» updatejumpflip.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (1)

updatejumpflip.exe

Jump Flip

Part of the Yontoo web browser plugin (delivers advertisements to the web browser in the form of injected banners, text-links, popups, etc.) the updater mechanism for Jump Flip will automatically keep the extension patched by downloaded new functionality which is auto-enabled by default. The application updatejumpflip.exe by Jump Flip has been detected as adware by 21 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Update Jump Flip”. This file is typically installed with the program Jump Flip by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

updatejumpflip.exe

Publisher:

Jump Flip (signed and verified)

Version:

1.0.5353.516

MD5:

a6851ff6f25a6a974f436d841371806a

SHA-1:

39a5b2d9c483f72371e781460abb1fc85bbc2988

SHA-256:

34a9813fe27a31da14722113b1cdb3f1e703bfe368323bdceed857d896017150

Scanner detections:

21 / 68

Status:

Adware

Explanation:

Part of the Yontoo adware web browser extension update process.

Analysis date:

4/19/2024 9:01:51 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.BrowseFox.I

850

Avira AntiVirus

ADWARE/BrowseFox.Gen7

7.11.176.250

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.14107

Bitdefender

Adware.BrowseFox.I

1.0.20.1400

Comodo Security

UnclassifiedMalware

19725

Dr.Web

Trojan.BPlug.250

9.0.1.05190

Emsisoft Anti-Malware

Adware.BrowseFox

8.14.10.07.12

ESET NOD32

Win32/BrowseFox.H potentially unwanted application

7.0.302.0

Fortinet FortiGate

Adware/Kranet

10/7/2014

F-Secure

Adware.BrowseFox.I

11.2014-07-10_3

G Data

Adware.BrowseFox

14.10.24

K7 AntiVirus

Trojan

13.183.13597

Kaspersky

not-a-virus:HEUR:AdWare.MSIL.Kranet

14.0.0.3137

Malwarebytes

PUP.Optional.JumpFlip.A

v2014.10.07.12

McAfee

BrowseFox.c

5600.6984

MicroWorld eScan

Adware.BrowseFox.I

15.0.0.840

nProtect

Trojan-Clicker/W32.Agent.323360.C

14.10.06.01

Panda Antivirus

Trj/Chgt.E

14.10.07.12

Reason Heuristics

PUP.JumpFlip.O

14.8.28.18

Sophos

Generic PUA DJ

4.98

VIPRE Antivirus

Threat.4741131

33706

File size:

315.8 KB (323,360 bytes)

Product version:

1.0.5353.516

Original file name:

JumpFlip.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\jump flip\updatejumpflip.exe

Digital Signature

Signed by:

Jump Flip

Authority:

VeriSign, Inc.

Valid from:

8/22/2013 3:00:00 AM

Valid to:

8/23/2015 2:59:59 AM

Subject:

CN=Jump Flip, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Jump Flip, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

144CF0B61216826C7F439B5C91A6ABD6

File PE Metadata

Compilation timestamp:

8/28/2014 4:17:28 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:rk6fAzahTayEzcUI7Ihqd7NJkv7SdLVo5QIMgWXb2n:rk6fLR0MLVXZvKn

Entry address:

0x4EBC2

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, CC, 02, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.0914

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

307 KB (314,368 bytes)

Service

Display name:

Update Jump Flip

Type:

Win32OwnProcess

The file updatejumpflip.exe has been discovered within the following program.

Jump Flip by Yontoo Technology, Inc.

Jump Flip is a variant of the Web Cake/ Lucky Leap adware. It is a web browser extension that will modify the user's home and search providers as well as display contextual and popup advertising in the browser.

jumpflip.net/support

88% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to install.jumpflip.net (70.186.131.184:80)

Remove updatejumpflip.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.