» JRunner.exe
Overview
Analysis
File Details
Network (5)

JRunner.exe

J-Runner

Mama's Little Bakery

The executable JRunner.exe has been detected as malware by 21 anti-virus scanners. While running, it connects to the Internet address cphost06.qhoster.net on port 80 using the HTTP protocol.

File name:

JRunner.exe

Publisher:

Mama's Little Bakery

Product:

J-Runner

Version:

0.2.286.2

MD5:

44ed4fcf9c8fb1bcd91da3d70f64d46a

SHA-1:

2d33a811b74703ada50da149a620727bc5e72671

SHA-256:

b41a7094ed5e38daab15380f485cd865d08f627592eb67d65b43ec8fc1def3c5

Scanner detections:

21 / 68

Status:

Malware

Analysis date:

5/2/2024 1:48:36 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.KD.842427

624

Avira AntiVirus

TR/Rogue.KD.842427

7.11.177.204

Baidu Antivirus

Trojan.Win32.Themida

4.0.3.15521

Bitdefender

Trojan.Generic.KD.842427

1.0.20.705

Bkav FE

HW32.Paked

1.3.0.4959

Comodo Security

TrojWare.Win32.Agent.COC

19774

Emsisoft Anti-Malware

Trojan.Generic.KD.842427

8.15.05.21.06

ESET NOD32

Win32/Packed.Themida (variant)

9.10550

F-Secure

Trojan.Generic.KD.842427

11.2015-21-05_5

G Data

Trojan.Generic.KD.842427

15.5.24

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.7.8.0

McAfee

Artemis!44ED4FCF9C8F

5600.6758

MicroWorld eScan

Trojan.Generic.KD.842427

16.0.0.423

NANO AntiVirus

Trojan.Win32.Rogue.dfsupo

0.28.2.62483

Norman

Obfuscated_M.HYL

11.20150521

nProtect

Trojan.Generic.KD.842427

14.10.12.01

Panda Antivirus

Trj/OCJ.D

15.05.21.06

Qihoo 360 Security

Win32/Trojan.2b6

1.0.0.1015

Trend Micro House Call

TROJ_SPNR.15DA13

7.2.141

Trend Micro

TROJ_SPNR.15DA13

10.465.21

VIPRE Antivirus

Trojan.Win32.Generic

33854

File size:

1.6 MB (1,658,880 bytes)

Product version:

0.2.286.2

Original file name:

JRunner.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\j-runner v02 beta core pack\j-runner v02 beta core pack\jrunner.exe

File PE Metadata

Compilation timestamp:

1/30/2013 6:49:20 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:wEZAv0bvD4U70zUBAxAVxr105kgBc5uPfGW:wGhvd4zCAs1AfUqfG

Entry address:

0x3B4000

Entry point:

83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, A0, 0D, 00, 2D, 1C, 8A, 09, 10, 05, 11, 8A, 09, 10, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 27, A8, B2, 6A, 68, D7, C1, 1A, 52, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, DA, B0, 4B, B4, F1, AC, 53, F5, 54, D0, 17, 66, D8, 21... 
[+]

Entropy:

7.9131 (probably packed)

Code size:

1.8 MB (1,861,120 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to a23-4-187-27.deploy.static.akamaitechnologies.com (23.4.187.27:80)

TCP (HTTP):

Connects to 2a.6a.acb8.ip4.static.sl-reverse.com (184.172.106.42:80)

TCP (HTTP):

Connects to ec2-52-3-189-94.compute-1.amazonaws.com (52.3.189.94:80)

TCP (HTTP SSL):

Connects to ec2-52-3-176-101.compute-1.amazonaws.com (52.3.176.101:443)

TCP (HTTP):

Connects to cphost06.qhoster.net (86.106.93.230:80)

Remove JRunner.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.