home

ngmp_setup.exe

Jenkat Media, Inc

The application ngmp_setup.exe by Jenkat Media, Inc has been detected as a potentially unwanted program by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory.
Publisher:
Jenkat Media, Inc  (signed and verified)

MD5:
f582f03d633632aa193add418bd05f69

SHA-1:
54de50384033fb2cb58e460e6fa82751ab2104d1

SHA-256:
2d4520e6f7748b28ffd4ddab9cb6ef54b6c2ea39430c572b41f9d3a70c3197fb

Scanner detections:
16 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallIQ download installer to bundle various adware offers.

Analysis date:
5/12/2025 11:14:57 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.HiddenRoutine
7.1.1

AVG
Skodna.Generic
2014.0.3623

Bkav FE
W32.Clod58f.Trojan
1.3.0.4613

Comodo Security
ApplicUnwnt
17448

Dr.Web
Adware.W3i.39
9.0.1.0350

ESET NOD32
MSIL/Adware.StrongVault (variant)
7.9176

Fortinet FortiGate
Adware/MSIL_HiddenRoutine
12/16/2013

IKARUS anti.virus
Trojan-Dropper.Agent
t3scan.2.2.29

K7 AntiVirus
Adware
13.174.10509

McAfee
Artemis!F582F03D6336
5600.7279

Microsoft Security Essentials
Adware:MSIL/Strongvault
1.163.1557.0

Quick Heal
Adware.Strongvault (Not a Virus)
12.13.12.00

Reason Heuristics
PUP.Installer.JenkatMedia.K
14.3.1.5

Sophos
Generic PUA FE
4.96

Vba32 AntiVirus
AdWare.MSIL.HiddenRoutine
3.12.24.3

VIPRE Antivirus
MSIL.Adware.StrongVault
24412

File size:
11.4 MB (11,914,888 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ngmp_setup.exe

Digital Signature
Signed by:
Jenkat Media, Inc

Authority:
VeriSign, Inc.

Valid from:
3/11/2013 8:00:00 PM

Valid to:
3/12/2014 7:59:59 PM

Subject:
CN="Jenkat Media, Inc", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Jenkat Media, Inc", L=Lake Elmo, S=Minnesota, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
47743B817765EA78BDF014A9A76FBFB2

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:4ntkJEcQx2Ushx6AyK8T3k/R4IQIFqigugpMpvWJB5MlUspAMUvg5ty5w:WgE1XKMtK8T3CaIQRvqpvWJvMlBAMUwr

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9977

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove ngmp_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.