jgaasetup.1.2.0.exe

Jenkat Games Arcade App

Jenkat Media, Inc

The application jgaasetup.1.2.0.exe by Jenkat Media, Inc has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from d1s8azhe8rpvoz.cloudfront.net.
Publisher:
Jenkat Media Inc.  (signed by Jenkat Media, Inc)

Product:
Jenkat Games Arcade App

Version:
1.2.0

MD5:
ff72b29162c8498993153b00d15a4854

SHA-1:
2a98369fd194367754f359b0820aa1ae38f39cdf

SHA-256:
aec4d0aa4f1bbea47374e1bc5f7bebda168deeb65bd31a9704434d184867ac29

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 4:33:35 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Jenkatedia
2015.0.3429

Reason Heuristics
PUP.Installer.JenkatMedia.M
14.6.29.7

VIPRE Antivirus
Jenkat Media
30724

File size:
1.7 MB (1,767,792 bytes)

Product version:
1.2.0

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\jgaasetup.1.2.0.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/27/2014 1:00:00 AM

Valid to:
3/30/2015 1:59:59 AM

Subject:
CN="Jenkat Media, Inc", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Jenkat Media, Inc", L=Lake Elmo, S=Minnesota, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5D7470CB5DF1CA3BBA22A38CF2E4AF70

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:LYZ/aDQCZBee1ASrWKf4C1whhOZUCDxgbbrQ/mCA0n4e:sIcCjejSrWKf4C1wmZUCDxgbSD53

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file jgaasetup.1.2.0.exe has been seen being distributed by the following URL.

Remove jgaasetup.1.2.0.exe - Powered by Reason Core Security