SpyHunter4.exe

SpyHunter4

Enigma Software Group USA, LLC.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SpyHunter Security Suite’. This is installed with multiple programs including SpyHunter 4 and SpyHunter. The file has been seen being downloaded from s6831.chomikuj.pl and multiple other hosts.
Publisher:
Enigma Software Group USA, LLC.  (signed and verified)

Product:
SpyHunter4

Description:
SpyHunter4 application

Version:
4.1.11.0

MD5:
4faee05b33e3f48b93860d12fc7f56a8

SHA-1:
a677a1a9143ec083c831fd9d492093a6ed86d79d

SHA-256:
4b897ed143e0d8d6e8d38b8f4f670a2eca1258c8c0f6b2262470bb3a5facb712

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 2:26:25 PM UTC  (today)

File size:
2.9 MB (3,021,720 bytes)

Product version:
4.1.11.0

Copyright:
Copyright 2003-2010. Enigma Software Group USA, LLC. All rights reserved.

Original file name:
SpyHunter4.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\enigma software group\spyhunter\spyhunter4.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/21/2008 5:00:00 PM

Valid to:
4/22/2011 4:59:59 PM

Subject:
CN="Enigma Software Group USA, LLC.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Enigma Software Group USA, LLC.", L=Stamford, S=Connecticut, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6127B01400BEED5731890FC24B5BD4CC

File PE Metadata
Compilation timestamp:
5/18/2010 6:56:53 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:XPAOp9pWyNWRZWtx+0s1nOQ6OYrDnOqxWE47T8VHy1kSv84ctxlLA:4WbNWRZWtx+0sVP6OY/nOo47T8VHaDgC

Entry address:
0xE270A

Entry point:
E8, 80, 06, 01, 00, E9, 79, FE, FF, FF, 6A, 0C, 68, 58, 34, 55, 00, E8, E8, 39, 00, 00, 33, C0, 33, F6, 39, 75, 08, 0F, 95, C0, 3B, C6, 75, 1D, E8, 0A, E8, FF, FF, C7, 00, 16, 00, 00, 00, 56, 56, 56, 56, 56, E8, 54, B9, FF, FF, 83, C4, 14, 83, C8, FF, EB, 5F, E8, 96, 1B, 00, 00, 6A, 20, 5B, 03, C3, 50, 6A, 01, E8, A1, 1C, 00, 00, 59, 59, 89, 75, FC, E8, 7F, 1B, 00, 00, 03, C3, 50, E8, E6, C1, 00, 00, 59, 8B, F8, 8D, 45, 0C, 50, 56, FF, 75, 08, E8, 67, 1B, 00, 00, 03, C3, 50, E8, 5C, 8B, 00, 00, 89, 45, E4...
 
[+]

Entropy:
7.3534

Code size:
1.1 MB (1,183,232 bytes)

Scheduled Task
Task name:
SpyHunter4Startup

Trigger:
Logon (Runs on logon)


Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SpyHunter Security Suite

Command:
C:\Program Files\enigma software group\spyhunter\spyhunter4.exe


The file SpyHunter4.exe has been discovered within the following programs.

SpyHunter  by Enigma Software Group
SpyHunter is an antivirus program that also includes its built in 'registry cleaner', Reghunter. It also may be bundled with 3rd party pay per install programs such as InstallIQ.
www.enigmasoftware.com/products/spyhunter
41% remove it
SpyHunter 4  by Enigma Software Group
www.enigmasoftware.com
43% remove it
 
Powered by Should I Remove It?

The file SpyHunter4.exe has been seen being distributed by the following 12 URLs.

http://s6831.chomikuj.pl/File.aspx?e=mCy-SkKYt71bdXr0_tEQIa3zyvxFVY06RdI8VWXBOdpoMsB7aSSWDRgUQq0qsbB9i6TUeM_uA-FWRe0ivgpFxjZdwFGZ_Z0sqTnW_BjBYEkNXOWBH_sK98YnHy4niT-6ocgP0_rev4QkYgB9xAQyZQ&pv=2

https://onedrive.live.com/download.aspx?cid=E36D4CC0A5FF3611&authKey=!AC_KfTIhZ2bXWIU&resid=E36D4CC0A5FF3611!19784&ithint=.exe

http://s6831.chomikuj.pl/File.aspx?e=mCy-SkKYt71bdXr0_tEQIa3zyvxFVY06RdI8VWXBOdrySWlxdEzizLr-5gdAbdF4wy3b36udhnStBl5ZlG5cvpvGbd1zPYQYueVGH8uP6y2RArf5r4EzIJ48NvaRshKXhXfOVdv9DutgUB4DpIYi6A&pv=2

about:internet

Scan SpyHunter4.exe - Powered by Reason Core Security