» jnsg4ad9.tmp
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)

jnsg4ad9.tmp

It runs as a separate (within the context of its own process) windows Service named “Down Encyclopaedia”. The file has been seen being downloaded from d2fpsq9kg43yka.cloudfront.net.

File name:

jnsg4ad9.tmp

MD5:

596d9acc7ca6cfb7a2da26d4eab49c75

SHA-1:

8008dc869367c97f278aa72e1091c3313a84846e

SHA-256:

778ded0c46087822bad69af38dd7616667295e8b82a482cfdc9dce30d5cdffe9

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/29/2024 9:32:40 AM UTC (today)

Scan engine

Detection

Engine version

F-Secure

Gen:Variant.Adware.Mikey

5.13.68

File size:

188.5 KB (193,024 bytes)

Common path:

C:\users\{user}\appdata\roaming\80bfa8fa-1425585601-de11-b6fc-99598ee9c989\jnsg4ad9.tmp

File PE Metadata

Compilation timestamp:

3/5/2015 7:37:13 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:LMcASO23WdpMW79uUktbkXOhKe1HvC1Q55dbyjrcYRMbxCZiEt3oDPPQp5pMAoaW:ANnBuRCXOT1KyX1LMnlcPP4pPo/UdBh+

Entry address:

0x114F2

Entry point:

E8, 53, 56, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 56, FF, 15, 68, 80, 42, 00, 81, C6, E8, 03, 00, 00, 3B, 35, 10, F2, 42, 00, 76, 03, 83, CE, FF, 8B, C6, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 4D, 08, A1, 10, F2, 42, 00, 89, 0D, 10, F2, 42, 00, 5D, C3, 8B, FF, 55, 8B, EC, 56, 57, 33, F6, FF, 75, 08, E8, 0C, 20, 00, 00, 8B, F8, 59, 85, FF, 75, 27, 39, 05, 10, F2, 42, 00, 76, 1F, 56, FF, 15, 68, 80, 42, 00, 8D, 86, E8, 03, 00, 00, 3B, 05, 10, F2, 42, 00, 76, 03, 83, C8, FF, 8B, F0, 83... 
[+]

Entropy:

6.4937

Code size:

154 KB (157,696 bytes)

Service

Display name:

Down Encyclopaedia

Service name:

gezokizu

Type:

Win32OwnProcess

The file jnsg4ad9.tmp has been seen being distributed by the following URL.

http://d2fpsq9kg43yka.cloudfront.net/JOSrv.exe

Scan jnsg4ad9.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.