jet.exe

Jet

Performersoft LLC

This is part of a Performersoft product, a 'PC optimzation' application that provides minimal benifits and may have been bundled by a third party installer. The application jet.exe by Performersoft has been detected as a potentially unwanted program by 6 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘GoogleChromeAutoLaunch_E45D1D3BD1AEA1FE8AAF50294057F775’. This file is typically installed with the program Jet Browser version 0.2.0.7 by PerformerSoft LLC which is a potentially unwanted software program. It bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins.
Publisher:
Performersoft LLC  (signed and verified)

Product:
Jet

Version:
24.0.1293.0

MD5:
72f4803cdd19f5d9e743d2d57716b7b1

SHA-1:
8d6b534d31f77bc745d4a90daff85eddbb4ee98d

SHA-256:
83893bca7f3cd5c113dd592fb7f5df0b55c3065336334f69bd924c75c5ea3547

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Analysis date:
12/24/2024 11:20:34 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/InstallBrain.BY
7.11.105.44

Boost by Reason
Optional.Startup.Performersoft.D
188838

Comodo Security
UnclassifiedMalware
17023

Reason Heuristics
PUP.Startup.Performersoft.D
14.8.7.22

Trend Micro House Call
TROJ_GEN.F47V0816
7.2.357

VIPRE Antivirus
InstallBrain
21948

File size:
1.2 MB (1,287,136 bytes)

Product version:
24.0.1293.0

Copyright:
Copyright 2012 Performersoft LLC. All rights reserved.

Original file name:
jet.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\performersoft\application\jet.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
6/27/2012 10:28:03 PM

Valid to:
6/27/2015 10:28:03 PM

Subject:
CN=Performersoft LLC, O=Performersoft LLC, L=Beaverton, S=OR, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
07DAC5F73C6773

File PE Metadata
Compilation timestamp:
8/11/2013 5:46:00 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:1QuGT88rO8xPMk36gwwMWbwAG9bOq74vl6v0Ou/HG5gfJ:qlTJP/6IpsAkbP70lK0t/wgfJ

Entry address:
0x94C71

Entry point:
E8, 67, C7, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, 35, 54, 42, 4B, 00, 57, FF, 35, 74, 8B, 51, 00, FF, D6, FF, 35, 70, 8B, 51, 00, 8B, D8, 89, 5D, FC, FF, D6, 8B, F0, 3B, F3, 0F, 82, 81, 00, 00, 00, 8B, FE, 2B, FB, 8D, 47, 04, 83, F8, 04, 72, 75, 53, E8, BD, C7, 00, 00, 8B, D8, 8D, 47, 04, 59, 3B, D8, 73, 48, B8, 00, 08, 00, 00, 3B, D8, 73, 02, 8B, C3, 03, C3, 3B, C3, 72, 0F, 50, FF, 75, FC, E8, 1E, 61, 00, 00, 59, 59, 85, C0, 75, 16, 8D, 43, 10, 3B, C3, 72, 3E, 50, FF, 75, FC, E8...
 
[+]

Entropy:
6.4793

Code size:
713 KB (730,112 bytes)

Scheduled Task
Task name:
{FE32197D-6825-4C58-8F38-82AE18D6E7BA}

Trigger:
Registration (Runs on registration)


3 Shell Open Commands
Open type:
ftp

Command:
"C:\users\{user}\appdata\local\performersoft\application\jet.exe" -- "%1"

Open type:
http

Command:
"C:\users\{user}\appdata\local\performersoft\application\jet.exe" -- "%1"

Open type:
https

Command:
"C:\users\{user}\appdata\local\performersoft\application\jet.exe" -- "%1"


Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
GoogleChromeAutoLaunch

Command:
"C:\users\{user}\appdata\local\performersoft\application\jet.exe" --no-startup-window


The file jet.exe has been discovered within the following program.

Jet Browser version 0.2.0.7  by PerformerSoft LLC
From the Privacy Policy: "We receive and store any information you enter on jetbrowser.com or give us in any other way. You provide most such information when you use the jetbrowser or bundled plugins.
www.jetbrowser.com
67% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-tpe1.fbcdn.net  (31.13.87.5:443)

TCP (HTTP SSL):
Connects to instagram-p3-shv-01-tpe1.fbcdn.net  (31.13.87.52:443)

TCP (HTTP SSL):
Connects to edge-z-m-mini-shv-01-tpe1.facebook.com  (31.13.87.37:443)

TCP (HTTP):
Connects to edge-star-mini-shv-01-tpe1.facebook.com  (31.13.87.36:80)

TCP (HTTP):
Connects to 7b.39.36a9.ip4.static.sl-reverse.com  (169.54.57.123:80)

TCP (HTTP SSL):
Connects to server-54-230-95-158.fra2.r.cloudfront.net  (54.230.95.158:443)

TCP (HTTP SSL):
Connects to cache.google.com  (92.53.32.234:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-hkg3.fbcdn.net  (31.13.95.12:443)

TCP (HTTP SSL):
Connects to instagram-p3-shv-01-hkg3.fbcdn.net  (31.13.95.48:443)

TCP (HTTP):
Connects to f3.31.6132.ip4.static.sl-reverse.com  (50.97.49.243:80)

TCP (HTTP SSL):
Connects to edge-z-m-mini-shv-01-hkg3.facebook.com  (31.13.95.37:443)

TCP (HTTP SSL):
Connects to edge-video-shv-01-hkg3.fbcdn.net  (31.13.95.14:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-hkg3.facebook.com  (31.13.95.8:443)

TCP (HTTP):
Connects to edge-star-mini-shv-01-hkg3.facebook.com  (31.13.95.36:80)

TCP (HTTP):

TCP (HTTP SSL):
Connects to server-54-192-94-173.fra2.r.cloudfront.net  (54.192.94.173:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-fra3.facebook.com  (31.13.93.36:443)

Remove jet.exe - Powered by Reason Core Security