jgaasetup.1.3.0.exe

Jenkat Games Arcade App

Jenkat Media, Inc

The application jgaasetup.1.3.0.exe by Jenkat Media, Inc has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from 91.74.184.67 and multiple other hosts.
Publisher:
Jenkat Media Inc.  (signed by Jenkat Media, Inc)

Product:
Jenkat Games Arcade App

Version:
1.3.0

MD5:
5de7e3ee84a4a68046927ac1b63d9ec2

SHA-1:
719677916530cbd2a7d123893e58d096743fe2fb

SHA-256:
bc028c8da08a85d720759a5feed89f12322c133b93a9c8626c57442d98ebc78d

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 11:08:40 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

AVG
Jenkatedia
2015.0.3423

McAfee
Artemis!5DE7E3EE84A4
5600.7079

Reason Heuristics
PUP.Installer.JenkatMedia.M
14.7.5.11

Trend Micro House Call
Suspicious_GEN.F47V0702
7.2.186

VIPRE Antivirus
Jenkat Media
30978

File size:
1.7 MB (1,767,800 bytes)

Product version:
1.3.0

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\jgaasetup.1.3.0.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/26/2014 7:00:00 PM

Valid to:
3/29/2015 6:59:59 PM

Subject:
CN="Jenkat Media, Inc", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Jenkat Media, Inc", L=Lake Elmo, S=Minnesota, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5D7470CB5DF1CA3BBA22A38CF2E4AF70

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:KYtNEvMLqyMDLYq2MtZ1yAxxdlOuL1y3OpbFVUMvdHHUqO8Zyg5DalEz4qWY7ra:KYyJIbGPflq+JVpvtUqnZyg1wYHa

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9895

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file jgaasetup.1.3.0.exe has been seen being distributed by the following 4 URLs.

http://91.74.184.67/.../jgaasetup.1.3.0.exe

Remove jgaasetup.1.3.0.exe - Powered by Reason Core Security