home

java_installer.exe

Square Network Tech Co.,LTD.

The application java_installer.exe by Square Network Tech Co.,LTD has been detected as adware by 14 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from websitecom.us.
Publisher:
Square Network Tech Co.,LTD.  (signed and verified)

MD5:
83daeb7c440f276e72f4eb0b80a4cd7b

SHA-1:
491cb275e986b3e28837d3b6a2ae80b8de1094c8

SHA-256:
2dfbad700236d547b7436e2dd46f7155462bb28083b3ac75e47cec36e84a1481

Scanner detections:
14 / 68

Status:
Adware

Analysis date:
4/29/2024 6:05:51 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
2014.9-140801

AVG
Generic
2015.0.3395

Comodo Security
Application.Win32.SquareNet.C
19070

Dr.Web
Trojan.Starter.3364
9.0.1.0213

ESET NOD32
Win32/SquareNet.A potentially unwanted application
8.7.0.302.0

G Data
Win32.Application.Bundler
14.8.24

herdProtect (fuzzy)
variant of flv_installer.exe (Adware)
2014.9.11.2

IKARUS anti.virus
PUA.SquareNet
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.182.12926

McAfee
PUP-FAU
5600.7051

Panda Antivirus
Trj/Genetic.gen
14.08.01.01

Reason Heuristics
PUP.SquareNetworkTechCoLTD.O
14.8.1.12

Sophos
Square Network Installer
4.98

VIPRE Antivirus
Threat.4895341
31208

File size:
928.2 KB (950,496 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\java_installer.exe

Digital Signature
Signed by:
Square Network Tech Co.,LTD.

Authority:
VeriSign, Inc.

Valid from:
12/30/2013 4:00:00 PM

Valid to:
12/31/2014 3:59:59 PM

Subject:
CN="Square Network Tech Co.,LTD.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Square Network Tech Co.,LTD.", L=Zhongshan, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
08F1CEE1EA15CE4F4CA29FDEBE3DACA3

File PE Metadata
Compilation timestamp:
7/31/2014 7:24:02 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:dbBZY8lgcQqQ49B8TQksen+/Bcje/WTU2RKAHw1t5:dXZeEcjewU2Rnat5

Entry address:
0x86DFF

Entry point:
E8, 91, CB, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 83, 65, FC, 00, 53, 8B, 5D, 10, 85, DB, 75, 07, 33, C0, E9, 9A, 00, 00, 00, 57, 83, FB, 04, 72, 75, 8D, 7B, FC, 85, FF, 76, 6E, 8B, 4D, 0C, 8B, 45, 08, 8A, 10, 83, C0, 04, 83, C1, 04, 84, D2, 74, 52, 3A, 51, FC, 75, 4D, 8A, 50, FD, 84, D2, 74, 3C, 3A, 51, FD, 75, 37, 8A, 50, FE, 84, D2, 74, 26, 3A, 51, FE, 75, 21, 8A, 50, FF, 84, D2, 74, 10, 3A, 51, FF, 75, 0B, 83, 45, FC, 04, 39, 7D, FC, 72, C2, EB, 3F, 0F, B6, 40, FF, 0F, B6, 49, FF, EB, 46...
 
[+]

Entropy:
6.6423

Code size:
650.5 KB (666,112 bytes)

The file java_installer.exe has been seen being distributed by the following URL.

http://websitecom.us/entry/.../exefile?ref=cpxi2&site_id=1518&CLICK_ID=409003257

Remove java_installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.