

The application searclh-fits.ru_ru.exe by ITEA has been detected as a potentially unwanted program by 2 anti-malware scanners.

File name:

Publisher:

ITEA LLC (signed and verified)

MD5:

0347f2460928967a928bffa69d5b1229

SHA-1:

f32c91b221e5ccf84cc1669fb5a0875f395f3e50

SHA-256:

68c449ef970455d2e3c3b991d9453c53caffbb29f8f7cf2d5e9bc1d14194983e

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 3:22:44 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.StartPage1.25621

9.0.1.05190

Reason Heuristics

PUP.HomePageDef.ITEA (M)

16.6.9.0

File size:

289.7 KB (296,648 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\searclh-fits.ru_ru.exe

Digital Signature

Signed by:

ITEA LLC

Authority:

COMODO CA Limited

Valid from:

2/18/2016 3:00:00 AM

Valid to:

2/18/2017 2:59:59 AM

Subject:

CN="""ITEA"" LLC", OU=IT, O="""ITEA"" LLC", STREET="prosp. Vyzvolyteliv, 5", L=Kiev, S=Kiev, PostalCode=02660, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

277A5AD5AF3F7ADB181C76A58924E916

File PE Metadata

Compilation timestamp:

3/18/2016 4:34:53 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

6144:nht8UcDD1Zr0Lb6ehGi/Vy/T0wqQw3XKupai4cf:nz8fD5ZrM7GwyEQwnKh2f

Entry address:

0x4141

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, 2C, 08, 00, 00, 31, DB, E8, A0, 7A, 00, 00, 89, A5, 58, F9, FF, FF, 83, EC, 30, 89, D8, FC, 8D, 74, 24, 0F, 83, E6, F0, 89, F7, AB, AB, AB, AB, AB, 6A, 00, 6A, 00, 6A, 00, 6A, 00, 6A, 0A, 56, 6A, 00, 6A, 00, E8, 2A, 7A, 00, 00, 85, C0, 74, 14, 6A, 00, 6A, 00, 6A, 00, 6A, 00, 6A, 0A, 56, 6A, 00, 6A, 00, E8, 12, 7A, 00, 00, FC, 8D, 95, 80, FC, FF, FF, 89, D8, 89, D7, 8B, A5, 58, F9, FF, FF, AB, 83, EC, 30, AB, 8D, 7C, 24, 0F, 83, EC, 30, 83, E7, F0, AB, AB, AB, AB, AB, 8D, 7C... 
[+]

Code size:

44.5 KB (45,568 bytes)

Remove searclh-fits.ru_ru.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.