home

jetclean-setup.exe

JetClean

BlueSprig, Inc.

The application jetclean-setup.exe, “JetClean Setup ” by BlueSprig has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from jetclean.soft32.com and multiple other hosts.
Publisher:
BlueSprig   (signed by BlueSprig, Inc.)

Product:
JetClean

Description:
JetClean Setup

Version:
1.5.0.0

MD5:
86f5463c5b232c2d9f22f0f66a01e9d8

SHA-1:
15af58652e265f2922f569c5f0b59b96fd6ad8c4

SHA-256:
7782ef757494d7d73fc96472244242fd371bb31864996b0bb782135c19d58692

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/25/2024 6:37:13 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.BlueSprig
15.4.2.1

File size:
4.8 MB (5,001,984 bytes)

Product version:
1.5.0

Copyright:
Copyright © 2011-2013

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\jetclean-setup.exe

Digital Signature
Signed by:
BlueSprig, Inc.

Authority:
VeriSign, Inc.

Valid from:
11/2/2011 5:00:00 PM

Valid to:
11/2/2013 4:59:59 PM

Subject:
CN="BlueSprig, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="BlueSprig, Inc.", L=San Fransisco, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
589D023EC02E552CDAA00B1FA0FDCA85

File PE Metadata
Compilation timestamp:
7/9/2012 6:41:29 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:ZtRvl0wnwQQ5/s16HYfNEiUzOYeR6MiNz5m5ta8TEDLRQEcU:ZtR99nwQQtYFczypil5gNk

Entry address:
0x16478

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B8, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 56, EC, FF, FF, E8, FD, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, E8, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, D6, 41, 00, B2, 01...
 
[+]

Entropy:
7.9914

Developed / compiled with:
Microsoft Visual C++

Code size:
84 KB (86,016 bytes)

The file jetclean-setup.exe has been seen being distributed by the following 3 URLs.

http://jetclean.soft32.com/get/file/id/.../?no_download_manager=true

http://dl.cdn.chip.de/downloads/.../jetclean-setup_1.5.0.exe

http://software-files-a.cnet.com/s/software/13/12/03/.../jetclean-setup.exe

Remove jetclean-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.