» jollywallet-firefoxinstaller.exe
Overview
Analysis
File Details
Programs (1)
Network (3)

jollywallet-firefoxinstaller.exe

Radyoos Media Ltd.

The application jollywallet-firefoxinstaller.exe by Radyoos Media has been detected as adware by 20 anti-malware scanners. This file is typically installed with the program JollyWallet by Radyoos Media Ltd. which is a potentially unwanted software program. The Firefox Installer is part of the Crossrider toolbar platform and is designed to install the Crossrider plugin within Mozilla Firefox. It will also manage the Firefox SQLite connectivity. While running, it connects to the Internet address stats.srvstatsdata.com on port 80 using the HTTP protocol.

File name:

Publisher:

jollywallet (signed by Radyoos Media Ltd.)

Product:

jollywallet

Description:

jollywallet exe

Version:

1000.1000.1000.1000

MD5:

5306e78bdbfbbe0ca9e4c70cbf412672

SHA-1:

6b59529cd1578b77deb22be6c3dfe36ddf192090

SHA-256:

438539c41c093c6b7ad10451d4f6468aea773ab73231391e7493c3cff206277e

Scanner detections:

20 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. It will download and install the extension for Firefox.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Radyoos Media Ltd..

Analysis date:

4/25/2024 10:26:19 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.6u1@kuvwhDiO

6121208

Avira AntiVirus

ADWARE/CrossRider.Gen2

7.11.195.52

avast!

Win32:Crossrider-AI [PUP]

141130-1

AVG

Adware Generic5.ANHX

2014.0.4189

Bitdefender

Gen:Application.Heur.6u1@kuvwhDiO

1.0.20.1735

Comodo Security

ApplicUnwnt

20355

Dr.Web

Trojan.Crossrider.7192

9.0.1.05190

Emsisoft Anti-Malware

Gen:Application.Heur.6u1@kuvwhDiO

9.0.0.4668

ESET NOD32

Win32/Toolbar.CrossRider.Y potentially unwanted application

7.0.302.0

F-Secure

Riskware.Gen:Application.Heur.6u1@kuvwhDiO

5.13.68

G Data

Gen:Application.Heur.6u1@kuvwhDiO

14.12.24

IKARUS anti.virus

not-a-virus:AdWare.Adwapper

t3scan.1.8.5.0

Malwarebytes

PUP.Optional.JollyWallet.A

v2014.12.13.10

MicroWorld eScan

Gen:Application.Heur.6u1@kuvwhDiO

15.0.0.1041

NANO AntiVirus

Trojan.Win32.Crossrider.cwggpo

0.28.6.63850

Norman

Gen:Application.Heur.6u1@kuvwhDiO

04.12.2014 14:30:06

Panda Antivirus

Trj/Genetic.gen

14.12.13.10

Reason Heuristics

PUP.Crossrider.RadyoosMedia.CC

14.12.13.10

VIPRE Antivirus

Threat.4789396

35418

Zillya! Antivirus

Backdoor.Klon.Win32.1129

2.0.0.2005

File size:

929.9 KB (952,168 bytes)

Product version:

1000.1000.1000.1000

Original file name:

jollywallet.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\jollywallet\jollywallet-firefoxinstaller.exe

Digital Signature

Signed by:

Radyoos Media Ltd.

Authority:

VeriSign, Inc.

Valid from:

11/12/2013 12:00:00 AM

Valid to:

2/11/2016 11:59:59 PM

Subject:

CN=Radyoos Media Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Radyoos Media Ltd., L=Tel Aviv-Jaffa, S=Israel, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

06C470BB28DFF4919F7971031170309C

File PE Metadata

Compilation timestamp:

2/12/2014 5:44:04 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:ahYBJEFoCcNMAnpXdW0yKxDn25eXKHC42v5Xu4w82EQWNkYUqa/wPWtCzCBBlzDH:ausFs1pNW0yKxD2uDa/oWwzQzFTEuWY

Entry address:

0x9C430

Entry point:

E8, 82, EF, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE... 
[+]

Entropy:

6.5553

Code size:

757.5 KB (775,680 bytes)

The file jollywallet-firefoxinstaller.exe has been discovered within the following program.

JollyWallet by Radyoos Media Ltd.

Publisher's description - “JollyWallet is an online shopping tool that combines cash back, discounts and online coupons.”

www.jollywallet.com

76% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to update.srvstatsdata.com (69.16.175.42:80)

http://update.srvstatsdata.com/installer_updates/004927/update.json

TCP (HTTP):

Connects to stats.srvstatsdata.com (176.32.99.41:80)

TCP (HTTP):

Connects to app-static.crossrider.com (69.16.175.10:80)

Remove jollywallet-firefoxinstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.