home

junction.exe

Sysinternals Junction

Microsoft Corporation

Publisher:
Sysinternals - www.sysinternals.com  (signed by Microsoft Corporation)

Product:
Sysinternals Junction

Description:
junction

Version:
1.06

MD5:
f1f23d4df41c5da5444c97781ff2cab7

SHA-1:
f319a643f52c52a0e3f0649b30623b5f37f69b51

SHA-256:
343c0764df76f631702dfd15c52004e65792a1e033f5ae2c8925f35301364a64

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
5/9/2024 3:54:21 PM UTC  (today)

File size:
146.9 KB (150,392 bytes)

Product version:
1.06

Copyright:
Copyright © 2005-2010 Mark Russinovich

Original file name:
junction.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\junction.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
12/7/2009 10:40:29 PM

Valid to:
3/7/2011 10:40:29 PM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
6101CF3E00000000000F

File PE Metadata
Compilation timestamp:
9/7/2010 6:53:19 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
3072:G2O6Zmus3xo5LuYS/XJiaWiu30c1Fwa+e59o/:Ukmus365LuYS/BWiuUKk

Entry address:
0x45E3

Entry point:
E8, F9, 72, 00, 00, E9, A5, FE, FF, FF, 55, 8B, EC, 83, EC, 04, 89, 7D, FC, 8B, 7D, 08, 8B, 4D, 0C, C1, E9, 07, 66, 0F, EF, C0, EB, 08, 8D, A4, 24, 00, 00, 00, 00, 90, 66, 0F, 7F, 07, 66, 0F, 7F, 47, 10, 66, 0F, 7F, 47, 20, 66, 0F, 7F, 47, 30, 66, 0F, 7F, 47, 40, 66, 0F, 7F, 47, 50, 66, 0F, 7F, 47, 60, 66, 0F, 7F, 47, 70, 8D, BF, 80, 00, 00, 00, 49, 75, D0, 8B, 7D, FC, 8B, E5, 5D, C3, 55, 8B, EC, 83, EC, 10, 89, 7D, FC, 8B, 45, 08, 99, 8B, F8, 33, FA, 2B, FA, 83, E7, 0F, 33, FA, 2B, FA, 85, FF, 75, 3C, 8B...
 
[+]

Entropy:
6.6090

Code size:
110 KB (112,640 bytes)

The file junction.exe has been discovered within the following programs.

ARMA 2: Operation Arrowhead  by Bohemia Interactive
Publisher's description - “Arma 2: Operation Arrowhead boasts the most realistic combat environment in the world. It models real world ballistics & round deflection, thermal imaging, materials penetration, features a realtime day/night cycle and dynamic wind, weather and environmental effects.”
www.arma2.com/agegate/agegate.html
3% remove it
HostExplorer 14  by Open Text Corporation
internal.med.umich.edu/mcit
About 9% of users remove it
NirSoft BlueScreenView  by NirSoft
Publisher's description - “BlueScreenView scans all your minidump files created during 'blue screen of death' crashes, and displays the information about all crashes in one table.”
www.nirsoft.net/utils/blue_screen_view.html
7% remove it
NirSoft ServiWin  by NirSoft
Publisher's description - “ServiWin utility displays the list of installed drivers and services on your system. For some of them, additional useful information is displayed: file description, version, product name, company that created the driver file, and more.”
www.nirsoft.net/utils/serviwin.html
10% remove it
SecureShell 14  by Open Text Corporation
About 2% of users remove it
SUPERAntiSpyware  by SUPERAntiSpyware.com
SUPERAntiSpyware is a software application distributed as shareware which can detect and remove spyware, adware, trojan horses, rogue security software, computer worms, rootkits, parasites and other potentially harmful software applications.
www.superantispyware.com/support.html
25% remove it
Sysinternals Software  by Sysinternals - www.sysinternals.com
technet.microsoft.com/en-us/sysinternals/bb545027.aspx
4% remove it
SysInternalsUpdater  by Wieldraaijer
About 1% of users remove it
 
Powered by Should I Remove It?

The file junction.exe has been seen being distributed by the following 5 URLs.

http://live.sysinternals.com/junction.exe

https://live.sysinternals.com/junction.exe

https://doc-00-5k-docsviewer.googleusercontent.com/viewer/securedownload/vfeo972c8dssj8f4cbfhqa8e6696nm76/ddsc256d8a794j965aglobm1o0vb61ft/1372297500000/dXJs/.../aHR0cDovL2Rvd25sb2FkLnN5c2ludGVybmFscy5jb20vZmlsZXMvSnVuY3Rpb24uemlw?a=dl&filename=Junction.zip&sec=AHSqidYPnm_pVGKXnGOOnKj1vkzpmyzKZQJ0aylg6jWhk4dHOIS67Zh5DV8zyts2vbXhJYCHOB_I&rel=zip;z2;junction.exe

https://docs.google.com/viewer/noncesigner?nonce=vu61lep4riu5m&continue=https://doc-00-5k-docsviewer.googleusercontent.com/viewer/securedownload/vfeo972c8dssj8f4cbfhqa8e6696nm76/ddsc256d8a794j965aglobm1o0vb61ft/1372297500000/dXJs/.../aHR0cDovL2Rvd25sb2FkLnN5c2ludGVybmFscy5jb20vZmlsZXMvSnVuY3Rpb24uemlw?sec=AHSqidYPnm_pVGKXnGOOnKj1vkzpmyzKZQJ0aylg6jWhk4dHOIS67Zh5DV8zyts2vbXhJYCHOB_I&a=dl&filename=Junction.zip&rel=zip;z2;junction.exe&hash=9s41n7qd6gb8dl3et43dc64fenodumt8

https://doc-00-5k-docsviewer.googleusercontent.com/viewer/securedownload/vfeo972c8dssj8f4cbfhqa8e6696nm76/ddsc256d8a794j965aglobm1o0vb61ft/1372297500000/dXJs/.../aHR0cDovL2Rvd25sb2FkLnN5c2ludGVybmFscy5jb20vZmlsZXMvSnVuY3Rpb24uemlw?sec=AHSqidYPnm_pVGKXnGOOnKj1vkzpmyzKZQJ0aylg6jWhk4dHOIS67Zh5DV8zyts2vbXhJYCHOB_I&a=dl&filename=Junction.zip&rel=zip;z2;junction.exe&nonce=vu61lep4riu5m&user=AGZ5hq8hnQMsNTCaT-21TOGWdkap&hash=htjhtp1h89ntcjfa7daji57db2l7ctf2

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.