home

jezkaji.exe

Aupavm Yemizpesed To

The application jezkaji.exe by Aupavm Yemizpesed To has been detected as a potentially unwanted program by 15 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “gelbibn”.
Publisher:
Aupavm Yemizpesed To  (signed and verified)

MD5:
7217f3ead6a015fa5175cc8ea33bd769

SHA-1:
fde88766e4f92ee3af9b13692a34b97bdaddbf68

SHA-256:
aa5486c7b80f7668dbf8adc00e80d1aba14e28ed2f3650bbe1f03b90501277ae

Scanner detections:
15 / 68

Status:
Potentially unwanted

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
4/25/2024 1:41:14 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Mikey.14573
5741931

AhnLab V3 Security
PUP/Win32.CrossRider
2015.06.10

Arcabit
Trojan.Mikey.D38ED
1.0.0.425

avast!
Win32:Adware-gen [Adw]
2014.9-150610

Baidu Antivirus
Adware.Win32.PennyBee
4.0.3.15610

Bitdefender
Gen:Variant.Mikey.14573
1.0.20.805

Emsisoft Anti-Malware
Gen:Variant.Mikey.14573
10.0.0.5366

ESET NOD32
Win32/Adware.PennyBee.X application
7.0.302.0

F-Secure
Gen:Variant.Mikey.14573
5.14.151

G Data
Gen:Variant.Mikey.14573
15.6.25

IKARUS anti.virus
PUA.PennyBee
t3scan.1.9.5.0

MicroWorld eScan
Gen:Variant.Mikey.14573
16.0.0.483

NANO AntiVirus
Riskware.Win32.PennyBee.dsnrfy
0.30.24.1636

Norman
Gen:Variant.Mikey.14573
02.06.2015 14:23:46

Reason Heuristics
Threat.Win.Reputation.IMP
15.6.10.1

File size:
476.5 KB (487,888 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\merprao\jezkaji.exe

Digital Signature
Signed by:
Aupavm Yemizpesed To

Authority:
Aupavm Yemizpesed To

Valid from:
6/9/2015 5:23:26 PM

Valid to:
6/8/2016 5:23:26 PM

Subject:
CN=Fahwaduso Luwdua, O=Aupavm Yemizpesed To, L=Odoeh, S=Kyodepagapu, C=CN

Issuer:
CN=Wojvikua Zoopb, O=Aupavm Yemizpesed To, L=Odoeh, S=Kyodepagapu, C=CN

Serial number:
01

File PE Metadata
Compilation timestamp:
6/9/2015 5:24:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:9J1C/AaXyGg/PEcKXD94KgiE2G4C41xGiUm88Tddkq7nWLxbLIIwdi+nxu:3IYmyNPEcKXDhg52NHExm88J2swxboxu

Entry address:
0x3B54E

Entry point:
E8, BF, 33, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 84, 2F, 47, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 80, F7, 46, 00, 01, 0F, 82, B6, 34, 01, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83...
 
[+]

Code size:
358.5 KB (367,104 bytes)

Service
Display name:
gelbibn

Type:
Win32OwnProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to yv-in-f121.1e100.net  (74.125.21.121:80)

TCP (HTTP):
Connects to s3-1.amazonaws.com  (54.231.12.88:80)

Remove jezkaji.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.