jgaasetup.1.5.0_20140911.exe

Jenkat Games Arcade App

Jenkat Media, Inc

The application jgaasetup.1.5.0_20140911.exe by Jenkat Media, Inc has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dm930xmxv1gqs.cloudfront.net and multiple other hosts.
Publisher:
Jenkat Media Inc.  (signed by Jenkat Media, Inc)

Product:
Jenkat Games Arcade App

Version:
1.5.0

MD5:
172d7ed0fdf5a49cdd61717fdac714ba

SHA-1:
c62f7dbe0d1a1a1ed1bfd941f2c4bbd1f218a44c

SHA-256:
feb5f3c3e302e56b03d2075b141d84fbd79d2e9e11853f8d324126c8035828ef

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 12:00:42 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Jenkatedia
2015.0.3352

Reason Heuristics
PUP.Installer.JenkatMedia.V
14.9.13.16

VIPRE Antivirus
Jenkat Media
33020

File size:
1.7 MB (1,763,784 bytes)

Product version:
1.5.0

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\jgaasetup.1.5.0_20140911.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/27/2014 3:00:00 AM

Valid to:
3/30/2015 2:59:59 AM

Subject:
CN="Jenkat Media, Inc", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Jenkat Media, Inc", L=Lake Elmo, S=Minnesota, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5D7470CB5DF1CA3BBA22A38CF2E4AF70

File PE Metadata
Compilation timestamp:
12/6/2009 1:50:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:gYH0l+xC7ndGkdm9DSJgEuVQ56HxLagyGWDL7:NC+xC5GKmRPmCxegyL7

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9896

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file jgaasetup.1.5.0_20140911.exe has been seen being distributed by the following 3 URLs.

Remove jgaasetup.1.5.0_20140911.exe - Powered by Reason Core Security