» juicyaccess_installer.exe
Overview
Analysis
File Details

juicyaccess_installer.exe

Toolbar Installer Module

DoubleD Advertising Limited

The application juicyaccess_installer.exe by DoubleD Advertising Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from an Internet Explorer cache folder.

File name:

Publisher:

DoubleD Advertising Limited (signed and verified)

Product:

Toolbar Installer Module

Version:

3,11,7,11550

MD5:

38e8975a6b7792177662b885132809ae

SHA-1:

c7c94383f4dc6c68792ee9dfec15eca5caf1f101

SHA-256:

16757bb62dc1487322f4afcadea1993e0f48b86fd56a75f041c78e13ca881905

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/18/2024 2:40:20 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.DoubleDAdvertising.Installer (M)

16.1.19.5

File size:

616.3 KB (631,064 bytes)

Product version:

3,11,7,11550

Original file name:

Toolbar Installer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\juicyaccess_installer.exe

Digital Signature

Signed by:

DoubleD Advertising Limited

Authority:

The USERTRUST Network

Valid from:

1/20/2009 6:00:00 PM

Valid to:

1/21/2010 5:59:59 PM

Subject:

CN=DoubleD Advertising Limited, O=DoubleD Advertising Limited, STREET=15/F TOWER 1 GRAND CENTRAL, STREET=PLAZA 138 SHATIN RURAL, STREET=COMMITTEE RD SHATIN NT, L=HONG KONG, S=HONG KONG, PostalCode=N/A, C=HK

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

519F1E2F73EB9C0F7DFAAC4816B292D3

File PE Metadata

Compilation timestamp:

3/20/2009 1:20:25 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:QIJjSqNfMz6qw+WMsRlU8by2pSEkVj7cZGGtN+XFrsB0WidtzUvAGE:QsfM2qw+WMs5bNSdVcZGGtIXFgNijUi

Entry address:

0x37AFB

Entry point:

E8, 3F, A6, 00, 00, E9, 17, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 0C, 53, 85, C0, 74, 52, 8B, 54, 24, 08, 33, DB, 8A, 5C, 24, 0C, F7, C2, 03, 00, 00, 00, 74, 16, 8A, 0A, 83, C2, 01, 32, CB, 74, 72, 83, E8, 01, 74, 32, F7, C2, 03, 00, 00, 00, 75, EA, 83, E8, 04, 72, 12, 57, 8B, FB, C1, E3, 08, 03, DF, 8B, FB, C1, E3, 10, 03, DF, EB, 1B, 5F, 83, C0, 04, 74, 0E, 8A, 0A, 83, C2, 01, 32, CB, 74, 40, 83, E8, 01, 75, F2, 5B, C3, 83, E8, 04, 72, E5, 8B, 0A, 33, CB, BF, FF, FE, FE, 7E... 
[+]

Code size:

328 KB (335,872 bytes)

Remove juicyaccess_installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.