home

jhead.exe

MD5:
41c4c22e9afbca20b74d20a58f88aaba

SHA-1:
a5ea4946bd3103f2844ae3f0dfa5726945ac8e8f

SHA-256:
f65d8f278051afc493bc82177c4f82b143156d551fdb1d53b96d047c79ddcbea

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 11:04:43 AM UTC  (today)

File size:
163 KB (166,912 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\jhead.exe

File PE Metadata
Compilation timestamp:
1/30/2013 11:51:55 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
3072:2Yb5m0ofVanITqsnf6Uz9/z6Xmws7bEYPDCjXiWYmMpw:h5m7q4f6I9/z6XHs7IYLCjdYk

Entry address:
0xBE69

Entry point:
E8, 17, A6, 00, 00, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, A3, 60, 95, 42, 00, 5D, C3, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, A8, 81, 42, 00, 33, C5, 89, 45, FC, 53, 8B, 5D, 08, 57, 83, FB, FF, 74, 07, 53, E8, 79, A6, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 6A, 4C, 8D, 85, E4, FC, FF, FF, 6A, 00, 50, E8, 31, F0, FF, FF, 8D, 85, E0, FC, FF, FF, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8...
 
[+]

Entropy:
6.6339

Code size:
112.5 KB (115,200 bytes)

The file jhead.exe has been seen being distributed by the following URL.

http://www.sentex.net/~mwandel/.../jhead.exe

Scan jhead.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.