» jingling.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)
Network (20)

jingling.exe

流量精灵

精灵软件

The executable jingling.exe has been detected as malware by 23 anti-virus scanners. This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘urlspace’. The file has been seen being downloaded from s7.picofile.com. While running, it connects to the Internet address 203.130.59.28-BJ-CNC on port 80 using the HTTP protocol.

File name:

jingling.exe

Publisher:

精灵软件

Product:

流量精灵

Version:

2013.10.10.100

MD5:

645d60825b362448151387d060593635

SHA-1:

c670fd72229250249d736c924a10893d8d970f2f

SHA-256:

0e6ab2a37f8c6486aad5caab63b4aedd6be859be47f85fc7b0951f517fe6d973

Scanner detections:

23 / 68

Status:

Malware

Analysis date:

4/27/2024 8:29:54 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.9731381

1138

AhnLab V3 Security

Trojan/Win32.Clicker

2013.12.23

Avira AntiVirus

SPR/Surfairy.A

7.11.121.86

AVG

Win32/DH

2014.0.3616

Baidu Antivirus

Hacktool.Win32.RiskTool

4.0.3.131223

Bitdefender

Trojan.Generic.9731381

1.0.20.1785

Bkav FE

W32.Clod9e1.Trojan

1.3.0.4613

Comodo Security

UnclassifiedMalware

17483

Emsisoft Anti-Malware

Trojan.Generic.9731381

8.13.12.23.09

Fortinet FortiGate

Malware_fam.NB

12/23/2013

F-Secure

Trojan.Generic.9731381

11.2013-23-12_2

G Data

Trojan.Generic.9731381

13.12.22

K7 AntiVirus

Riskware

13.174.10588

Malwarebytes

Trojan.Agent

v2013.12.23.09

McAfee

RDN/Generic.tfr!dr

5600.7272

MicroWorld eScan

Trojan.Generic.9731381

14.0.0.1071

NANO AntiVirus

Trojan.Win32.DownLoader10.cqvkbc

0.28.0.57029

Norman

Troj_Generic.RAUJP

11.20131223

Panda Antivirus

Trj/CI.A

13.12.23.09

Reason Heuristics

Unnamed.Threat.43

14.3.21.16

Sophos

Mal/Generic-S

4.96

Trend Micro House Call

TROJ_GEN.R0C1B01KR13

7.2.357

VIPRE Antivirus

Trojan.Win32.Generic

24636

File size:

634.5 KB (649,728 bytes)

Product version:

4.0.3.1

Original file name:

jingling.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese

File PE Metadata

Compilation timestamp:

10/10/2013 4:21:13 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:Aywuzfu4RNcQ+JHspCU60o0EWRowQfplbR/aTrVccunF5SV60R10n7:AyhvcQIHspCU69nA7yztyTracunF5SV6

Entry address:

0x4D228

Entry point:

E8, 4C, BE, 00, 00, E9, 17, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8D, 42, FF, 5B, C3, 8D, A4, 24, 00, 00, 00, 00, 8D, 64, 24, 00, 33, C0, 8A, 44, 24, 08, 53, 8B, D8, C1, E0, 08, 8B, 54, 24, 08, F7, C2, 03, 00, 00, 00, 74, 15, 8A, 0A, 83, C2, 01, 3A, CB, 74, CF, 84, C9, 74, 51, F7, C2, 03, 00, 00, 00, 75, EB, 0B, D8, 57, 8B, C3, C1, E3, 10, 56, 0B, D8, 8B, 0A, BF, FF, FE, FE, 7E, 8B, C1, 8B, F7, 33, CB, 03, F0, 03, F9, 83, F1, FF, 83, F0, FF, 33, CF, 33, C6, 83, C2, 04, 81, E1... 
[+]

Code size:

443 KB (453,632 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

urlspace

Command:

C:\users\{user}\desktop\jingling.exe -h

The file jingling.exe has been seen being distributed by the following URL.

http://s7.picofile.com/d/.../jingling.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to xx-fbcdn-shv-01-lhr3.fbcdn.net (31.13.90.6:443)

TCP (HTTP):

Connects to store.pchome.com.tw (220.228.8.10:80)

TCP (HTTP SSL):

Connects to p3.adhitzads.com (199.193.119.50:443)

TCP (HTTP):

Connects to IZFW6BNVTUW34MZ (47.91.149.49:80)

TCP (HTTP):

Connects to hn.kd.ny.adsl (42.236.74.247:80)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-01-lhr3.facebook.com (31.13.90.36:443)

TCP (HTTP):

Connects to ec2-52-52-208-81.us-west-1.compute.amazonaws.com (52.52.208.81:80)

TCP (HTTP SSL):

Connects to adhitzads.com (68.233.234.217:443)

TCP (HTTP SSL):

Connects to a23-33-183-215.deploy.static.akamaitechnologies.com (23.33.183.215:443)

TCP (HTTP SSL):

Connects to 32-124-232-198.static.unitasglobal.net (198.232.124.32:443)

TCP (HTTP):

Connects to 203.130.59.28-BJ-CNC (203.130.59.28:80)

TCP (HTTP):

Connects to 203.130.56.132-BJ-CNC (203.130.56.132:80)

TCP (HTTP):

Connects to v133-130-91-14.a020.g.tyo1.static.cnode.io (133.130.91.14:80)

TCP (HTTP):

Connects to single-4730.banahosting.com (69.175.68.55:80)

TCP (HTTP SSL):

Connects to host-197.199.253.27.etisalat.com.eg (197.199.253.27:443)

TCP (HTTP):

Connects to a23-205-213-25.deploy.static.akamaitechnologies.com (23.205.213.25:80)

TCP (HTTP):

Connects to 98.126.243.211.static.krypt.com (98.126.243.211:80)

TCP (HTTP):

Connects to 203.130.53.9-BJ-CNC (203.130.53.9:80)

TCP (HTTP SSL):

Connects to host-197.199.253.15.etisalat.com.eg (197.199.253.15:443)

Remove jingling.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.