home

java_installer.exe

Guangzhou Shibei Information Technology Co., Ltd.

The application java_installer.exe by Guangzhou Shibei Information Technology Co. has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. With this installer, users are expecting to download the free Oracle Java Runtime but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Guangzhou Shibei Information Technology Co., Ltd.  (signed and verified)

MD5:
eec58bd0474584e766c64538546a8eed

SHA-1:
8416aeb17133ada660cd7ce0ce2a5700ec43d0c8

SHA-256:
8fb917dfb65a48e22e0418b0863d7fb365094139a035d342a8b8d3d354f192a3

Scanner detections:
23 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/19/2024 10:58:15 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.E
910

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.07.31

Avira AntiVirus
APPL/SquareNet.AO
7.11.164.150

avast!
Win32:Malware-gen
2014.9-140808

AVG
BundleApp_r.N
2015.0.3388

Bitdefender
Application.Bundler.E
1.0.20.1100

Clam AntiVirus
Win.Trojan.Bundler
0.98/19246

Dr.Web
Adware.Downware.4148
9.0.1.0220

ESET NOD32
Win32/SquareNet.A potentially unwanted application
8.7.0.302.0

F-Secure
Application.Bundler.E
11.2014-08-08_6

G Data
Application.Bundler
14.8.24

IKARUS anti.virus
PUA.Bundler
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.181.12898

Malwarebytes
PUP.Optional.MultiPlug.A
v2014.08.08.03

McAfee
PUP-FAU
5600.7044

MicroWorld eScan
Application.Bundler.E
15.0.0.660

Panda Antivirus
Trj/Genetic.gen
14.08.08.03

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.GuangzhouShibeiInformationTechnologyCo.R
14.7.31.23

Sophos
Square Network Installer
4.98

SUPERAntiSpyware
Heur.Agent/Gen-FakeChrome
10434

VIPRE Antivirus
Threat.4150696
31208

File size:
924.3 KB (946,472 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader

Common path:
C:\users\{user}\downloads\java_installer.exe

Digital Signature
Signed by:
Guangzhou Shibei Information Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
5/14/2014 8:00:00 PM

Valid to:
5/15/2015 7:59:59 PM

Subject:
CN="Guangzhou Shibei Information Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Guangzhou Shibei Information Technology Co., Ltd.", L=Guangzhou, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
730FCD851F607FC42ED72447D10ED84A

File PE Metadata
Compilation timestamp:
6/20/2014 3:44:45 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:llj2GlONoWagpg7uHn29g0qSXYhy2H9W5BAP52BlmE:CUgqYhBW5GWlmE

Entry address:
0x8319F

Entry point:
E8, 52, CB, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 83, 65, FC, 00, 53, 8B, 5D, 10, 85, DB, 75, 07, 33, C0, E9, 9A, 00, 00, 00, 57, 83, FB, 04, 72, 75, 8D, 7B, FC, 85, FF, 76, 6E, 8B, 4D, 0C, 8B, 45, 08, 8A, 10, 83, C0, 04, 83, C1, 04, 84, D2, 74, 52, 3A, 51, FC, 75, 4D, 8A, 50, FD, 84, D2, 74, 3C, 3A, 51, FD, 75, 37, 8A, 50, FE, 84, D2, 74, 26, 3A, 51, FE, 75, 21, 8A, 50, FF, 84, D2, 74, 10, 3A, 51, FF, 75, 0B, 83, 45, FC, 04, 39, 7D, FC, 72, C2, EB, 3F, 0F, B6, 40, FF, 0F, B6, 49, FF, EB, 46...
 
[+]

Entropy:
6.6944

Code size:
633.5 KB (648,704 bytes)

Remove java_installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.