» jollywallet-bg.exe
Overview
Analysis
File Details
Programs (1)

jollywallet-bg.exe

Radyoos Media Ltd.

The application jollywallet-bg.exe by Radyoos Media has been detected as adware by 26 anti-malware scanners. This file is typically installed with the program JollyWallet by Radyoos Media Ltd. which is a potentially unwanted software program. Part of the Corssrider web browser platform, the BG executable is a background process that manage various function of the installed extensions in user's browser including managing installation, updates and remote code downloads.

File name:

jollywallet-bg.exe

Publisher:

JollyWallet (signed by Radyoos Media Ltd.)

Product:

JollyWallet

Description:

JollyWallet exe

Version:

1.1.153.77

MD5:

7ae92eae6623ec2fd8c9271b9c10eb53

SHA-1:

500c6762c2e7d2f7ed15c8fcd5114cb0644bb97f

SHA-256:

e94bfb327288fc6200312f3c0db1f821e9fed335df029d705a7991f2e03ba443

Scanner detections:

26 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Radyoos Media Ltd..

Analysis date:

4/20/2024 1:27:22 PM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Troj.W32.Vilsel

2.1.4+

AhnLab V3 Security

PUP/Win32.MulDrop

2014.02.15

Avira AntiVirus

ADWARE/CrossRider.Gen2

7.11.169.108

avast!

Win32:RadyoosMedia-A [PUP]

2014.9-141122

AVG

MalSign.Skodna

2015.0.3282

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.141122

Comodo Security

ApplicUnwnt

19325

Dr.Web

Adware.Toolbar.234

9.0.1.0326

ESET NOD32

Win32/Toolbar.CrossRider (variant)

8.8468

Fortinet FortiGate

Riskware/Toolbar_CrossRider

11/22/2014

F-Prot

W32/A-eb9ef301

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Kazy.374109

11.2014-22-11_7

G Data

Win32.Trojan.Agent.WQ2Y1M

14.11.22

K7 AntiVirus

Virus

13.177.12095

Malwarebytes

PUP.Optional.JollyWallet.A

v2014.11.22.08

McAfee

Artemis!87DEE69240C5

5600.6938

Microsoft Security Essentials

Threat.Undefined

1.173.2171.0

NANO AntiVirus

Trojan.Win32.Crossrider.datyle

0.28.2.62440

Norman

Sality.ZHB

11.20141122

Qihoo 360 Security

Win32/Trojan.Adware.37e

1.0.0.1015

Reason Heuristics

PUP.RadyoosMedia.O

14.11.22.20

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.141120

Sophos

AppRider

4.98

Trend Micro House Call

TROJ_GEN.F47V1219

7.2.326

Trend Micro

PE_SALITY.RL

10.465.22

VIPRE Antivirus

Crossrider

29650

File size:

1.4 MB (1,498,760 bytes)

Product version:

1.1.153.77

Original file name:

JollyWallet.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\jollywallet\jollywallet-bg.exe

Digital Signature

Signed by:

Radyoos Media Ltd.

Authority:

VeriSign, Inc.

Valid from:

12/23/2012 7:00:00 PM

Valid to:

12/24/2013 6:59:59 PM

Subject:

CN=Radyoos Media Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Radyoos Media Ltd., L=Tel Aviv-Jaffa, S=Israel, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

49AC6CD3FC56DEFFDF28CC3D8009CFD8

File PE Metadata

Compilation timestamp:

4/3/2013 4:21:15 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:l7bZCjqas5Xic/e5RbYheGtptUsRgQ+PjxcEykQqHNuquXo0/T61c5Kyo:RbZCjTeXic25RUh5tptUsRgQ+PNDBHhN

Entry address:

0xEF2AD

Entry point:

E8, B0, AB, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 38, AB, 56, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 3C, AB, 56, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, 85, 0E, 00, 00, 85, C0, 75, 06, B8, A0, AC, 56, 00, C3, 83, C0, 08, C3, E8, 72, 0E, 00, 00, 85, C0, 75, 06, B8, A4, AC, 56, 00, C3, 83, C0, 0C, C3, 8B, FF, 55, 8B, EC, 56, E8, E2, FF, FF, FF, 8B, 4D, 08... 
[+]

Entropy:

6.5790

Code size:

1.2 MB (1,249,280 bytes)

The file jollywallet-bg.exe has been discovered within the following program.

JollyWallet by Radyoos Media Ltd.

Publisher's description - “JollyWallet is an online shopping tool that combines cash back, discounts and online coupons.”

www.jollywallet.com

76% remove it

Remove jollywallet-bg.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.