home

java_installer.exe

Square Network Tech Co.,LTD.

The application java_installer.exe by Square Network Tech Co.,LTD has been detected as adware by 28 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The installer is marketed through download protals and search ads as the free Oracle Java Runtime but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Square Network Tech Co.,LTD.  (signed and verified)

MD5:
6fef6239ad093f0c383464123ccef74c

SHA-1:
439b453f13bf6a4e31783d782b27fb03cd49a3f2

SHA-256:
f5cb6eaff422bc2fcf6ea88f2f83b7071bacdbffe832221f05d00f6e75d66832

Scanner detections:
28 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/25/2024 11:07:42 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.E
689

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2015.03.18

Avira AntiVirus
APPL/Tool.SquareNet.65
7.11.218.34

avast!
Win32:Malware-gen
2014.9-150317

AVG
Adware BundleApp_r.N
2014.0.4257

Bitdefender
Application.Bundler.E
1.0.20.380

Clam AntiVirus
Win.Trojan.Bundler
0.98/20309

Dr.Web
Adware.Downware.4148
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler
9.0.0.4799

ESET NOD32
Win32/SquareNet.A potentially unwanted application
7.0.302.0

F-Prot
W32/A-c7715e1d
v6.4.7.1.166

F-Secure
Riskware.Application.Bundler.E
5.13.68

G Data
Application.Bundler
15.3.25

herdProtect (fuzzy)
variant of xv61fctd.exe.part (Adware)
2015.6.23.20

IKARUS anti.virus
PUA.SquareNet
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.181.12872

Malwarebytes
PUP.Optional.MultiPlug.A
v2015.03.17.11

McAfee
Program.PUP-FAU
5600.6823

Microsoft Security Essentials
Threat.Undefined
1.193.2905.0

MicroWorld eScan
Application.Bundler.E
16.0.0.228

Norman
Application.Bundler.E
03.12.2014 13:20:04

Panda Antivirus
Trj/Genetic.gen
15.03.17.11

Reason Heuristics
PUP.Bundler.SquareNetworkTechCoLTD
15.3.17.23

Sophos
PUA 'Square Network Installer' (of type Adware)
5.12

SUPERAntiSpyware
Heur.Agent/Gen-FakeChrome
9991

VIPRE Antivirus
Threat.4150696
37788

Zillya! Antivirus
Backdoor.Klon.Win32.1009
2.0.0.2104

File size:
944.3 KB (966,928 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Common path:
C:\users\{user}\downloads\java_installer.exe

Digital Signature
Signed by:
Square Network Tech Co.,LTD.

Authority:
VeriSign, Inc.

Valid from:
12/30/2013 7:00:00 PM

Valid to:
12/31/2014 6:59:59 PM

Subject:
CN="Square Network Tech Co.,LTD.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Square Network Tech Co.,LTD.", L=Zhongshan, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
08F1CEE1EA15CE4F4CA29FDEBE3DACA3

File PE Metadata
Compilation timestamp:
5/9/2014 8:14:32 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:FHy5Vrm55G7bY18rfhqXEAGXfYxMCJSuOIKe/9x:FHy5VCeY1YoXErPfKjK29x

Entry address:
0x5F8BC

Entry point:
E8, 24, C9, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 83, 65, FC, 00, 53, 8B, 5D, 10, 85, DB, 75, 07, 33, C0, E9, 9A, 00, 00, 00, 57, 83, FB, 04, 72, 75, 8D, 7B, FC, 85, FF, 76, 6E, 8B, 4D, 0C, 8B, 45, 08, 8A, 10, 83, C0, 04, 83, C1, 04, 84, D2, 74, 52, 3A, 51, FC, 75, 4D, 8A, 50, FD, 84, D2, 74, 3C, 3A, 51, FD, 75, 37, 8A, 50, FE, 84, D2, 74, 26, 3A, 51, FE, 75, 21, 8A, 50, FF, 84, D2, 74, 10, 3A, 51, FF, 75, 0B, 83, 45, FC, 04, 39, 7D, FC, 72, C2, EB, 3F, 0F, B6, 40, FF, 0F, B6, 49, FF, EB, 46...
 
[+]

Entropy:
6.6488

Code size:
484 KB (495,616 bytes)

The file java_installer.exe has been seen being distributed by the following URL.

http://www.trackjava.net/trace?offer_id=13232&aff_id=13166&aff_sub=5ac

Remove java_installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.