» jollywallet-firefoxinstaller.exe
Overview
Analysis
File Details
Programs (1)
Network (3)

jollywallet-firefoxinstaller.exe

Radyoos Media Ltd.

The application jollywallet-firefoxinstaller.exe by Radyoos Media has been detected as adware by 22 anti-malware scanners. This file is typically installed with the program JollyWallet by Radyoos Media Ltd. which is a potentially unwanted software program. The Firefox Installer is part of the Crossrider toolbar platform and is designed to install the Crossrider plugin within Mozilla Firefox. It will also manage the Firefox SQLite connectivity. While running, it connects to the Internet address stats.srvstatsdata.com on port 80 using the HTTP protocol.

File name:

Publisher:

jollywallet (signed by Radyoos Media Ltd.)

Product:

jollywallet

Description:

jollywallet exe

Version:

1000.1000.1000.1000

MD5:

b96d777a320d21a19303dd6c9280bbf7

SHA-1:

1078e7a7187cb08efcd38b1387bcfced1210280c

SHA-256:

d42bfae73f06023ddfbe750e6275ff2a8925d38430dc6c82508d4c283b422725

Scanner detections:

22 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. It will download and install the extension for Firefox.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Radyoos Media Ltd..

Analysis date:

2/24/2025 7:31:01 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.5u1@kiYoJAeO

762

Avira AntiVirus

Adware/CrossRider.A.7105

7.11.197.26

avast!

Win32:Crossrider-AI [PUP]

2014.9-150103

AVG

Generic5

2016.0.3240

Bitdefender

Gen:Application.Heur.5u1@kiYoJAeO

1.0.20.15

Comodo Security

ApplicUnwnt

20436

Dr.Web

Trojan.Crossrider.950

9.0.1.03

ESET NOD32

Win32/Toolbar.CrossRider (variant)

9.10911

Fortinet FortiGate

Riskware/Toolbar_CrossRider

1/3/2015

F-Secure

Gen:Application.Heur.5u1@kiYoJAeO

11.2015-03-01_7

G Data

Gen:Application.Heur.5u1@kiYoJAeO

15.1.24

Malwarebytes

PUP.Optional.JollyWallet.A

v2015.01.03.08

McAfee

Artemis!B96D777A320D

5600.6896

MicroWorld eScan

Gen:Application.Heur.5u1@kiYoJAeO

16.0.0.9

NANO AntiVirus

Trojan.Win32.Crossrider.cvxobz

0.28.6.64267

Panda Antivirus

Generic Malware

15.01.03.08

Reason Heuristics

PUP.Crossrider.RadyoosMedia.CC

15.1.3.20

Sophos

Generic PUA BA

4.98

Trend Micro House Call

TROJ_GEN.R0C1C0OJN14

7.2.3

Trend Micro

TROJ_GEN.R0C1C0OJN14

10.465.03

VIPRE Antivirus

Crossrider

35958

Zillya! Antivirus

Backdoor.PePatch.Win32.43658

2.0.0.2012

File size:

915.4 KB (937,320 bytes)

Product version:

1000.1000.1000.1000

Original file name:

jollywallet.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\jollywallet\jollywallet-firefoxinstaller.exe

Digital Signature

Signed by:

Radyoos Media Ltd.

Authority:

VeriSign, Inc.

Valid from:

11/11/2013 7:00:00 PM

Valid to:

2/11/2016 6:59:59 PM

Subject:

CN=Radyoos Media Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Radyoos Media Ltd., L=Tel Aviv-Jaffa, S=Israel, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

06C470BB28DFF4919F7971031170309C

File PE Metadata

Compilation timestamp:

1/20/2014 8:24:20 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:C0/ZDibVoYKaQCvEwCRdllEGx8PkrM6f+L6EyrYaHE6T3kSIk0tryv3Vij6dwgp9:C0/Z+JLfcTRdllEGx8PO0yvU6TFT

Entry address:

0x99AE0

Entry point:

E8, 89, F1, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 57, 8B, 7B, 08, 33, 3D, 38, 31, 4E, 00, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8B, 07, 8D, 73, 10, 83, F8, FE, 74, 0D, 8B, 4F, 04, 03, CE, 33, 0C, 30, E8, 33, A3, FF, FF, 8B, 4F, 0C, 8B, 47, 08, 03, CE, 33, 0C, 30, E8, 23, A3, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, D0, 00, 00, 00, 89, 45, E8, 8B, 45, 10, 89, 45, EC, 8D, 45, E8, 89, 43, FC, 8B, 43, 0C, 89, 45, F8, 83, F8, FE, 0F, 84, EE, 00... 
[+]

Entropy:

6.5552

Code size:

746 KB (763,904 bytes)

The file jollywallet-firefoxinstaller.exe has been discovered within the following program.

JollyWallet by Radyoos Media Ltd.

Publisher's description - “JollyWallet is an online shopping tool that combines cash back, discounts and online coupons.”

www.jollywallet.com

76% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to update.srvstatsdata.com (69.16.175.42:80)

http://update.srvstatsdata.com/installer_updates/005799/update.json

TCP (HTTP):

Connects to stats.srvstatsdata.com (176.32.99.41:80)

TCP (HTTP):

Connects to app-static.crossrider.com (69.16.175.10:80)

Remove jollywallet-firefoxinstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.