home

jollywallet-bg.exe

Radyoos Media Ltd.

The application jollywallet-bg.exe by Radyoos Media has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
JollyWallet  (signed by Radyoos Media Ltd.)

Product:
JollyWallet

Description:
JollyWallet exe

Version:
1.1.152.69

MD5:
a363baac4cd31654ff06ad6b80e0cedf

SHA-1:
ab53a21c9c494747b8aabb6d8b65ad1090dcc834

SHA-256:
431caef1f973e2688d8078bfd8fe39ddbf114c4502cdabb42a0db4fb9b9f0a37

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/26/2024 3:25:29 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.7.23.17

File size:
999.1 KB (1,023,112 bytes)

Product version:
1.1.152.69

Copyright:
Copyright 2011

Original file name:
JollyWallet.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\jollywallet\jollywallet-bg.exe

Digital Signature
Signed by:
Radyoos Media Ltd.

Authority:
VeriSign, Inc.

Valid from:
12/24/2012 5:30:00 AM

Valid to:
12/25/2013 5:29:59 AM

Subject:
CN=Radyoos Media Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Radyoos Media Ltd., L=Tel Aviv-Jaffa, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
49AC6CD3FC56DEFFDF28CC3D8009CFD8

File PE Metadata
Compilation timestamp:
1/3/2013 11:21:43 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:1DrmETRbE3Uv5niuz8d0vPncbaM5FFlI0eiq6csM9on:dmuRbAUv5niuz8d0vPnEFFVe56csMOn

Entry address:
0x9443E

Entry point:
E8, 0B, AD, 00, 00, E9, 89, FE, FF, FF, 2D, A4, 03, 00, 00, 74, 22, 83, E8, 04, 74, 17, 83, E8, 0D, 74, 0C, 48, 74, 03, 33, C0, C3, B8, 04, 04, 00, 00, C3, B8, 12, 04, 00, 00, C3, B8, 04, 08, 00, 00, C3, B8, 11, 04, 00, 00, C3, 8B, FF, 56, 57, 8B, F0, 68, 01, 01, 00, 00, 33, FF, 8D, 46, 1C, 57, 50, E8, 62, C6, FF, FF, 33, C0, 0F, B7, C8, 8B, C1, 89, 7E, 04, 89, 7E, 08, 89, 7E, 0C, C1, E1, 10, 0B, C1, 8D, 7E, 10, AB, AB, AB, B9, 78, 6F, 4F, 00, 83, C4, 0C, 8D, 46, 1C, 2B, CE, BF, 01, 01, 00, 00, 8A, 14, 01...
 
[+]

Entropy:
6.5256

Code size:
835.5 KB (855,552 bytes)

Remove jollywallet-bg.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.