jollywallet-helper.exe

Radyoos Media Ltd.

This web browser extension utilizes the Crossrider framework. The application jollywallet-helper.exe by Radyoos Media has been detected as adware by 9 anti-malware scanners. This file is typically installed with the program JollyWallet by Radyoos Media Ltd. which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address ssl.hwcdn.net on port 80 using the HTTP protocol.
Publisher:
Radyoos Media Ltd.  (signed and verified)

MD5:
5d7bbc95e8f6f3001c8962d5baaba07b

SHA-1:
eac8ffd0ad9051b4e80074f37d36128c42969ce7

SHA-256:
6a6a7dc7b4276936132d563cb2185210c41c1041be2dd7bc38c9c61ba6c31b90

Scanner detections:
9 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
12/25/2024 1:33:52 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Agent
7.1.1

Avira AntiVirus
Adware/CrossRider.A.16639
7.11.199.92

avast!
Win32:Crossrider-AI [PUP]
150101-1

Dr.Web
Adware.Siggen.31031
9.0.1.05190

G Data
Win32.Adware.Crossrider
15.1.24

NANO AntiVirus
Riskware.Win32.Siggen.ddjwsk
0.30.0.64448

Reason Heuristics
PUP.RadyoosMedia.S
15.1.3.20

VIPRE Antivirus
Threat.4789396
36340

Zillya! Antivirus
Adware.CroRi.Win32.384
2.0.0.2025

File size:
328.9 KB (336,744 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\jollywallet\jollywallet-helper.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
11/11/2013 7:00:00 PM

Valid to:
2/11/2016 6:59:59 PM

Subject:
CN=Radyoos Media Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Radyoos Media Ltd., L=Tel Aviv-Jaffa, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
06C470BB28DFF4919F7971031170309C

File PE Metadata
Compilation timestamp:
11/19/2013 11:15:34 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:6uHHA8BV1N0NIlxQZPdf8dD2rM1qhr5dp1YA98WOBsS5CHSRSbDt2zsNTBf3L+Cr:6udwIlZD81v98bLwbhNTBDzX2P+duQ

Entry address:
0x25134

Entry point:
E8, AE, B8, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 48, D6, 44, 00, E8, 46, 5B, 00, 00, E8, 31, 1D, 00, 00, 0F, B7, F0, 6A, 02, E8, 41, B8, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 42, 5B, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.4854

Code size:
240 KB (245,760 bytes)

The file jollywallet-helper.exe has been discovered within the following program.

JollyWallet  by Radyoos Media Ltd.
Publisher's description - “JollyWallet is an online shopping tool that combines cash back, discounts and online coupons.”
www.jollywallet.com
76% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to update.srvstatsdata.com  (69.16.175.42:80)

TCP (HTTP):
Connects to ssl.hwcdn.net  (205.185.208.11:80)

TCP (HTTP):
Connects to errors.srvstatsdata.com  (208.85.150.249:80)

TCP (HTTP):
Connects to app-static.crossrider.com  (69.16.175.10:80)

Remove jollywallet-helper.exe - Powered by Reason Core Security