Jays Booter.exe

Jays Booter

The executable Jays Booter.exe has been detected as malware by 16 anti-virus scanners. While running, it connects to the Internet address 01-sh-r10u21-ss25.simplehelix.host on port 80 using the HTTP protocol.
Product:
Jays Booter

Version:
1.0.0.0

MD5:
7cdb03183729c0ae153dce23d304a522

SHA-1:
183213f8f83975dbed78daa1e2ccd2558856c301

SHA-256:
cafec1e3ffa54b457c7490f9eb38693bf247b7be4a50c38b967b393fb90ab7b6

Scanner detections:
16 / 68

Status:
Malware

Analysis date:
11/24/2024 1:59:39 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11311289
886

Avira AntiVirus
TR/Drop.Agent.1642496.1
7.11.169.164

avast!
Win32:Dropper-gen [Drp]
2014.9-140901

Bitdefender
Trojan.Generic.11311289
1.0.20.1220

Dr.Web
Trojan.Packed.26063
9.0.1.0244

Emsisoft Anti-Malware
Trojan.Generic.11311289
8.14.09.01.07

F-Secure
Trojan.Generic.11311289
11.2014-01-09_2

G Data
Trojan.Generic.11311289
14.9.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.7.5.0

Malwarebytes
Trojan.MSIL
v2014.09.01.07

McAfee
Artemis!7CDB03183729
5600.7020

MicroWorld eScan
Trojan.Generic.11311289
15.0.0.732

NANO AntiVirus
Trojan.Win32.PassView.dbsgiq
0.28.2.61861

nProtect
Trojan.Generic.11311289
14.08.27.01

Qihoo 360 Security
Win32/Trojan.Dropper.c9f
1.0.0.1015

Trend Micro House Call
TROJ_GEN.R0CBH09HQ14
7.2.244

File size:
1.6 MB (1,642,496 bytes)

Product version:
1.0.0.0

Original file name:
Jays Booter.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\appclient\jays booter.exe

File PE Metadata
Compilation timestamp:
3/4/2013 2:01:32 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:diV+Ka6EvkacpXkQC0w6DGpvuM8vJllui3lJMzNKgk+JSX:diVbaPvkacpUQCqDGpWM8vJlQiLMzWoS

Entry address:
0x16440E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.8968

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.4 MB (1,451,520 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to web16.talkactive.net  (195.128.174.116:80)

TCP (HTTP):
Connects to ip-107-180-2-252.ip.secureserver.net  (107.180.2.252:80)

TCP (HTTP):
Connects to ec2-54-210-232-124.compute-1.amazonaws.com  (54.210.232.124:80)

TCP (HTTP):
Connects to box1325.bluehost.com  (50.87.249.125:80)

TCP (HTTP):
Connects to 147.62.236.23.bc.googleusercontent.com  (23.236.62.147:80)

TCP (HTTP):
Connects to web42.talkactive.net  (195.128.174.142:80)

TCP (HTTP):
Connects to vps4d14.vdrs.net  (112.78.4.14:80)

TCP (HTTP):
Connects to p578bb7e7.dip0.t-ipconnect.de  (87.139.183.231:80)

TCP (HTTP):
Connects to p3slh105.shr.phx3.secureserver.net  (208.109.181.121:80)

TCP (HTTP):
Connects to mail.sfp.gov.ye  (82.114.162.10:80)

TCP (HTTP):
Connects to ip-107-180-20-80.ip.secureserver.net  (107.180.20.80:80)

TCP (HTTP):
Connects to d5152fa75.static.telenet.be  (81.82.250.117:80)

TCP (HTTP):
Connects to cpanel43.uk2.net  (77.92.84.127:80)

TCP (HTTP):
Connects to cp-41.webhostbox.net  (209.99.16.15:80)

TCP (HTTP):
Connects to 190-6-204-197.reverse.cablecolor.hn  (190.6.204.197:80)

TCP (HTTP):
Connects to 01-sh-r10u21-ss25.simplehelix.host  (74.119.234.5:80)

Remove Jays Booter.exe - Powered by Reason Core Security