» jre8u20windowsx64.exe
Overview
Analysis
File Details
Downloads (1)

jre8u20windowsx64.exe

Java Runtime Environment

Innovative Systems LLC

The application jre8u20windowsx64.exe by Innovative Systems has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from java.joydownload.es.

File name:

Publisher:

Innovative Systems LLC (signed and verified)

Product:

Java Runtime Environment

Version:

1.0.0.0

MD5:

ba208528c5d461acf4bc648a2bb751d9

SHA-1:

6947df07c7f7b2b76c83344cc6a1637cd5d31c51

SHA-256:

7bdeaa33dd8016c11620a00890bb8bf0dc01a228e0e5ce04a226eb62a3b9cdf5

Scanner detections:

21 / 68

Status:

Adware

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

5/6/2024 12:40:41 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.OpenCandy

2014.11.05

Avira AntiVirus

APPL/Downloader.Gen

7.11.171.22

avast!

Win32:Adware-gen [Adw]

2014.9-160116

AVG

Generic

2017.0.2863

Baidu Antivirus

Adware.Win32.OpenCandy

4.0.3.16116

Clam AntiVirus

Win.Trojan.Agent-803351

0.98/21411

Dr.Web

Adware.Downware.6712

9.0.1.016

ESET NOD32

Win32/JoyDownloader

10.10377

Fortinet FortiGate

Riskware/OpenCandy

1/16/2016

G Data

Win32.Adware.OpenCandy

16.1.24

IKARUS anti.virus

PUA.JoyDownloader

t3scan.1.7.5.0

K7 AntiVirus

Adware

13.183.13286

Malwarebytes

PUP.Optional.OpenCandy

v2016.01.16.07

McAfee

Artemis!6637BB1F86E1

5600.6519

Reason Heuristics

PUP.InnovativeSystems.Installer (M)

16.1.16.7

Sophos

Generic PUA IK

4.98

Trend Micro House Call

Suspici.218D75EB

7.2.16

Trend Micro

ADW_OPENCANDY

10.465.16

VIPRE Antivirus

Trojan.Win32.Generic

33554

ViRobot

Adware.Agent.505304

2011.4.7.4223

File size:

491.9 KB (503,672 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\jre8u20windowsx64.exe

Digital Signature

Signed by:

Innovative Systems LLC

Authority:

VeriSign, Inc.

Valid from:

5/18/2014 7:00:00 PM

Valid to:

5/19/2015 6:59:59 PM

Subject:

CN=Innovative Systems LLC, O=Innovative Systems LLC, L=Dnepropetrovsk, S=Dnepropetrovska oblast, C=UA

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

450EACFE8D673E82864CE46BC1A92FCA

File PE Metadata

Compilation timestamp:

5/19/2013 6:53:11 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:TKcZ85atE+cxcZjfVRwC9h40LXGDTIpJ+i5t7z6KV3UVi0:FZ9tE3aR0CnDLXue+WQH

Entry address:

0x333E

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 30, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, BC, 80, 40, 00, 55, FF, 15, AC, 82, 40, 00, 6A, 08, A3, 78, 4F, 43, 00, E8, A8, 2E, 00, 00, A3, C4, 4E, 43, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, F0, B1, 42, 00, FF, 15, 7C, 81, 40, 00, 68, 7C, A3, 40, 00, 68, C0, 3E, 43, 00, E8, 13, 2B, 00, 00, FF, 15, 34, 81, 40, 00, BB, 00, F0, 43, 00, 50, 53, E8, 01, 2B, 00, 00... 
[+]

Entropy:

7.7888

Packer / compiler:

Nullsoft install system v2.x

Code size:

24.5 KB (25,088 bytes)

The file jre8u20windowsx64.exe has been seen being distributed by the following URL.

http://java.joydownload.es/get_file/wUiS4WnYccXAwj uQbjxCggnkkU3LTPkEh74coqM6bdjr3f14WJxwckMKUb1Y/j2PHmuhg0MIGjPEe tCrc1wr5pwtSWRAaS9T27VRLlsyK1g/6SpNrSgyMS9Yc7wF9BXmSlCDxnn4Aj iHoDDrFFa5Xi83jNj0VMvtnJ10NM iuCC4gP42GIB882emxAC1mcoTy2/9hVyr67guG2b0wFpn esakfSsNmZCvFqounBcHtNGpn1O7ZKh/.../rAQfh5MO6k1BifWDP9Q==

Remove jre8u20windowsx64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.