» utiljumpflip.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (2)
Network (1)

utiljumpflip.exe

Jump Flip

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application utiljumpflip.exe by Jump Flip has been detected as adware by 8 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Util Jump Flip”. Additionally, the file is typically installed by a number of programs including Jump Flip by Yontoo Technology, Inc. and Buzzdock by Alactro LLC, both potentially unwanted software. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

utiljumpflip.exe

Publisher:

Jump Flip (signed and verified)

Version:

1.0.5340.24713

MD5:

8e7f6ad53d04161453a9ea3c78d26aa2

SHA-1:

f0bb0fceb9cb774db7ae23d446f35c8b14196774

SHA-256:

52997b7f3846dfd7344476cc547939a529efc1625393d2fe9bb9751c2d81ccac

Scanner detections:

8 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/19/2024 12:13:06 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.14816

ESET NOD32

Win32/BrowseFox.H potentially unwanted application

7.0.302.0

IKARUS anti.virus

PUA.BrowseFox

t3scan.1.7.5.0

Kaspersky

not-a-virus:HEUR:AdWare.MSIL.Kranet

15.0.0.494

Malwarebytes

PUP.Optional.JumpFlip.A

v2014.08.16.05

Qihoo 360 Security

Win32/Virus.Adware.e4c

1.0.0.1015

Reason Heuristics

PUP.JumpFlip.M

14.8.16.5

VIPRE Antivirus

Threat.4741131

32210

File size:

315.8 KB (323,360 bytes)

Product version:

1.0.5340.24713

Original file name:

JumpFlip.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\jump flip\bin\utiljumpflip.exe

Digital Signature

Signed by:

Jump Flip

Authority:

VeriSign, Inc.

Valid from:

8/22/2013 2:00:00 AM

Valid to:

8/23/2015 1:59:59 AM

Subject:

CN=Jump Flip, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Jump Flip, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

144CF0B61216826C7F439B5C91A6ABD6

File PE Metadata

Compilation timestamp:

8/15/2014 4:44:02 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:b2EfAzPARHAALEBY75Hkd77Fc7AkUxR+HYIMlEXb/uiLO:b2EfeIfIxRyYZ6buiLO

Entry address:

0x4EBBA

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, D8, 02, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 38, 00, 00, 80, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

307 KB (314,368 bytes)

Service

Display name:

Util Jump Flip

Type:

Win32OwnProcess

The file utiljumpflip.exe has been discovered within the following programs.

Buzzdock by Alactro LLC

This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.

www.buzzdock.com/faq-support

79% remove it

Jump Flip by Yontoo Technology, Inc.

Jump Flip is a variant of the Web Cake/ Lucky Leap adware. It is a web browser extension that will modify the user's home and search providers as well as display contextual and popup advertising in the browser.

jumpflip.net/support

88% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to install.jumpflip.net (70.186.131.184:80)

Remove utiljumpflip.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.