home

joyidsinstall.exe

This is a setup and installation application. The file has been seen being downloaded from airgroup51.net and multiple other hosts.
MD5:
2c1b228dba09e3154486b7b092b782bc

SHA-1:
32c3f7baa625604d223b0e88ca68525ceb042098

SHA-256:
754718b408c3b43c3efec9097f97eafc1046c51b6c055d6658952d72107b5093

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 7:52:08 PM UTC  (today)

File size:
253.9 KB (260,007 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\joyidsinstall.exe

File PE Metadata
Compilation timestamp:
1/4/2004 10:03:34 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:9CKeI1Lqcl4uuPLXUu8GnRajgE0n7XAD3QESjrJ/WtPutB9l:9AOqCuP7UUQjJs7XAD3QESj13

Entry address:
0x4054

Entry point:
83, EC, 10, 53, 55, 56, 57, C7, 44, 24, 14, E8, 91, 40, 00, 33, ED, C6, 44, 24, 13, 20, FF, 15, 2C, 70, 40, 00, 55, FF, 15, 90, 72, 40, 00, BE, 00, A4, 42, 00, BF, 00, 04, 00, 00, 56, 57, A3, A8, 3F, 42, 00, FF, 15, D8, 70, 40, 00, E8, 8D, FF, FF, FF, 8B, 1D, A4, 70, 40, 00, 85, C0, 75, 21, 68, FB, 03, 00, 00, 56, FF, 15, D4, 70, 40, 00, 68, A4, 92, 40, 00, 56, FF, D3, E8, 6A, FF, FF, FF, 85, C0, 0F, 84, 59, 01, 00, 00, BE, 20, 37, 42, 00, 56, FF, 15, 80, 70, 40, 00, 68, 98, 92, 40, 00, 56, E8, CA, 28, 00...
 
[+]

Code size:
23.5 KB (24,064 bytes)

The file joyidsinstall.exe has been seen being distributed by the following 7 URLs.

http://airgroup51.net/.../index.php?PHPSESSID=h7oqpbasqt973qifsd56ua8123&action=dlattach;topic=2435.0;attach=2966

http://airgroup51.net/.../index.php?PHPSESSID=k775pkt3vvb9h0k7orll83kr14&action=dlattach;topic=2435.0;attach=2966

https://downloader.disk.yandex.ua/disk/016e7532907af795fd29243f6e3e90b0ce3404c3b8bc03dc23fe3bc21b4ecadb/5833616c/.../x-msdownload&fsize=260007&hid=45f365a1f01dc154c535154ef9ef856d&media_type=executable&tknv=v2

http://airgroup51.net/.../index.php?PHPSESSID=mmsp5am5nho81mr2tb86flggl5&action=dlattach;topic=2435.0;attach=2966

http://airgroup51.net/.../index.php?PHPSESSID=obgalg03de5qirqeads4j3hpf6&action=dlattach;topic=2435.0;attach=2966

http://airgroup51.net/.../index.php?PHPSESSID=5sqc3moq79v8sdk5tqa72pki33&action=dlattach;topic=2435.0;attach=2966

http://www.wingmanteam.com/files/Tools/.../JoyIDsInstall.exe

Scan joyidsinstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.