» jingling.exe
Overview
Analysis
File Details
Behaviors (1)

jingling.exe

流量精灵

Rice Electronics Co.,Ltd

The application jingling.exe by Rice Electronics Co.,Ltd has been detected as a potentially unwanted program by 5 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘urlspace’.

File name:

jingling.exe

Publisher:

精灵软件 (signed by Rice Electronics Co.,Ltd)

Product:

流量精灵

Version:

2012.11.8.98

MD5:

b729fdba164515d8c2d7ff91bdc296a5

SHA-1:

67312d5b34c6fa883110613c6d99a755cd7e7d07

SHA-256:

dc0af219db8654e9e0fff421a5ec152198d2caacc0cf51caeb83e85aac04d073

Scanner detections:

5 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 6:14:54 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.DownLoader8.21721

9.0.1.05190

Emsisoft Anti-Malware

Application.Promoter

11.5.0.6191

ESET NOD32

Win32/FlowSpirit potentially unsafe application

8.0.319.0

F-Secure

Riskware.Application.Promoter.A

5.15.96

Norman

Application.Promoter.A

28.05.2016 13:03:37

File size:

640.4 KB (655,792 bytes)

Product version:

4.0.1.4

Original file name:

jingling.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\users\{user}\appdata\local\adobe\9b42ba21-6953-4892-949c-1a4f89f50805\jingling.exe

Digital Signature

Signed by:

Rice Electronics Co.,Ltd

Authority:

VeriSign, Inc.

Valid from:

3/16/2012 12:00:00 AM

Valid to:

3/16/2013 11:59:59 PM

Subject:

CN="Rice Electronics Co.,Ltd", OU=Net Support, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Rice Electronics Co.,Ltd", L=Shenzhen, S=Shenzhen, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

5B0B453A316892B55AC4AFEFBA5B6E7A

File PE Metadata

Compilation timestamp:

11/8/2012 6:20:12 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:1JHzBvz187HuSEaGH65/vMJr2ZXg3lpMlfKWKTO/hXunF5SV60R10n0:1Bpz187HuSEaGH6RqWNyJTOJXunF5SVp

Entry address:

0x4D598

Entry point:

E8, 4C, BE, 00, 00, E9, 17, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8D, 42, FF, 5B, C3, 8D, A4, 24, 00, 00, 00, 00, 8D, 64, 24, 00, 33, C0, 8A, 44, 24, 08, 53, 8B, D8, C1, E0, 08, 8B, 54, 24, 08, F7, C2, 03, 00, 00, 00, 74, 15, 8A, 0A, 83, C2, 01, 3A, CB, 74, CF, 84, C9, 74, 51, F7, C2, 03, 00, 00, 00, 75, EB, 0B, D8, 57, 8B, C3, C1, E3, 10, 56, 0B, D8, 8B, 0A, BF, FF, FE, FE, 7E, 8B, C1, 8B, F7, 33, CB, 03, F0, 03, F9, 83, F1, FF, 83, F0, FF, 33, CF, 33, C6, 83, C2, 04, 81, E1... 
[+]

Code size:

444 KB (454,656 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

urlspace

Command:

C:\users\{user}\appdata\local\adobe\9b42ba21-6953-4892-949c-1a4f89f50805\jingling.exe -h

Remove jingling.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.