home

jcpicker.exe

Just Color Picker

SOFTPERFECT PTY. LTD.

This is a setup program which is used to install the application. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
Publisher:
SOFTPERFECT PTY. LTD.  (signed and verified)

Product:
Just Color Picker

Description:
A color picker utility

Version:
4.3.0.0

MD5:
bc799906050fb22b107fbc6166a3a6bd

SHA-1:
006bcbe0f3b622f727fe94dd1f14bd06464df397

SHA-256:
034d5d9263baf66f4fae2e94311cc572220618e15fe3d58278026d0c7b788bd7

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/25/2024 6:30:32 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
W32/Ramnit.C
7.11.30.172

Trend Micro House Call
Suspicious_GEN.F47V0711
7.2.148

File size:
653.6 KB (669,304 bytes)

Product version:
4.3

Copyright:
2003-2015 annystudio.com

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\jcpicker.exe

Digital Signature
Signed by:
SOFTPERFECT PTY. LTD.

Authority:
DigiCert Inc

Valid from:
3/31/2015 5:30:00 AM

Valid to:
4/3/2018 5:30:00 PM

Subject:
CN=SOFTPERFECT PTY. LTD., O=SOFTPERFECT PTY. LTD., L=FORTITUDE VALLEY, S=Queensland, C=AU

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
089CBDB4B3C796312FE26CC5F616A9F6

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.64

CTPH (ssdeep):
12288:XcfMBM+gwP0U5GoesDea6E3s1ASzrY4JiT82ZueLESiGU/6bNRrWnsnTx:XN90JgDea6E3s1AMYKiaeLfs/eNRinsV

Entry address:
0x21C240

Entry point:
60, E8, 00, 00, 00, 00, 58, 05, 5A, 0B, 00, 00, 8B, 30, 03, F0, 2B, C0, 8B, FE, 66, AD, C1, E0, 0C, 8B, C8, 50, AD, 2B, C8, 03, F1, 8B, C8, 57, 51, 49, 8A, 44, 39, 06, 88, 04, 31, 75, F6, 2B, C0, AC, 8B, C8, 80, E1, F0, 24, 0F, C1, E1, 0C, 8A, E8, AC, 0B, C8, 51, 02, CD, BD, 00, FD, FF, FF, D3, E5, 59, 58, 8B, DC, 8D, A4, 6C, 90, F1, FF, FF, 51, 2B, C9, 51, 51, 8B, CC, 51, 66, 8B, 17, C1, E2, 0C, 52, 57, 83, C1, 04, 51, 50, 83, C1, 04, 56, 51, E8, 5E, 00, 00, 00, 8B, E3, 5E, 5A, 2B, C0, 89, 04, 32, B4, 10...
 
[+]

Entropy:
7.6468

Packer / compiler:
ASPack v1.08.04

Code size:
1.5 MB (1,526,688 bytes)

The file jcpicker.exe has been seen being distributed by the following 4 URLs.

http://gsf-cf.softonic.com/fd4/777/.../file?SD_used=0&channel=WEB&fdh=no&id_file=46448&instance=softonic_br&type=PROGRAM&Expires=1427757077&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=DJV2DY0GCNwjchY2jzjxHGpWHmLJlj-iQPz7gx4Af~8oB3q7kB7MlJacza~RDCKWpgP42W2nUoxfqSKi2iAwE9NmarIIrK9OWK6xP4UKzpD6NsCCQ36-AwgEghDaVjUC4gCdyMuMGxmPk28Ys3ip1tbp7OND~Tf-3Cc1w2xNDDk_&filename=jcpicker.exe

http://files.downloadnow.com/s/software/14/30/49/.../jcpicker.exe

http://annystudio.com/jcpicker.exe

http://software-files-a.cnet.com/s/software/14/30/49/.../jcpicker.exe

Scan jcpicker.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.