» updatejumpflip.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (1)

updatejumpflip.exe

Jump Flip

Part of the Yontoo web browser plugin (delivers advertisements to the web browser in the form of injected banners, text-links, popups, etc.) the updater mechanism for Jump Flip will automatically keep the extension patched by downloaded new functionality which is auto-enabled by default. The application updatejumpflip.exe by Jump Flip has been detected as adware by 10 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Update Jump Flip”. This file is typically installed with the program Jump Flip by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

updatejumpflip.exe

Publisher:

Jump Flip (signed and verified)

Version:

1.0.5306.41443

MD5:

2ae9b5a5eec738a615404e5d819fb205

SHA-1:

d7f9266edcf59f4b965c1d323de1519f503ce9d2

SHA-256:

7b9a4c38a96193e92eadcbd1dd2e115b5ec68125bc7f8b306d5fb699de5af366

Scanner detections:

10 / 68

Status:

Adware

Explanation:

Part of the Yontoo adware web browser extension update process.

Analysis date:

4/25/2024 1:10:03 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.14825

ESET NOD32

Win32/BrowseFox (variant)

8.10205

IKARUS anti.virus

PUA.BrowseFox

t3scan.1.6.1.0

Kaspersky

not-a-virus:HEUR:AdWare.MSIL.Kranet

14.0.0.3352

Malwarebytes

PUP.Optional.JumpFlip.A

v2014.08.25.01

Reason Heuristics

PUP.JumpFlip.O

14.8.25.13

Trend Micro House Call

Suspicious_GEN.F47V0715

7.2.237

VIPRE Antivirus

Yontoo

31936

File size:

314.3 KB (321,824 bytes)

Product version:

1.0.5306.41443

Original file name:

JumpFlip.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\jump flip\updatejumpflip.exe

Digital Signature

Signed by:

Jump Flip

Authority:

VeriSign, Inc.

Valid from:

8/22/2013 1:00:00 AM

Valid to:

8/23/2015 12:59:59 AM

Subject:

CN=Jump Flip, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Jump Flip, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

144CF0B61216826C7F439B5C91A6ABD6

File PE Metadata

Compilation timestamp:

7/13/2014 1:01:41 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:o2cBn8uVLkrQmChkjY631tILjEMs7TJdh5MQzpbHIY:o2cBzVL5mCxkxAyNIY

Entry address:

0x4E5AA

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, D8, 02, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

305.5 KB (312,832 bytes)

Service

Display name:

Update Jump Flip

Type:

Win32OwnProcess

The file updatejumpflip.exe has been discovered within the following program.

Jump Flip by Yontoo Technology, Inc.

Jump Flip is a variant of the Web Cake/ Lucky Leap adware. It is a web browser extension that will modify the user's home and search providers as well as display contextual and popup advertising in the browser.

jumpflip.net/support

88% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to install.jumpflip.net (70.186.131.184:80)

Remove updatejumpflip.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.