home

jondo.exe

jap.exe

JonDos GmbH

This is a setup program which is used to install the application. This file is installed with the program JAP. The file has been seen being downloaded from anon.inf.tu-dresden.de.
Publisher:
JAP-Team  (signed by JonDos GmbH)

Product:
jap.exe

Description:
A native launcher for JAP/JonDo

Version:
0.0.22.0

MD5:
fa073b25754bb96957a0f7812a03b995

SHA-1:
9acb40895b57a0b6611e3990f5bb45494c46fdbd

SHA-256:
79a63ce064124928af92f8716efd11aee4005215f03d4f67a3847fbabff428ea

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/26/2024 3:13:32 AM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
TROJ_GEN.F47V0830
7.2.360

File size:
96.9 KB (99,192 bytes)

Product version:
0.0.22.0

Copyright:
Copyright © 2000-2013

Original file name:
jap.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\jondo\jondo.exe

Digital Signature
Signed by:
JonDos GmbH

Authority:
StartCom Ltd.

Valid from:
10/23/2011 10:50:42 AM

Valid to:
10/23/2013 8:32:06 PM

Subject:
E=info@jondos.de, CN=JonDos GmbH, O=JonDos GmbH, L=Regensburg, S=Bayern, C=DE, Description=545284-33wTpy9O8j3dw2c9

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
0469

File PE Metadata
Compilation timestamp:
8/28/2013 8:44:09 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:lyOvICxNlc4eQZ8+fszxInhO2yU+yIC06Xu2S0nENB/oIHavaC:XnxNl/HZ/V2CPHS9c

Entry address:
0x1000

Entry point:
55, 8B, EC, 83, E4, F8, 81, EC, E0, 01, 00, 00, 53, 55, 56, 33, DB, 57, 53, C7, 44, 24, 74, E8, 20, 40, 00, C7, 44, 24, 78, FC, 20, 40, 00, C7, 44, 24, 7C, 08, 21, 40, 00, C7, 84, 24, 80, 00, 00, 00, 14, 21, 40, 00, C7, 84, 24, 84, 00, 00, 00, 20, 21, 40, 00, C7, 84, 24, 88, 00, 00, 00, 28, 21, 40, 00, C7, 84, 24, 8C, 00, 00, 00, 34, 21, 40, 00, 89, 5C, 24, 14, 89, 5C, 24, 5C, 89, 5C, 24, 38, 89, 5C, 24, 3C, FF, 15, 48, 20, 40, 00, 89, 44, 24, 64, FF, 15, 20, 20, 40, 00, 8B, F0, FF, 15, 18, 20, 40, 00, A3...
 
[+]

Entropy:
7.6578

Developed / compiled with:
Microsoft Visual C++

Code size:
4 KB (4,096 bytes)

The file jondo.exe has been discovered within the following programs.

JAP  by JAP-Team
Publisher's description - “JAP (called JonDo in the scope of the commercial JonDonym anonymous proxy servers - AN.ON remains free of charge) makes it possible to surf the internet anonymously and unobservably.”
anon.inf.tu-dresden.de
27% remove it
 
Powered by Should I Remove It?

The file jondo.exe has been seen being distributed by the following URL.

http://anon.inf.tu-dresden.de/.../jap.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):
Connects to 67.37.184.91.unassigned.as34225.net  (91.184.37.67:443)

Scan jondo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.