» updatejotzey.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

updatejotzey.exe

Jotzey

Part of the Yontoo web browser plugin (delivers advertisements to the web browser in the form of injected banners, text-links, popups, etc.) the updater mechanism for Jotzey will automatically keep the extension patched by downloaded new functionality which is auto-enabled by default. The application updatejotzey.exe by Jotzey has been detected as adware by 3 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Update Jotzey”. This file is typically installed with the program Jotzey by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

updatejotzey.exe

Publisher:

Jotzey (signed and verified)

Version:

1.0.5156.29600

MD5:

bcf051e2f6907df68f570ef8a2b17ca1

SHA-1:

93ad70826005b9a9eb8efe6c6d023b812c6e4b3e

SHA-256:

ef20035efe43e049c2bfc5e1dc65220e2e7054216e84ee28da065089db6a72b8

Scanner detections:

3 / 68

Status:

Adware

Explanation:

Part of the Yontoo adware web browser extension update process.

Analysis date:

4/19/2024 10:49:45 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/BrowseFox (variant)

8.9451

Malwarebytes

PUP.Optional.Jotzey.A

v2014.03.03.06

Reason Heuristics

PUP.Service.Jotzey.M

14.3.3.18

File size:

78.3 KB (80,152 bytes)

Product version:

1.0.5156.29600

Original file name:

Jotzey.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\jotzey\updatejotzey.exe

Digital Signature

Signed by:

Jotzey

Authority:

VeriSign, Inc.

Valid from:

1/12/2014 1:00:00 AM

Valid to:

1/13/2015 12:59:59 AM

Subject:

CN=Jotzey, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Jotzey, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4C7B335D1F24250859B4B5C0085A062C

File PE Metadata

Compilation timestamp:

2/12/2014 5:26:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:Pw8f7rLlQfyvIGOKyCUpoBP34wdmBPa0MzSwu0ekObnSKhEVbxgv:tfnWagOyCeolviaDSwu0eFbfyJxO

Entry address:

0x135F2

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, D0, 02, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 50, 00, 00, 00, 5C, 40, 01, 00, 74, 02, 00, 00, 00, 00, 00, 00, 74, 02, 34, 00, 00, 00, 56, 00, 53, 00, 5F, 00, 56, 00, 45, 00, 52, 00, 53, 00, 49, 00... 
[+]

Code size:

69.5 KB (71,168 bytes)

Service

Display name:

Update Jotzey

Type:

Win32OwnProcess

The file updatejotzey.exe has been discovered within the following programs.

Jotzey by Yontoo Technology, Inc.

Jotzey is an adware web browser extension designed to take control of the user's browser in order to redirect web searches and inject advertising. In Internet Explorer the program run as a Browser Helper Object.

jotzey.net/support

81% remove it

Remove updatejotzey.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.