home

jxpiinstall.exe

Java Runtime

Install Manager

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application jxpiinstall.exe, “Java Runtime ” by Install Manager has been detected as adware by 36 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.downloadwizard.com.
Publisher:
Install Manager   (signed by Install Manager)

Product:
Java Runtime

Description:
Java Runtime

Version:
2.0.82.0

MD5:
721f9eb1c0a70c61cba07de6265c4614

SHA-1:
eabd511d214b24b40c37c5423dc5a59005f8620e

SHA-256:
734f0e7e3ade69637554f6deb7506699fa6e314b8bc1c5cec0503e86f4013a5b

Scanner detections:
36 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 4:08:52 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.153852
595

AegisLab AV Signature
DangerousObject.Multi.Gen
2.1.4+

Agnitum Outpost
PUA.AirAd
7.1.1

AhnLab V3 Security
PUP/Win32.Installer
2014.09.10

Avira AntiVirus
ADWARE/Adware.Gen
7.11.167.154

Arcabit
Trojan.Application.Bundler.Graftor.D260FC
1.0.0.425

avast!
Win32:Adware-BZI [PUP]
2014.9-150619

AVG
Adware BundleApp_r
2016.0.3073

Baidu Antivirus
PUA.Win32.AirAdInstaller
4.0.3.15619

Bitdefender
Gen:Variant.Adware.Graftor.153852
1.0.20.850

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Graftor-349
0.98/19452

Comodo Security
Application.Win32.AirAdInstaller.C
22394

Dr.Web
Trojan.SMSSend.5407
9.0.1.0170

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.153852
8.15.06.19.08

ESET NOD32
Win32/AirAdInstaller.A potentially unwanted application
9.7.0.302.0

F-Prot
W32/A-6bcf410b
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Graftor.153852
11.2015-19-06_6

G Data
Win32.Adware.Airadinstaller
15.6.24

IKARUS anti.virus
PUA.AirAdInstaller
t3scan.1.7.5.0

K7 AntiVirus
Unwanted-Program
13.183.13257

Kaspersky
not-a-virus:AdWare.Win32.AirAdInstaller
14.0.0.1861

Malwarebytes
PUP.Optional.AirAdInstaller
v2015.06.19.08

McAfee
Trojan.Artemis!E30135681482
5600.6729

MicroWorld eScan
Gen:Variant.Adware.Graftor.153852
16.0.0.510

NANO AntiVirus
Trojan.Win32.SMSSend.ddvfxt
0.28.2.61519

Norman
Gen:Variant.Application.Bundler.Graftor.155900
11.20150619

nProtect
Trojan-Clicker/W32.AirAdInstaller.934296
14.10.31.01

Panda Antivirus
Trj/Genetic.gen
15.06.19.08

Quick Heal
Adware.AirAdInstaller.I3
6.15.14.00

Reason Heuristics
PUP.Adknowledge.InstallManager.Installer (M)
15.6.19.16

Rising Antivirus
PE:PUF.Airinstall!1.9C4C
23.00.65.15617

Sophos
AirInstaller
4.98

Vba32 AntiVirus
AdWare.AirAdInstaller
3.12.26.3

VIPRE Antivirus
Threat.4784938
32210

Zillya! Antivirus
Adware.AirAdInstaller.Win32.532
2.0.0.1908

File size:
911.4 KB (933,272 bytes)

Product version:
2.0.82.0

Copyright:
(c) Install Manager

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\jxpiinstall.exe

Digital Signature
Signed by:
Install Manager

Authority:
DigiCert Inc

Valid from:
8/7/2013 1:00:00 AM

Valid to:
8/11/2015 1:00:00 PM

Subject:
CN=Install Manager, O=Install Manager, L=Victoria, S=British Columbia, C=CA

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
06C0BBB90999729C33560EC18A203261

File PE Metadata
Compilation timestamp:
9/18/2014 8:43:29 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:+WVRRjLtteqtSKrl/Omvei18FZigwY6kxOVyCCObEJdy:+WVvveqtSw/zeb+flwi

Entry address:
0x2A11C0

Entry point:
60, BE, 00, E0, 5C, 00, 8D, BE, 00, 30, E3, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.8740

Packer / compiler:
UPX 2.90LZMA

Code size:
848 KB (868,352 bytes)

The file jxpiinstall.exe has been seen being distributed by the following URL.

http://www.downloadwizard.com/download_java_uk.php

Remove jxpiinstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.