home

java.exe

Mindad media Ltd.

The application java.exe by Mindad media has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from dl.appsdesktop.com.
Publisher:
Mindad media Ltd.  (signed and verified)

MD5:
2bc573c91e6b76c0eef42c9bf9de4e75

SHA-1:
967aecbcc2446c54e845c184e6464a12b4c6d999

SHA-256:
bd7216ac73fc18966f74ecf716a67beddabf6c5de367a942bccb5b1803e379da

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Analysis date:
4/23/2024 7:02:40 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
MultiBundle.M
2015.0.3532

Dr.Web
Adware.Downware.2081
9.0.1.076

ESET NOD32
Win32/OutBrowse
8.9639

herdProtect (fuzzy)
variant of java(2).exe (Adware)
2014.5.2.7

K7 AntiVirus
Unwanted-Program
13.176.11663

Malwarebytes
PUP.Optional.Mindad
v2014.03.17.11

McAfee
Adware-OutBrowse
5600.7188

NANO AntiVirus
Trojan.Win32.Generic.cthmwf
0.28.0.58873

nProtect
Trojan/W32.Agent.107704
14.04.04.01

Reason Heuristics
PUP.Mindadmedia.E
14.8.7.21

Sophos
DomainIQ pay-per install
4.98

Trend Micro House Call
TROJ_GE.5C6F1877
7.2.76

VIPRE Antivirus
Trojan.Win32.Generic
28068

File size:
105.2 KB (107,704 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\java.exe

Digital Signature
Signed by:
Mindad media Ltd.

Authority:
COMODO CA Limited

Valid from:
8/4/2013 8:00:00 PM

Valid to:
8/5/2014 7:59:59 PM

Subject:
CN=Mindad media Ltd., O=Mindad media Ltd., STREET=hamenofim 9, STREET=herzeliya, L=herzeliya, S=herzeliya, PostalCode=46725, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0E7140EE5347CFF2FBDBE59A34386099

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:agXdZt9P6D3XJmCyV5Ky/9XO3jR0eWSzUu/0W:ae34V0UQ9OzRgW/c

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.6779

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file java.exe has been seen being distributed by the following URL.

http://dl.appsdesktop.com/.../GetMA?p=5970&productname=majava&clickid=1497--1349--1393558922.0502--217b7e6f9d&filename=Java&l=2737&n=1&d=3517

Remove java.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.