home

{840d7e90-e8e6-60ea-14c3-20a1840d7e90}.exe

Jetico, Inc. UnPack

Jetico, Inc.

The executable {840d7e90-e8e6-60ea-14c3-20a1840d7e90}.exe, “Jetico Setup Utility...” has been detected as malware by 24 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from tuvaustriahellas.gr and multiple other hosts.
Publisher:
Jetico, Inc.

Product:
Jetico, Inc. UnPack

Description:
Jetico Setup Utility...

Version:
3.05

MD5:
8f9c419b158cb03ecbc895b243d5550b

SHA-1:
aa024df42f48ccf4b6fa709b024f3ec9a1f6f9ee

SHA-256:
9fbe81ca5c1d4885bcdff3f78f992a2f4880209ac7f1f5d09e6fa5c80e5d10dc

Scanner detections:
24 / 68

Status:
Malware

Analysis date:
1/15/2025 8:28:39 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1517540
1099

Avira AntiVirus
TR/TorSolar.A.13
7.11.127.90

avast!
Win32:Malware-gen
2014.9-140131

AVG
Agent4
2015.0.3577

Baidu Antivirus
Trojan.Win32.Napolar
4.0.3.14131

Bitdefender
Trojan.GenericKD.1517540
1.0.20.155

Comodo Security
UnclassifiedMalware
17684

Dr.Web
Trojan.PWS.Panda.5841
9.0.1.031

Emsisoft Anti-Malware
Trojan.GenericKD.1517540
8.14.01.31.08

ESET NOD32
Win32/Napolar
8.9343

Fortinet FortiGate
W32/Agent.AEDVZ!tr
1/31/2014

F-Secure
Trojan.GenericKD.1517540
11.2014-31-01_6

G Data
Trojan.GenericKD.1517540
14.1.24

IKARUS anti.virus
Virus.Win32.Cryptor
t3scan.2.2.29

Kaspersky
Trojan.Win32.Agent
14.0.0.4381

Microsoft Security Essentials
Trojan:Win32/Napolar.A
1.165.247.01

MicroWorld eScan
Trojan.GenericKD.1517540
15.0.0.93

Norman
Obfuscated_J.OVR
11.20140131

nProtect
Trojan.GenericKD.1517540
14.01.27.01

Panda Antivirus
Suspicious file
14.01.31.08

Qihoo 360 Security
Win32/Trojan.Multi.daf
1.0.0.1015

Reason Heuristics
Unnamed.Threat.36
14.3.6.11

Sophos
Mal/Generic-S
4.97

Trend Micro House Call
TROJ_GEN.R0C1H0AAP14
7.2.31

File size:
248.5 KB (254,464 bytes)

Product version:
3.05

Copyright:
Copyright © 1999-2010

Original file name:
UnPack.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\{840d7e90-e8e6-60ea-14c3-20a1840d7e90}.exe

File PE Metadata
Compilation timestamp:
1/25/2014 7:16:51 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:9RWpdikDKN+GqVkgWJ++B16rvB2qJIV7809:9RWpoMxjJmt

Entry address:
0x19D6

Entry point:
E8, C1, 30, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, C2, 2D, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 58, 14, 41, 00, 74, 12, 8B, 0D, 10, 12, 41, 00, 85, 48, 70, 75, 07, E8, F1, 3A, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 18, 11, 41, 00, 74, 16, 8B, 46, 08, 8B, 0D, 10, 12, 41, 00, 85, 48, 70, 75, 08, E8, 50, 33, 00, 00, 89, 46, 04, 8B, 46, 08, F6, 40, 70, 02, 75, 14, 83, 48, 70, 02, C6, 46, 0C, 01, EB, 0A...
 
[+]

Code size:
44 KB (45,056 bytes)

User Start Menu Item
Name:
{840d7e90-e8e6-60ea-14c3-20a1840d7e90}.exe


The file {840d7e90-e8e6-60ea-14c3-20a1840d7e90}.exe has been seen being distributed by the following 6 URLs.

http://tuvaustriahellas.gr/?nr4hi9=5d9fb5cbf8

http://tuvaustriahellas.gr/?tr80ha=d87c285ba56e0ee2

http://tuvaustriahellas.gr/?v1w04ghh=1c77a224b2b404dde2928da5

http://tuvaustriahellas.gr/?rr23bd=3a487a6

http://tuvaustriahellas.gr/?kpd4ew=79b8b73d23ce9e5

http://tuvaustriahellas.gr/?cp1hdti21=3713c71d7135b

Remove {840d7e90-e8e6-60ea-14c3-20a1840d7e90}.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.