home

jinjill.exe

Ultra Core Protector

The application jinjill.exe, “Ultra Core Protector Installer” by Ultra Core Protector has been detected as a potentially unwanted program by 12 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from downloader.disk.yandex.ua and multiple other hosts.
Publisher:
Ultra Core Protector  (signed and verified)

Description:
Ultra Core Protector Installer

Version:
8.1

MD5:
6e965088f9851481276cd0a4b8fdeed7

SHA-1:
51a51bb66dbdfe30b088cecf35be29de5dd16b7e

SHA-256:
c5651ffd53de3c464b1028c95fbb1beefb2525f9e81b53e871174a95ba432af9

Scanner detections:
12 / 68

Status:
Potentially unwanted

Analysis date:
5/1/2024 9:00:22 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Clodc68.Trojan
1.3.0.4959

Comodo Security
ApplicUnsaf.Win32.Renos.~FAT
18277

K7 AntiVirus
Riskware
13.177.12095

Norman
Suspicious_Gen2.VSPEZ
11.20140520

Panda Antivirus
Trj/dtcontx.I
14.05.20.03

Reason Heuristics
PUP.UltraCoreProtector.Installer (M)
15.8.24.17

File size:
2 MB (2,117,768 bytes)

Product version:
8.1

Copyright:
Copyright © 2008-2013, Written by Endi

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
Ultra Core Protector

Authority:
Ultra Core Protector

Valid from:
12/12/2012 6:14:42 PM

Valid to:
1/1/2040 3:29:59 AM

Subject:
CN=Endi, OU=http://ucp-anticheat.org, E=support@ucp-anticheat.org, O=Ultra Core Protector, C=RU

Issuer:
CN=Endi, OU=http://ucp-anticheat.org, E=support@ucp-anticheat.org, O=Ultra Core Protector, C=RU

Serial number:
E0177238F19B3FB5462942142E1145B1

File PE Metadata
Compilation timestamp:
10/12/2013 2:21:09 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
49152:YMdU+GbzJY0tRvwaGoMjN4ucSW9uY6Luk3l6jT7WawCGlbui8pSumcvcNHgw:YcvGbLwcMjNzcSW9uTX3lm7WawCG18pi

Entry address:
0x2BAE70

Entry point:
60, BE, 00, C0, 4B, 00, 8D, BE, 00, 50, F4, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.7744

Packer / compiler:
UPX 2.90LZMA]

Code size:
2 MB (2,097,152 bytes)

The file jinjill.exe has been seen being distributed by the following 10 URLs.

https://downloader.disk.yandex.ua/disk/25d0ea3f372d570f9790e71ca083bf02a78fab8b2bc5b0347800d7fc478390b1/589356d2/Ws9mxsL2E47oV04G7vFIZsVASQbfXBIZTQZ3UByVzFQloGSorY6TIrydLzFJgj1cuWKhM4GxoVkwu4iPmqjOnQ==?uid=0&filename=UCP 8.1.exe&disposition=attachment&hash=HVg9eJOmWzQKfuqHIWi bT1ZrLa/.../x-msdownload&fsize=2117768&hid=7c5142dd9fa1d5d2a731919dea17065e&media_type=executable&tknv=v2

https://docs.google.com/a/.../uc?authuser=0&id=0B9v_PyYi6PbDVFYwQmVhTFdKLVU&export=download

https://downloader.disk.yandex.ua/disk/78404b1043cfebce9f7d043c4b037a58516b6598458e547d7951be23cbeaa33f/5737adae/.../x-msdownload&fsize=2117768&hid=7c5142dd9fa1d5d2a731919dea17065e&media_type=executable&tknv=v2

https://zima39g.storage.yandex.net/rdisk/e37215bc9382593d71df9f8b587989d7d54baab15b3390bac9b9d7a4ca0876d0/56d9f1dc/Ws9mxsL2E47oV04G7vFIZsVASQbfXBIZTQZ3UByVzFQloGSorY6TIrydLzFJgj1cuWKhM4GxoVkwu4iPmqjOnQ==?uid=0&filename=UCP 8.1.exe&disposition=attachment&hash=HVg9eJOmWzQKfuqHIWi bT1ZrLa/.../x-msdownload&fsize=2117768&hid=7c5142dd9fa1d5d2a731919dea17065e&media_type=executable&tknv=v2&rtoken=Ae3tXlxmrsLB&force_default=no&ycrid=na-f68451510f46a1a96858fcb30ac80240-downloader4e

http://cs06.superfiles.me/f/086187126072097209005134220067195168227225101166015146/1454607082/43940699/0/.../UCP_8.1-spaces.ru.exe

http://ucp-anticheat.ru/.../ucpsetup.exe

https://downloader.disk.yandex.ua/disk/ff8662e4505d1062f7be8523b83a91647b627c436c44cc285510f32a56b08e79/568004e9/.../x-msdownload&fsize=2117768&hid=7c5142dd9fa1d5d2a731919dea17065e&media_type=executable&tknv=v2

http://download1230.mediafire.com/2b75umob61lg/.../ucpsetup8.1.exe

http://ex-cyber.com/uploads/.../ucpsetup8.1.exe

http://download1230.mediafire.com/7tp49doveiyg/.../ucpsetup8.1.exe

Remove jinjill.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.