home

jjplayersetup_jjvod.exe

JJVOD

Beijing Huanqiu Zhongxing Technology Co., Ltd.

The executable jjplayersetup_jjvod.exe has been detected as malware by 5 anti-virus scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dl.jijivod.com and multiple other hosts.
Publisher:
JJPlayer  (signed by Beijing Huanqiu Zhongxing Technology Co., Ltd.)

Product:
JJVOD

Version:
2.8.2.1

MD5:
66e4042b77e1b952cb22dc244c865da8

SHA-1:
59ed96e957941da467f5b64ceb1a738a897f9df8

SHA-256:
466cf6f11c7f034ee0d3776dba5ca91957c783490e539aef01b88d4d839a0108

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
5/3/2024 12:38:36 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
ZTTService
2016.0.2946

Clam AntiVirus
Win.Trojan.Ramnit-6503
0.98/21511

Dr.Web
Trojan.Siggen6.22491
9.0.1.0298

McAfee
Artemis!66E4042B77E1
5600.6602

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

File size:
24.1 MB (25,232,792 bytes)

Product version:
2.8.2.1

Copyright:
(C)jjvod.com Inc.All Rights Reserved.

Trademarks:
jjvod.com

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Digital Signature
Signed by:
Beijing Huanqiu Zhongxing Technology Co., Ltd.

Authority:
WoSign CA Limited

Valid from:
6/24/2015 9:14:33 AM

Valid to:
6/24/2016 9:14:33 AM

Subject:
CN="Beijing Huanqiu Zhongxing Technology Co., Ltd.", O="Beijing Huanqiu Zhongxing Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
3582E4FAFB6353AD9B0927B1FD7E3D0D

File PE Metadata
Compilation timestamp:
6/19/2009 5:33:27 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
786432:ACD3onzwWl4QDtUMU+rjASVTntgpKlicZG:AC8flfDtU3sjHVtgpCiuG

Entry address:
0x3291

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 28, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, BA, 2C, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 50, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B0, 91, 40, 00, 68, 80, 36, 42, 00, E8, 43, 29, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 31, 29, 00, 00...
 
[+]

Entropy:
7.9999

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file jjplayersetup_jjvod.exe has been seen being distributed by the following 29 URLs.

http://dl.jijivod.com/JJPlayer_33dm.exe

http://dl.jijivod.com/JJPlayer_xbplay.exe

http://dl.jijivod.com/JJPlayer_00000.exe

http://dl.jijivod.com/JJPlayer_ywt.exe

http://dl.jijivod.com/JJPlayer_jijihd.exe

http://58.27.38.7/.../JJPlayersetup_jjvod.exe

http://dl.jijivod.com/JJPlayer_seacms.exe

http://60.199.56.5/.../JJPlayersetup_jjvod.exe

http://dl.jijivod.com/JJPlayersetup_diwuji.exe

http://183.91.33.11/cache/.../JJPlayersetup_jjvod.exe

http://dl2.jijivod.com/JJPlayersetup_jjvod.exe

http://w.x.baidu.com/alading/.../26951

http://183.91.33.46/.../JJPlayersetup_jjvod.exe

http://218.189.123.38/.../JJPlayer_baidu.exe

http://dl.jijivod.com/JJPlayer_77ds.exe

http://103.1.138.155/.../JJPlayer_kanxi123.exe

http://dl.jijivod.com/JJPlayer_baiy.exe

http://dl.jijivod.com/JJPlayer_jjvod.exe

http://dl.jijivod.com/JJPlayer_yublue.exe

http://dl.jijivod.com/JJPlayer_undefined.exe

http://dlsw.baidu.com/sw-search-sp/soft/43/.../JJPlayer_2.8.2.1_setup_jjvod.1444617961.exe

http://dl.jijivod.com/JJPlayer_360.exe

http://www.esoyu.com/.../download.asp?softid=32762&downid=0&id=51212

http://dl.jijivod.com/JJPlayer_abc.exe

http://dl.jijivod.com/JJPlayersetup_xigua14.exe

http://dl.jijivod.com/JJPlayer_kanxi123.exe

http://dl.jijivod.com/JJPlayer_baidu.exe

http://dl3.jijivod.com/JJPlayersetup_jjvod.exe

http://dl.jijivod.com/JJPlayersetup_jjvod.exe

Remove jjplayersetup_jjvod.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.