» jad8102_basic_setup.exe
Overview
Analysis
File Details
Network (1)

jad8102_basic_setup.exe

JetAudio

Cowon America Inc.

The application jad8102_basic_setup.exe, “JetAudio Setup Program” by Cowon America has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. While running, it connects to the Internet address 125.235.4.59.adsl.viettel.vn on port 80 using the HTTP protocol.

File name:

Publisher:

Cowon America (signed by Cowon America Inc.)

Product:

JetAudio

Description:

JetAudio Setup Program

Version:

16.0

MD5:

6b3a88a12f0498d93b2b20a8097ae1bf

SHA-1:

13b6bbeb3a00d91b5888415c86dbb382f03e573d

SHA-256:

4928e8ab3a3d23c716d2f3b7f6f6a17ed152d868904e42abcf51d25cd08c31fd

Scanner detections:

2 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/23/2024 9:27:27 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/OpenCandy (variant)

8.10260

Reason Heuristics

PUP.OpenCandy.Installer (L)

16.12.1.5

File size:

381.3 KB (390,408 bytes)

Product version:

16.0

Original file name:

JetAudioSetup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\jad8102_basic_setup.exe

Digital Signature

Signed by:

Cowon America Inc.

Authority:

GoDaddy.com, Inc.

Valid from:

7/23/2013 11:34:49 PM

Valid to:

7/23/2014 11:34:49 PM

Subject:

CN=Cowon America Inc., O=Cowon America Inc., L=Irvine, S=California, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B13AAC1A1EE61

File PE Metadata

Compilation timestamp:

6/20/2014 2:26:35 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:OSpW4ElLulTt4LJwg8K0dVmymGZf110euTAASwWJBdwM1oxuNkE30G:XM4miJa5oVhryMFNX1v0G

Entry address:

0xC5360

Entry point:

60, BE, 00, 60, 47, 00, 8D, BE, 00, B0, F8, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Entropy:

7.6877

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

320 KB (327,680 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 125.235.4.59.adsl.viettel.vn (125.235.4.59:80)

Remove jad8102_basic_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.