home

jingling.exe

流量精灵

精灵软件

The application jingling.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘urlspace’. While running, it connects to the Internet address server-54-230-159-247.sin3.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
精灵软件

Product:
流量精灵

Version:
2014.10.10.101

MD5:
231823f03d60371068682afd5d419d79

SHA-1:
c55598825812d566d3ce5e5e0428182b818e5bfa

SHA-256:
59b47269f04c336746e533ecfdbbaef79a273bd9a75a32cf3133a014e13cb2bc

Scanner detections:
13 / 68

Status:
Potentially unwanted

Analysis date:
4/29/2024 6:15:36 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.Clicker
2015.01.27

Baidu Antivirus
Hacktool.Win32.FlowSpirit
4.0.3.16329

Dr.Web
Trojan.DownLoader11.37669
9.0.1.089

ESET NOD32
Win32/FlowSpirit (variant)
10.11076

Fortinet FortiGate
Riskware/FlowSpirit
3/29/2016

McAfee
RDN/Generic PUP.x!csh
5600.6446

NANO AntiVirus
Trojan.Win32.FlowSpirit.dgozjr
0.30.0.64812

Qihoo 360 Security
HEUR/QVM09.0.Malware.Gen
1.0.0.1015

Sophos
Generic PUA MF
4.98

Trend Micro House Call
Suspicious_GEN.F47V0115
7.2.89

VIPRE Antivirus
Trojan.Win32.Generic
36998

Zillya! Antivirus
Backdoor.PePatch.Win32.48939
2.0.0.2046

File size:
625.5 KB (640,512 bytes)

Product version:
4.0.4.1

Copyright:
Copyright 2012 Spiritsoft All Rights Reserved.

Original file name:
jingling.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

File PE Metadata
Compilation timestamp:
1/8/2002 4:08:19 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:/BWWb1JKD7HGz9Dv4EcBCTmvF2W0O3sBlox3hT0munF5SV60R10nY:JtKD7HGz9Dv4DCTmv8fOC6LTfunF5SVl

Entry address:
0x4FDE6

Entry point:
E8, F7, BF, 00, 00, E9, 17, FE, FF, FF, 8D, 42, FF, 5B, C3, 8D, A4, 24, 00, 00, 00, 00, 8D, 64, 24, 00, 33, C0, 8A, 44, 24, 08, 53, 8B, D8, C1, E0, 08, 8B, 54, 24, 08, F7, C2, 03, 00, 00, 00, 74, 15, 8A, 0A, 83, C2, 01, 3A, CB, 74, CF, 84, C9, 74, 51, F7, C2, 03, 00, 00, 00, 75, EB, 0B, D8, 57, 8B, C3, C1, E3, 10, 56, 0B, D8, 8B, 0A, BF, FF, FE, FE, 7E, 8B, C1, 8B, F7, 33, CB, 03, F0, 03, F9, 83, F1, FF, 83, F0, FF, 33, CF, 33, C6, 83, C2, 04, 81, E1, 00, 01, 01, 81, 75, 1C, 25, 00, 01, 01, 81, 74, D3, 25...
 
[+]

Entropy:
6.5074

Code size:
435.5 KB (445,952 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
urlspace

Command:
C:\users\{user}\desktop\jingling.exe -h


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-34-194-70-91.compute-1.amazonaws.com  (34.194.70.91:80)

TCP (HTTP):
Connects to 199-119-78-56.host.synial.com  (199.119.78.56:80)

TCP (HTTP):
Connects to 199-119-78-40.host.synial.com  (199.119.78.40:80)

TCP (HTTP):
Connects to server-54-230-159-247.sin3.r.cloudfront.net  (54.230.159.247:80)

TCP (HTTP SSL):
Connects to server-54-230-149-51.sin2.r.cloudfront.net  (54.230.149.51:443)

TCP (HTTP SSL):
Connects to server-54-192-159-210.sin3.r.cloudfront.net  (54.192.159.210:443)

TCP (HTTP):
Connects to ec2-34-194-185-63.compute-1.amazonaws.com  (34.194.185.63:80)

TCP (HTTP):
Connects to single-4730.banahosting.com  (69.175.68.55:80)

Remove jingling.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.