» jingling.exe
Overview
Analysis
File Details
Behaviors (1)
Network (2)

jingling.exe

流量精灵

精灵软件

The executable jingling.exe has been detected as malware by 19 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘urlspace’. While running, it connects to the Internet address 109.242.178.107.bc.googleusercontent.com on port 80 using the HTTP protocol.

File name:

jingling.exe

Publisher:

精灵软件

Product:

流量精灵

Version:

2013.10.10.100

MD5:

c80e47faebd2c69b45d4b25e69bd6d07

SHA-1:

379c1e32cdd0e520f32dd94f3a3055d0d09a7e67

SHA-256:

14565feb9a8cd2d40e440bc6e1dc055948704912acbc99cacf6f4f7dc24387f2

Scanner detections:

19 / 68

Status:

Malware

Analysis date:

11/5/2024 4:49:36 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1837899

308

AegisLab AV Signature

W32.Parite

2.1.4+

AhnLab V3 Security

Unwanted/Win32.Agent

2014.10.01

Baidu Antivirus

Hacktool.Win32.FlowSpirit

4.0.3.1642

Bitdefender

Trojan.GenericKD.1837899

1.0.20.465

Emsisoft Anti-Malware

Trojan.GenericKD.1837899

8.16.04.02.05

ESET NOD32

Win32/FlowSpirit (variant)

10.10489

Fortinet FortiGate

Riskware/FlowSpirit

4/2/2016

F-Secure

Trojan.GenericKD.1837899

11.2016-02-04_7

G Data

Trojan.GenericKD.1837899

16.4.24

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.7.8.0

K7 AntiVirus

Trojan

13.183.13535

McAfee

Artemis!C80E47FAEBD2

5600.6442

MicroWorld eScan

Trojan.GenericKD.1837899

17.0.0.279

NANO AntiVirus

Trojan.Win32.DownLoader10.cqvkbc

0.28.2.62440

nProtect

Trojan.GenericKD.1837899

14.09.30.01

Rising Antivirus

PE:Trojan.Win32.Generic.1759A36A!391750506

23.00.65.16331

Sophos

Generic PUA DH

4.98

Trend Micro House Call

TROJ_GEN.R002H09I414

7.2.93

File size:

617.5 KB (632,320 bytes)

Product version:

4.0.3.1

Original file name:

jingling.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese

Common path:

C:\users\{user}\appdata\roaming\spiritsoft\urlspirit\jingling.exe

File PE Metadata

Compilation timestamp:

10/9/2013 11:21:13 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:Xywuzfu4RNcQ+JHspCU60o0EWRowQfplbR/aTrVcUunF5SV65Ri:XyhvcQIHspCU69nA7yztyTraUunF5SVL

Entry address:

0x4D228

Entry point:

E8, 4C, BE, 00, 00, E9, 17, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8D, 42, FF, 5B, C3, 8D, A4, 24, 00, 00, 00, 00, 8D, 64, 24, 00, 33, C0, 8A, 44, 24, 08, 53, 8B, D8, C1, E0, 08, 8B, 54, 24, 08, F7, C2, 03, 00, 00, 00, 74, 15, 8A, 0A, 83, C2, 01, 3A, CB, 74, CF, 84, C9, 74, 51, F7, C2, 03, 00, 00, 00, 75, EB, 0B, D8, 57, 8B, C3, C1, E3, 10, 56, 0B, D8, 8B, 0A, BF, FF, FE, FE, 7E, 8B, C1, 8B, F7, 33, CB, 03, F0, 03, F9, 83, F1, FF, 83, F0, FF, 33, CF, 33, C6, 83, C2, 04, 81, E1... 
[+]

Code size:

443 KB (453,632 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

urlspace

Command:

C:\users\{user}\appdata\roaming\spiritsoft\urlspirit\jingling.exe -h

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-54-230-81-79.mia50.r.cloudfront.net (54.230.81.79:80)

TCP (HTTP):

Connects to 109.242.178.107.bc.googleusercontent.com (107.178.242.109:80)

Remove jingling.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.