jollywallet-firefoxinstaller.exe

Radyoos Media Ltd.

The application jollywallet-firefoxinstaller.exe by Radyoos Media has been detected as adware by 7 anti-malware scanners. This file is typically installed with the program JollyWallet by Radyoos Media Ltd. which is a potentially unwanted software program. The Firefox Installer is part of the Crossrider toolbar platform and is designed to install the Crossrider plugin within Mozilla Firefox. It will also manage the Firefox SQLite connectivity. While running, it connects to the Internet address tlb.hwcdn.net on port 80 using the HTTP protocol.
Publisher:
jollywallet  (signed by Radyoos Media Ltd.)

Product:
jollywallet

Description:
jollywallet exe

Version:
1000.1000.1000.1000

MD5:
dbf0a70108e7352eb8a14447d7f8ac9e

SHA-1:
89fa3865b3fd8fcee7f2be2d6f433556e0f551b8

SHA-256:
0e32b2aaaa3ec2a1c2ed613935edd9353b808d21b68a83dc6005a501bea4abe6

Scanner detections:
7 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. It will download and install the extension for Firefox.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Radyoos Media Ltd..

Analysis date:
12/25/2024 12:50:35 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/CrossRider.Gen2
7.11.175.218

avast!
Win32:RadyoosMedia-A [PUP]
140929-0

ESET NOD32
Win32/Toolbar.CrossRider.AV (variant)
8.10490

Malwarebytes
PUP.Optional.JollyWallet.A
v2014.09.30.11

Panda Antivirus
Trj/Genetic.gen
14.09.30.11

Reason Heuristics
PUP.Crossrider.RadyoosMedia.CC
14.9.30.22

VIPRE Antivirus
Threat.4789396
33120

File size:
1.5 MB (1,584,488 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
jollywallet.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\jollywallet\jollywallet-firefoxinstaller.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
11/12/2013 9:00:00 AM

Valid to:
2/12/2016 8:59:59 AM

Subject:
CN=Radyoos Media Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Radyoos Media Ltd., L=Tel Aviv-Jaffa, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
06C470BB28DFF4919F7971031170309C

File PE Metadata
Compilation timestamp:
9/11/2014 8:04:11 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:TP29TavX/265eJ2HHFLi2kHiWUFotpSOjT5q:TulavZMJ2HNXkHOV

Entry address:
0xFE020

Entry point:
E8, B2, 00, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, E5, 01, 01, 00, 3B, 30, 7C, 07, E8, DC, 01, 01, 00, 8B, 30, E8, CF, 01, 01, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, FB, 5D, 00, 00, 8B, F0, 85, F6, 75, 07, B8, F0, E5, 55, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 7E, 31, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, F0, E5, 55, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, 57, ED...
 
[+]

Entropy:
6.6196

Code size:
1.1 MB (1,187,328 bytes)

The file jollywallet-firefoxinstaller.exe has been discovered within the following program.

JollyWallet  by Radyoos Media Ltd.
Publisher's description - “JollyWallet is an online shopping tool that combines cash back, discounts and online coupons.”
www.jollywallet.com
76% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.42:80)

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

Remove jollywallet-firefoxinstaller.exe - Powered by Reason Core Security