» utiljumpflip.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (2)
Network (1)

utiljumpflip.exe

Jump Flip

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application utiljumpflip.exe by Jump Flip has been detected as adware by 6 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Util Jump Flip”. This file is typically installed with the program Jump Flip by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

utiljumpflip.exe

Publisher:

Jump Flip (signed and verified)

Version:

1.0.5289.39477

MD5:

2e620735a3242572414fbe9941361fb8

SHA-1:

83779439edab5b9f430eac763e8ebea3946f325c

SHA-256:

b019ebcc3b4b5327a98487a8d1a0295598817dd9be893acc2ee7fac904d4dff8

Scanner detections:

6 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/19/2024 1:00:42 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.14627

ESET NOD32

Win32/BrowseFox (variant)

8.10009

Malwarebytes

PUP.Optional.JumpFlip.A

v2014.06.27.12

Reason Heuristics

PUP.Service.JumpFlip.M

14.8.8.0

Trend Micro House Call

Suspicious_GEN.F47V0626

7.2.178

VIPRE Antivirus

Yontoo

30700

File size:

311.3 KB (318,752 bytes)

Product version:

1.0.5289.39477

Original file name:

JumpFlip.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\jump flip\bin\utiljumpflip.exe

Digital Signature

Signed by:

Jump Flip

Authority:

VeriSign, Inc.

Valid from:

8/22/2013 1:00:00 AM

Valid to:

8/23/2015 12:59:59 AM

Subject:

CN=Jump Flip, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Jump Flip, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

144CF0B61216826C7F439B5C91A6ABD6

File PE Metadata

Compilation timestamp:

6/25/2014 11:56:10 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:8KNBn8EvuDK50VknNqBwpdFD0wrn/gVHmubQ:8KNBRvZ50UcwQGR

Entry address:

0x4D8DE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.0875

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

302.5 KB (309,760 bytes)

Service

Display name:

Util Jump Flip

Type:

Win32OwnProcess

The file utiljumpflip.exe has been discovered within the following programs.

Buzzdock by Alactro LLC

This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.

www.buzzdock.com/faq-support

79% remove it

Jump Flip by Yontoo Technology, Inc.

Jump Flip is a variant of the Web Cake/ Lucky Leap adware. It is a web browser extension that will modify the user's home and search providers as well as display contextual and popup advertising in the browser.

jumpflip.net/support

88% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to install.jumpflip.net (70.186.131.184:80)

Remove utiljumpflip.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.