home

JumpFlip.IEUpdate.dll

Jump Flip

This is the Internet Explorer add-on for the Yontoo Jump Flip branded web browser plugin (injects banner, text-link and popup ads). The component is responisble for registering the Browser Helper Object into IE and keeping it registered. The module JumpFlip.IEUpdate.dll by Jump Flip has been detected as adware by 9 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Jump Flip  (signed and verified)

Version:
1.0.5438.31531

MD5:
14b9da007808ac5945567d59da76cefd

SHA-1:
89720eaedf5c78d120b6906e8d31135c486eae11

SHA-256:
a64bdbf55b57d7d1a8c9ed70c5661d60e56c97c137a940c36750088021eef48b

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser add-on for Internet Explorer.

Analysis date:
4/26/2024 10:45:07 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/BrowseFox.Gen7
7.11.192.58

avast!
Win32:BrowseFox-DZ [PUP]
141130-1

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.14123

F-Prot
W32/A-44ec90a9
v6.4.7.1.166

K7 AntiVirus
Adware
13.186.14225

Malwarebytes
PUP.Optional.Sanbreel.A
v2014.12.03.11

McAfee
BrowseFox.g
5600.6928

Reason Heuristics
Adware.Yontoo.JumpFlip.Q
14.12.3.10

VIPRE Antivirus
Threat.4741131
35224

File size:
655.3 KB (671,008 bytes)

Product version:
1.0.5438.31531

Original file name:
JumpFlip.IEUpdate.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\jump flip\bin\plugins\jumpflip.ieupdate.dll

Digital Signature
Signed by:
Jump Flip

Authority:
VeriSign, Inc.

Valid from:
8/22/2013 7:00:00 AM

Valid to:
8/23/2015 6:59:59 AM

Subject:
CN=Jump Flip, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Jump Flip, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
144CF0B61216826C7F439B5C91A6ABD6

File PE Metadata
Compilation timestamp:
11/22/2014 8:31:06 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:ZQhBvg1qXgHq2Vz3Qc18d/egBSKB9MDdCXkrqPJ5m/koT0831yiAUxlO:ZcBOq2V3DM/ecqdC+qW/klexM

Entry address:
0xA3A76

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 6D, 00, 00, 00, B8, 3A, 0A, 00, B8, 1C, 0A, 00, 52, 53, 44, 53, FE, 9E, 2B, 18, 6F, A7, 71, 44, A4, B5, DD, F3, 2E, 4A, B7, EF, 01, 00, 00, 00, 44, 3A, 5C, 55, 74, 69, 6C, 69, 74, 69, 65, 73, 5C, 6E, 32, 6D, 71, 79, 70, 77, 73, 2E, 6B, 62, 7A, 5C, 44, 65, 73, 6B, 74, 6F, 70, 5C, 44, 65, 73, 6B...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
647 KB (662,528 bytes)

Remove JumpFlip.IEUpdate.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.