» javascreenshotwindows.exe
Overview
Analysis
File Details
Behaviors (1)

javascreenshotwindows.exe

The application javascreenshotwindows.exe has been detected as a potentially unwanted program by 7 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “JAVAScreenshotWindows”. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.

File name:

MD5:

505001dd45971e61114a87658b0a1b2d

SHA-1:

1500a46473b72ce573d3e42dea02e3ab4a6e226f

SHA-256:

9c972d04668a7f8633cc7b3c6a981f696f100bc815389dd72d60270230f15e4f

Scanner detections:

7 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

4/25/2024 5:19:26 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/Pirrit.60965

7.11.169.242

avast!

Win32:Adware-gen [Adw]

140813-1

F-Prot

W32/A-e6ff616d

v6.4.7.1.166

IKARUS anti.virus

AdWare.Pirrit

t3scan.1.7.5.0

Malwarebytes

PUP.Optional.InstallMonetizer

v2014.08.29.12

McAfee

PUP-FNV

5600.7023

Reason Heuristics

Threat.Win.Reputation.IMP

14.9.14.1

File size:

59.5 KB (60,965 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Windows\System32\javascreenshotwindows\javascreenshotwindows.exe

File PE Metadata

Compilation timestamp:

8/7/2014 5:48:02 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

1536:HPSkjeE+9Hbx10N3XtZPbu30eQ/HO3PH29La:vEEMbizXeQ/HO/H/

Entry address:

0x7FE6

Entry point:

E8, 3E, 05, 00, 00, E9, 63, FD, FF, FF, 6A, 14, 68, F8, C4, 40, 00, E8, 84, 04, 00, 00, 83, 65, FC, 00, FF, 4D, 10, 78, 3A, 8B, 4D, 08, 2B, 4D, 0C, 89, 4D, 08, FF, 55, 14, EB, ED, 8B, 45, EC, 89, 45, E4, 8B, 45, E4, 8B, 00, 89, 45, E0, 8B, 45, E0, 81, 38, 63, 73, 6D, E0, 74, 0B, C7, 45, DC, 00, 00, 00, 00, 8B, 45, DC, C3, E8, 88, 05, 00, 00, 8B, 65, E8, C7, 45, FC, FE, FF, FF, FF, E8, 7A, 04, 00, 00, C2, 10, 00, 6A, 0C, 68, 18, C5, 40, 00, E8, 26, 04, 00, 00, 83, 65, E4, 00, 8B, 75, 0C, 8B, C6, 0F, AF, 45... 
[+]

Entropy:

6.2670

Code size:

33.5 KB (34,304 bytes)

Service

Display name:

JAVAScreenshotWindows

Description:

Enables users to manage connectivity and configuration.

Type:

Win32OwnProcess

Remove javascreenshotwindows.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.