» jamben.exe
Overview
Analysis
File Details
Behaviors (1)

jamben.exe

Wei Liu

The application jamben.exe by Wei Liu has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Protect Service(JambenP)”.

File name:

jamben.exe

Publisher:

Wei Liu (signed and verified)

MD5:

9afbe45a292ab67d0a27e047aa31b3f3

SHA-1:

7251425f9a3495a970e182e75dc20c5143adeb97

SHA-256:

083ba73153cb35ff89d70a5bd8e968b9d80f803981e45351a52e2c721682cab9

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/16/2024 2:28:34 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Elex (M)

16.8.25.10

File size:

412.4 KB (422,272 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\jamben\jamben.exe

Digital Signature

Signed by:

Wei Liu

Authority:

thawte, Inc.

Valid from:

8/25/2016 8:00:00 AM

Valid to:

4/2/2017 7:59:59 AM

Subject:

CN=Wei Liu, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

63623471CD3D876800E845960AF737FD

File PE Metadata

Compilation timestamp:

8/25/2016 1:17:54 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

12288:pCZycKXS9pxiVQOjjzbK3XX1MzgTX1FDlj:YPYze31M0T1plj

Entry address:

0x25058

Entry point:

E8, 5B, 08, 00, 00, E9, 80, FE, FF, FF, FF, 25, 60, 83, 44, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, F2, C3, 8B, 4D, F0, 33, CD, F2, E8, 6D, F7, FF, FF, F2, E9, DA, FF, FF, FF, 8B, 4D, EC, 33, CD, F2, E8, 5C, F7, FF, FF, F2, E9, C9, FF, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 70, 10, 46, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, F2, C3, 50, 64, FF, 35, 00... 
[+]

Entropy:

6.5042

Code size:

283.5 KB (290,304 bytes)

Service

Display name:

Protect Service(JambenP)

Service name:

JambenP

Description:

To ensure your Jamben software integrity. If this service is disabled or stopped, your Jamben software will not be kept integrity check. This service uninstalls itself when there is no Jamben software

Type:

Win32OwnProcess

Depends on:

RpcSs

Remove jamben.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.