home

jumpflip.expext.exe

Jump Flip

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application jumpflip.expext.exe by Jump Flip has been detected as adware by 27 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. While running, it connects to the Internet address install.jumpflip.net on port 80 using the HTTP protocol.
Publisher:
Jump Flip  (signed and verified)

Version:
1.0.6242.39491

MD5:
b3ac00a99cf3295f3249f2c83234e3f1

SHA-1:
6a416fd46b47666cda11048a897e8aca07b68d96

SHA-256:
8fa3a08a3d6f35c6637182d8819bff67d02b71044982a04c7339cdf85e28ca4e

Scanner detections:
27 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/26/2024 12:29:38 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.AU
682

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.BrowseFox
2015.03.26

avast!
MSIL:BrowseFox-AD [PUP]
2014.9-150325

AVG
Adware AdPlugin
2016.0.3160

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.15325

Bitdefender
Adware.BrowseFox.BJ
1.0.20.420

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Browsefox-511
0.98/20235

Comodo Security
Application.Win32.BrowseFox.AK
21534

Dr.Web
Trojan.Yontoo.1734
9.0.1.084

Emsisoft Anti-Malware
Adware.BrowseFox.AU
8.15.03.25.10

ESET NOD32
Win32/BrowseFox.AA potentially unwanted application
9.7.0.302.0

F-Prot
W32/S-782d657c
v6.4.7.1.166

F-Secure
Adware.BrowseFox.AU
11.2015-25-03_4

G Data
Adware.BrowseFox.BJ
15.3.25

herdProtect (fuzzy)
variant of maucampo.expext.exe (Adware)
2015.6.30.4

K7 AntiVirus
Trojan
13.202.15375

McAfee
Program.BrowseFox-FVA
5600.6816

MicroWorld eScan
Adware.BrowseFox.AU
16.0.0.252

NANO AntiVirus
Riskware.Win32.BrowseFox.dlbjxp
0.30.8.659

nProtect
Adware.BrowseFox.BJ
15.03.25.01

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Adware.Yontoo.JumpFlip
15.3.25.10

Vba32 AntiVirus
AdWare.MSIL.Agent
3.12.26.3

VIPRE Antivirus
Threat.4150696
38552

Zillya! Antivirus
Trojan.Katusha.Win32.37081
2.0.0.2115

File size:
99.3 KB (101,664 bytes)

Product version:
1.0.6242.39491

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\jump flip\bin\jumpflip.expext.exe

Digital Signature
Signed by:
Jump Flip

Authority:
VeriSign, Inc.

Valid from:
8/22/2013 2:00:00 AM

Valid to:
8/23/2015 1:59:59 AM

Subject:
CN=Jump Flip, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Jump Flip, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
144CF0B61216826C7F439B5C91A6ABD6

File PE Metadata
Compilation timestamp:
3/25/2015 8:30:45 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:u76msVSg0IARfI+8G2dBKCKXfPWk6EHIkmnMB+u4xlKgSw3F:fVWIu4dKXf+k6cMxlKgSwV

Entry address:
0x563E

Entry point:
E8, AB, 3C, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 64, 7F, 41, 00, FF, 15, 4C, 20, 41, 00, 85, C0, 75, 18, 56, E8, 2F, 08, 00, 00, 8B, F0, FF, 15, 68, 20, 41, 00, 50, E8, DF, 07, 00, 00, 59, 89, 06, 5E, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, C0, 91, 41, 00, 00, 74, 05, E9, CD, 3C, 00, 00, 57, 8B...
 
[+]

Code size:
65.5 KB (67,072 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to install.jumpflip.net  (70.186.131.184:80)

Remove jumpflip.expext.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.