home

jpg0100.exe

Star Wars - The Old Republic

Certilicious

The executable jpg0100.exe has been detected as malware by 7 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from tiny.cc.
Publisher:
BioWare Productions  (signed by Certilicious)

Product:
Star Wars - The Old Republic

Version:
8.11.9

MD5:
da60f36faaa945d04cdbeef48826d7af

SHA-1:
5b0f0a7ff2563b8ef8eafb7b0927c3fa245666cf

SHA-256:
dbd1a6766eed1bc4f6fbd51ea6af478fc3ee8a3ba06dc040b8f0210fe62a924a

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
4/25/2024 1:00:42 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.Maic.Gen
2015.02.24

avast!
Win32:Inject-BKQ [Trj]
150203-1

ESET NOD32
MSIL/Injector.HMB trojan
7.0.302.0

Kaspersky
Backdoor.Win32.DarkKomet
15.0.0.543

Malwarebytes
Trojan.Downloader.DWN
v2015.02.23.08

Sophos
Troj/Agent-AKQD
4.98

VIPRE Antivirus
Threat.4657539
37788

File size:
613.9 KB (628,664 bytes)

Product version:
8.11.9

Copyright:
Copyright (C) 2012 EA Sports & Bioware Productions.

Trademarks:
Star Wars TOR(R) and Bioware are registered trademarks of the Electronic Arts Company. All rights reserved.

Original file name:
jpg1.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\jpg0100.exe

Digital Signature
Signed by:
Certilicious

Authority:
Certilicious

Valid from:
1/13/2015 5:44:58 AM

Valid to:
1/13/2016 5:44:58 AM

Subject:
E=info@certilicious.com, CN=Certilicious, OU=Certilicious Security Sector, L=New York City, O=Certilicious, S=New York, C=us

Issuer:
E=info@certilicious.com, CN=Certilicious, OU=Certilicious Security Sector, L=New York City, O=Certilicious, S=New York, C=us

Serial number:
00

File PE Metadata
Compilation timestamp:
1/27/2015 5:08:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:tCg80TdXR0AtyZE0u/mJIyZ2tPfpaVUESgewNIJ+gUchtV8wAeOQKNKKKKKKKKK2:tC50xXRRsnssRsBUaVxAeOQKNKKKKKKT

Entry address:
0x7D2AE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
493 KB (504,832 bytes)

The file jpg0100.exe has been seen being distributed by the following URL.

http://tiny.cc/mes_photos

Remove jpg0100.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.