home

windows xp media center edition 2005 oem sp4 2013.exe

JInstall

Jelbrus LLC

The application windows xp media center edition 2005 oem sp4 2013.exe by Jelbrus has been detected as adware by 12 anti-malware scanners. The file has been seen being downloaded from amazingexperience.net.
Publisher:
Jelbrus LLC  (signed and verified)

Product:
JInstall

Description:
Jelbrus Install

Version:
1.2.0.0

MD5:
2ac6c159742da903dab927a1cafc6479

SHA-1:
e61dead0d91fa59ad3d8567ee88d8fdbbeeca3a7

SHA-256:
c75fb380be5074a2bc749523638f948f8cbc0e42594a9944a92e09f8a06e1fd4

Scanner detections:
12 / 68

Status:
Adware

Analysis date:
4/25/2024 6:31:03 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Adware/Win32.Agent
2015.05.29

Avira AntiVirus
ADWARE/Techsnab.9058
8.3.1.6

AVG
Jelbrus
2016.0.3095

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Privitize.54
9.0.1.05190

ESET NOD32
Win32/Techsnab.G potentially unwanted application
7.0.302.0

IKARUS anti.virus
PUA.Techsnab
t3scan.1.9.2.0

K7 AntiVirus
Adware
13.204.16062

Malwarebytes
PUP.Optional.Jelbrus.A
v2015.05.28.05

Panda Antivirus
Generic Suspicious
15.05.28.05

Reason Heuristics
PUP.Techsnab.Installer
15.5.28.13

VIPRE Antivirus
Threat.5079017
40552

File size:
213 KB (218,152 bytes)

Product version:
1.2.0.0

Copyright:
Copyright 2015 Jelbrus, All rights reserved.

Original file name:
JSoft.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\windows xp media center edition 2005 oem sp4 2013.exe

Digital Signature
Signed by:
Jelbrus LLC

Authority:
Thawte, Inc.

Valid from:
10/8/2014 7:00:00 PM

Valid to:
10/8/2016 6:59:59 PM

Subject:
CN=Jelbrus LLC, O=Jelbrus LLC, L=Moscow, S=Moscow, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7EFEBD32727C3DC5744B9CB679179D43

File PE Metadata
Compilation timestamp:
5/13/2015 5:42:34 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
3072:zZRb+Ij3dB6NoOsNp0ALbPl4VLng3+mVsHcJaQOMpAQd1h2eEPV:zZRqIj3dBZD/PPl4VjQC+EMH2eIV

Entry address:
0x13C8A

Entry point:
E8, 46, 77, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, A0, 95, 42, 00, E8, 40, 48, 00, 00, E8, 50, 3C, 00, 00, 0F, B7, F0, 6A, 02, E8, D9, 76, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 77, 44, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.6299

Code size:
132.5 KB (135,680 bytes)

The file windows xp media center edition 2005 oem sp4 2013.exe has been seen being distributed by the following URL.

http://amazingexperience.net/index.php?v=GGsLZdlzw6ZPktEX&channel=pbanl&fln=V2luZG93cyBYUCBNZWRpYSBDZW50ZXIgRWRpdGlvbiAyMDA1IE9FTSBTUDQgMjAxMw==&t=1432751382&rnd=

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.