home

jgaasetup.1.4.0.exe

Jenkat Games Arcade App

Jenkat Media, Inc

The application jgaasetup.1.4.0.exe by Jenkat Media, Inc has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from d22z5jqfvuej9a.cloudfront.net and multiple other hosts.
Publisher:
Jenkat Media Inc.  (signed by Jenkat Media, Inc)

Product:
Jenkat Games Arcade App

Version:
1.4.0

MD5:
2b95a4674e2a8a8330d4c03cff2718a5

SHA-1:
2f445b20ef2e6cd81acc90dfeb573d7899d9aae2

SHA-256:
a6236f700d5c19154e5a041c77e398cc0f584d39988b2fcf79b9a97fe8c27064

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 1:49:24 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Jenkatedia
2015.0.3361

Reason Heuristics
PUP.Installer.JenkatMedia.M
14.9.5.6

Trend Micro House Call
Suspici.6FE060C2
7.2.248

VIPRE Antivirus
Jenkat Media
32816

File size:
1.7 MB (1,763,928 bytes)

Product version:
1.4.0

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\jgaasetup.1.4.0.exe

Digital Signature
Signed by:
Jenkat Media, Inc

Authority:
VeriSign, Inc.

Valid from:
2/27/2014 1:00:00 AM

Valid to:
3/30/2015 1:59:59 AM

Subject:
CN="Jenkat Media, Inc", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Jenkat Media, Inc", L=Lake Elmo, S=Minnesota, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5D7470CB5DF1CA3BBA22A38CF2E4AF70

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:CY1GeW5yiwL4S/WHQ2QKCGVmw5f9yQcFLj8:z1PH/L4a52HCklVyQwLj8

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file jgaasetup.1.4.0.exe has been seen being distributed by the following 2 URLs.

http://d22z5jqfvuej9a.cloudfront.net/bundles/.../JGAASetup.1.4.0.exe

http://dm930xmxv1gqs.cloudfront.net/bundles/.../JGAASetup.1.4.0.exe

Remove jgaasetup.1.4.0.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.