» jetmp3.exe
Overview
Analysis
File Details

jetmp3.exe

AdPeak, Inc

This is the instaler for an an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. The application jetmp3.exe by AdPeak, Inc has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory.

File name:

jetmp3.exe

Publisher:

AdPeak, Inc (signed and verified)

MD5:

b703b4e30bb52ecb7c5ad9e2cf29fcc3

SHA-1:

673bac8d8150925d614ea48ccba7e9511020c48c

SHA-256:

be41abd8a486c731ae9b909c03d84595165f741fce027bed8b1fea4d7846d4d4

Scanner detections:

4 / 68

Status:

Adware

Explanation:

Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:

4/19/2024 6:06:32 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Downloader.Generic12

2016.0.2955

Reason Heuristics

PUP.AdPeak.Installer (M)

15.10.16.9

Trend Micro House Call

TROJ_GEN.F47V0530

7.2.289

VIPRE Antivirus

Adware.Adpeak

32348

File size:

48.5 KB (49,632 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\jetmp3.exe

Digital Signature

Signed by:

AdPeak, Inc

Authority:

GoDaddy.com, Inc.

Valid from:

12/16/2011 10:00:10 PM

Valid to:

9/16/2012 12:43:44 PM

Subject:

CN="AdPeak, Inc", O="AdPeak, Inc", L=Sarasota, S=FL, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

0B871F1E83E3

File PE Metadata

Compilation timestamp:

12/5/2009 4:52:06 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

768:L/pT8mhxeQ/IkJTCxw+bzvDBnqb4WjXO3XJjC452TuUS3/xH4Kei9O0pFENCzp:rumhxebkJf+FTXJjC452Tu/T9Oqtp

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.0707

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

Remove jetmp3.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.