home

s2jg.exe

Robokid Technologies

By using the Crossrider framework, this web extension is loaded in the web browser and displays advertisments on web pages not affiliated by the extension or company. These unwanted advertisements are injected by the extension in the browser in the form of common ad types such as banners and text-links. The application s2jg.exe by Robokid Technologies has been detected as adware by 27 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Robokid Technologies  (signed and verified)

Description:
Ekdulhtvlkvvkp

Version:
5.11.4.15

MD5:
be8274e2e6fa54c9696845d1d5e9eace

SHA-1:
6d5ac7ef7d61e2a77826068dc82d4c93ede67156

SHA-256:
09ee222d667eabc6937405d1c5819d89f830075e7e831e24f3cf3eeecd5ee461

Scanner detections:
27 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:
4/30/2024 3:44:30 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11942073
454

Agnitum Outpost
Trojan.Crossrider
7.1.1

AhnLab V3 Security
Win-PUP/CrossRider
2015.05.06

AVG
Generic
2016.0.2932

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Trojan.Crossrider-31
0.98/21511

Comodo Security
ApplicUnwnt
22020

Dr.Web
Trojan.Crossrider.32456
9.0.1.0312

ESET NOD32
Win32/Packed.ScrambleWrapper.O potentially unwanted (variant)
9.11582

Fortinet FortiGate
Adware/Agent
11/8/2015

IKARUS anti.virus
not-a-virus:AdWare.Agent
t3scan.1.8.9.0

K7 AntiVirus
Unwanted-Program
13.203.15818

Kaspersky
not-a-virus:WebToolbar.Win32.CroRi
14.0.0.1155

Malwarebytes
PUP.Optional.NSXgen
v2015.11.08.12

McAfee
Artemis!BE8274E2E6FA
5600.6588

MicroWorld eScan
Trojan.Generic.11942073
16.0.0.936

NANO AntiVirus
Riskware.Win32.Agent.dewvkh
0.30.24.1357

Panda Antivirus
Trj/Chgt.G
15.11.08.12

Qihoo 360 Security
HEUR/QVM20.1.Malware.Gen
1.0.0.1015

Quick Heal
AdWare.Agent.g7 (Not a Virus)
11.15.14.00

Reason Heuristics
PUP.Brightcircle.RobokidTechnologies.Installer (M)
15.11.8.0

Sophos
AppRider
4.98

Trend Micro House Call
TROJ_SPNR.0BIQ14
7.2.312

Trend Micro
TROJ_SPNR.0BIQ14
10.465.08

Vba32 AntiVirus
AdWare.Agent
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
39984

Zillya! Antivirus
Adware.Agent.Win32.12817
2.0.0.2167

File size:
10.6 MB (11,151,840 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\windows\temp\sienupdater\s2jg.exe

Digital Signature
Signed by:
Robokid Technologies

Authority:
COMODO CA Limited

Valid from:
6/22/2014 9:00:00 PM

Valid to:
6/23/2015 8:59:59 PM

Subject:
CN=Robokid Technologies, O=Robokid Technologies, STREET=Athinodorou 3 Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00ECF35E880AD0F3BC6F82DFB1F2E84CC0

File PE Metadata
Compilation timestamp:
12/4/2012 10:54:38 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
196608:0uoHoGfDWuB/2/6zIf9gQ17uSgRTcPhj+/lwBmwkXaZhwU5BxeGMLqQ6Ts23:q/VUiw6SErwLkXaZhBxeGMLqQK

Entry address:
0x4101

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, B3, 7C, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, B4, 7C, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, B4, 7C, 00, 56, A3, 6C, 23, 7C, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8B, 3B, 00, 00, A3, C8, 23, 7C, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A9, B2, 40, 00, FF, 15, AC, B4, 7C, 00, 83, EC, 14, C7, 44, 24, 04, AA, B2, 40, 00, C7...
 
[+]

Code size:
32.5 KB (33,280 bytes)

The file s2jg.exe has been seen being distributed by the following URL.

http://vzbucket.clara-labs.com/3c91fcc2-ce59-42b3-b901-f68079520898/build/.../4199b112-eaf6-4c76-8082-8b25ae978c8e.exe

Remove s2jg.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.