jetmp3.exe

AdPeak, Inc

This is the instaler for an an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. The application jetmp3.exe by AdPeak, Inc has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from cdn.install.oibundles2.com.
Publisher:
AdPeak, Inc  (signed and verified)

MD5:
6400ee4c3e0e033cd9fed31805828a44

SHA-1:
5688de707271c7df5e375762934be14848bc89fc

SHA-256:
9d0f310a90368f0c53dca6d036c30301d300e3f925f655ec5ff6847d3097f7d7

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
12/25/2024 12:42:49 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Downloader.Generic12
2014.0.3542

Boost by Reason
Adware.AdPeak.G
2013.8.28.0

Norman
Downloader
11.20130828

Reason Heuristics
PUP.AdPeak.G
14.8.7.19

Trend Micro House Call
TROJ_GEN.FFFCBBD
7.2.240

Trend Micro
TROJ_GEN.FFFCBBD
10.465.28

VIPRE Antivirus
Trojan.Win32.Generic
18806

File size:
48.5 KB (49,632 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\jetmp3.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
12/16/2011 8:00:10 PM

Valid to:
9/16/2012 10:43:44 AM

Subject:
CN="AdPeak, Inc", O="AdPeak, Inc", L=Sarasota, S=FL, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
0B871F1E83E3

File PE Metadata
Compilation timestamp:
12/5/2009 2:52:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:L/pT8mhxeQ/IkJTCxw+bzvDBnqb4WjXO3XJjC452TuUS3/xH4Kei9O05ENCzYm:rumhxebkJf+FTXJjC452Tu/T9Oij

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.0699

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file jetmp3.exe has been seen being distributed by the following URL.

Remove jetmp3.exe - Powered by Reason Core Security