home

jingling.exe

流量精灵

Rice Electronics Co.,Ltd

The executable jingling.exe has been detected as malware by 25 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘urlspace’.
Publisher:
精灵软件  (signed by Rice Electronics Co.,Ltd)

Product:
流量精灵

Version:
2012.10.18.96

MD5:
1a8ac3df3d1d5f3904af4a7889dafaf3

SHA-1:
50b746732011956c43a7ffbf2b484793efcbacc1

SHA-256:
902aeaf41e3ec3133041c30922cdfac015f9539b56e8c91eaffceebaeadbfb3d

Scanner detections:
25 / 68

Status:
Malware

Analysis date:
4/23/2024 3:43:32 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Promoter.A
1120

AhnLab V3 Security
Trojan/Win32.Clicker
2013.12.23

Avira AntiVirus
TR/Drop.Injector.gdsc
7.11.110.156

Baidu Antivirus
HackTool.Win32.Agent
4.0.3.14111

Bitdefender
Application.Promoter.A
1.0.20.55

Bkav FE
W32.Clodd3f.Trojan
1.3.0.4613

Clam AntiVirus
Win.Trojan.Agent-414279
0.98/18355

Comodo Security
Heur.Suspicious
17486

Dr.Web
Trojan.DownLoader8.21721
9.0.1.0361

ESET NOD32
Win32/FlowSpirit
8.9190

Fortinet FortiGate
W32/Agent.ZKW!tr
1/11/2014

F-Secure
Application.Promoter.A
11.2014-11-01_7

G Data
Application.Promoter
14.1.22

IKARUS anti.virus
Application.Promoter
t3scan.2.2.29

K7 AntiVirus
Trojan
13.174.10588

McAfee
Artemis!1A8AC3DF3D1D
5600.7268

MicroWorld eScan
Application.Promoter.A
15.0.0.33

NANO AntiVirus
Trojan.Win32.FlowSpirit.cqxsuu
0.28.0.57029

Panda Antivirus
Trj/CI.A
14.01.11.01

Quick Heal
Trojan.Agent.gen
1.14.12.00

Sophos
Troj/Agent-ZKW
4.96

Trend Micro House Call
HKTL_CLICKER
7.2.11

Trend Micro
HKTL_CLICKER
10.465.11

Vba32 AntiVirus
TrojanDropper.Injector
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
24658

File size:
633.9 KB (649,136 bytes)

Product version:
4.0.1.2

Copyright:
Copyright 2012 Spiritsoft All Rights Reserved.

Original file name:
jingling.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\documents and settings\zhuei\桌面\jingling.exe

Digital Signature
Signed by:
Rice Electronics Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
3/16/2012 8:00:00 AM

Valid to:
3/17/2013 7:59:59 AM

Subject:
CN="Rice Electronics Co.,Ltd", OU=Net Support, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Rice Electronics Co.,Ltd", L=Shenzhen, S=Shenzhen, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5B0B453A316892B55AC4AFEFBA5B6E7A

File PE Metadata
Compilation timestamp:
10/18/2012 8:38:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:gtIzmv1pctHSMKQhuJKuFIWBaL1/xiTqU/ziunF5SV60R10nv:gtPpctHSMKQhTyuUTqCziunF5SV6Vnv

Entry address:
0x4C7C8

Entry point:
E8, FC, BD, 00, 00, E9, 17, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8D, 42, FF, 5B, C3, 8D, A4, 24, 00, 00, 00, 00, 8D, 64, 24, 00, 33, C0, 8A, 44, 24, 08, 53, 8B, D8, C1, E0, 08, 8B, 54, 24, 08, F7, C2, 03, 00, 00, 00, 74, 15, 8A, 0A, 83, C2, 01, 3A, CB, 74, CF, 84, C9, 74, 51, F7, C2, 03, 00, 00, 00, 75, EB, 0B, D8, 57, 8B, C3, C1, E3, 10, 56, 0B, D8, 8B, 0A, BF, FF, FE, FE, 7E, 8B, C1, 8B, F7, 33, CB, 03, F0, 03, F9, 83, F1, FF, 83, F0, FF, 33, CF, 33, C6, 83, C2, 04, 81, E1...
 
[+]

Entropy:
6.5443

Code size:
440.5 KB (451,072 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
urlspace

Command:
C:\users\{user}\downloads\kiss of the dragon\kiss of the dragon\jingling.exe -h


Windows Firewall Allowed Program
Name:
C:\Documents and Settings\zhuei\桌面\jingling.exe


Remove jingling.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.