» json_parser.exe
Overview
Analysis
File Details
Network (6)

json_parser.exe

The application json_parser.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. This setup program installs potentially unwanted software on the user's PC at the same time as the expected/marketing software, without adequate consent. The program is typically installed via a form of malvertising

File name:

json_parser.exe

MD5:

bb8e285a89f094bbbc1f215b06daf298

SHA-1:

75560ceef281519ca30b4a3c7c7dedf938ad4ca8

SHA-256:

ed9b24f124d35327c6b6a5d56036fea5c96f092ce892940130bdf0da9963bfed

Scanner detections:

22 / 68

Status:

Potentially unwanted

Analysis date:

8/8/2025 12:46:28 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.15328003

413

Agnitum Outpost

PUA.Privitize

7.1.1

Avira AntiVirus

ADWARE/MultiPlug.Gen4

8.3.2.2

Arcabit

Trojan.Generic.DE9E303

1.0.0.629

Bitdefender

Trojan.Generic.15328003

1.0.20.1765

Dr.Web

Adware.Privitize.139

9.0.1.0353

Emsisoft Anti-Malware

Trojan.Generic.15328003

8.15.12.19.02

F-Secure

Trojan.Generic.15328003

11.2015-19-12_7

G Data

Trojan.Generic.15328003

15.12.25

K7 AntiVirus

Riskware

13.212.18131

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.949

McAfee

Artemis!BB8E285A89F0

5600.6547

Microsoft Security Essentials

SoftwareBundler:Win32/Techsnab

1.1.12400.0

MicroWorld eScan

Trojan.Generic.15328003

16.0.0.1059

nProtect

Trojan.Generic.15328003

15.12.17.01

Panda Antivirus

Trj/Genetic.gen

15.11.10.11

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1077

Quick Heal

SoftwareBundler.Techsnab.r5 (Not a Virus)

12.15.14.00

Rising Antivirus

PE:Malware.Generic/QRS!1.9E2D [F]

23.00.65.151217

Sophos

Generic PUA HF (PUA)

4.98

Trend Micro

TROJ_GEN.R03AC0OL915

10.465.19

VIPRE Antivirus

Trojan.Win32.Generic

45902

File size:

724.5 KB (741,888 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\json_parser.exe

File PE Metadata

Compilation timestamp:

11/10/2015 4:54:09 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:blz3piGc8kKhsvXMeI2QjJJ9zzm7djxpkxmSw/L5tOgRtAuXCvi/:Bz3piGLkSsvX/I2QX9zzmxjxp08/L5tN

Entry address:

0x97DCC

Entry point:

E8, 4E, 57, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 18, BE, 4A, 00, E8, 8E, 4D, 00, 00, E8, CB, 46, 00, 00, 0F, B7, F0, 6A, 02, E8, E1, 56, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 9E, 25, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.1296

Code size:

662.5 KB (678,400 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to s3-us-west-2.amazonaws.com (54.231.161.8:443)

TCP (HTTP):

Connects to crl.comodoca.com (104.16.66.69:80)

TCP (HTTP):

Connects to c-0001.c-msedge.net (191.234.4.50:80)

TCP (HTTP):

Connects to a184-51-126-168.deploy.static.akamaitechnologies.com (184.51.126.168:80)

Remove json_parser.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.