jingling.exe

流量精灵

Rice Electronics Co.,Ltd

The application jingling.exe by Rice Electronics Co.,Ltd has been detected as a potentially unwanted program by 16 anti-malware scanners. While running, it connects to the Internet address ads28.stickyadstv.com on port 80 using the HTTP protocol.
Publisher:
精灵软件  (signed by Rice Electronics Co.,Ltd)

Product:
流量精灵

Version:
2012.11.1.97

MD5:
b63961d271e74d1ee40e127245592ed9

SHA-1:
6e1f52dbcc1f77cc034ead3ae4f0ac356bba9365

SHA-256:
b1d52ab1485be02f0f237b2816a900bedaaa80f517afa4b536f12dfe181ab995

Scanner detections:
16 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 6:26:25 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Agent.AXVR
1058

AhnLab V3 Security
Trojan/Win32.Clicker
2014.03.07

Bitdefender
Trojan.Agent.AXVR
1.0.20.360

Bkav FE
W32.Clod91b.Trojan
1.3.0.4959

Comodo Security
Heur.Suspicious
17893

Dr.Web
Trojan.DownLoader8.21721
9.0.1.072

Emsisoft Anti-Malware
Trojan.Agent.AXVR
8.14.03.13.03

ESET NOD32
Win32/FlowSpirit (variant)
8.9508

F-Secure
Trojan.Agent.AXVR
11.2014-13-03_5

G Data
Trojan.Agent.AXVR
14.3.24

IKARUS anti.virus
Trojan-Dropper.Agent
t3scan.2.2.29

McAfee
Artemis!B63961D271E7
5600.7192

MicroWorld eScan
Trojan.Agent.AXVR
15.0.0.216

nProtect
Trojan.Agent.AXVR
14.03.06.01

Qihoo 360 Security
Win32/Trojan.Adware.37e
1.0.0.1015

VIPRE Antivirus
Trojan.Win32.Generic
27132

File size:
639.9 KB (655,280 bytes)

Product version:
4.0.1.3

Copyright:
Copyright 2012 Spiritsoft All Rights Reserved.

Original file name:
jingling.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/16/2012 3:00:00 AM

Valid to:
3/17/2013 2:59:59 AM

Subject:
CN="Rice Electronics Co.,Ltd", OU=Net Support, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Rice Electronics Co.,Ltd", L=Shenzhen, S=Shenzhen, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5B0B453A316892B55AC4AFEFBA5B6E7A

File PE Metadata
Compilation timestamp:
11/1/2012 9:36:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:qXdAPA6HkwbHBEPYD3BFHxBmD1w0pbqTKYunF5SV60R10n+:qD6HkwbHBEPYD3/y1FGTKYunF5SV6Vn+

Entry address:
0x4D398

Entry point:
E8, 4C, BE, 00, 00, E9, 17, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8D, 42, FF, 5B, C3, 8D, A4, 24, 00, 00, 00, 00, 8D, 64, 24, 00, 33, C0, 8A, 44, 24, 08, 53, 8B, D8, C1, E0, 08, 8B, 54, 24, 08, F7, C2, 03, 00, 00, 00, 74, 15, 8A, 0A, 83, C2, 01, 3A, CB, 74, CF, 84, C9, 74, 51, F7, C2, 03, 00, 00, 00, 75, EB, 0B, D8, 57, 8B, C3, C1, E3, 10, 56, 0B, D8, 8B, 0A, BF, FF, FE, FE, 7E, 8B, C1, 8B, F7, 33, CB, 03, F0, 03, F9, 83, F1, FF, 83, F0, FF, 33, CF, 33, C6, 83, C2, 04, 81, E1...
 
[+]

Entropy:
6.5436

Code size:
443.5 KB (454,144 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-mxp1.facebook.com  (31.13.86.36:443)

TCP (HTTP):
Connects to v133-130-91-14.a020.g.tyo1.static.cnode.io  (133.130.91.14:80)

TCP (HTTP):

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-mxp1.fbcdn.net  (31.13.86.4:443)

TCP (HTTP):
Connects to wb-in-f82.1e100.net  (66.102.1.82:80)

TCP (HTTP):
Connects to server-54-230-197-104.lhr50.r.cloudfront.net  (54.230.197.104:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-mxp1.facebook.com  (31.13.86.8:443)

TCP (HTTP):
Connects to ec2-54-229-231-163.eu-west-1.compute.amazonaws.com  (54.229.231.163:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to 178-175-130-163.static.host  (178.175.130.163:80)

TCP (HTTP):
Connects to server30523.uk2net.com  (83.170.73.152:80)

TCP (HTTP):
Connects to a104-126-45-167.deploy.static.akamaitechnologies.com  (104.126.45.167:80)

TCP (HTTP):
Connects to widget.criteo.com  (178.250.2.80:80)

TCP (HTTP):
Connects to static.criteo.net  (178.250.0.74:80)

TCP (HTTP):
Connects to spdc.pbp.vip.ir2.yahoo.com  (188.125.66.33:80)

TCP (HTTP):
Connects to server-54-239-164-106.lhr50.r.cloudfront.net  (54.239.164.106:80)

TCP (HTTP):
Connects to server-52-85-63-69.lhr50.r.cloudfront.net  (52.85.63.69:80)

TCP (HTTP):
Connects to server-52-85-63-238.lhr50.r.cloudfront.net  (52.85.63.238:80)

Remove jingling.exe - Powered by Reason Core Security