» jollywallet_01072013.exe
Overview
Analysis
File Details
Downloads (1)

jollywallet_01072013.exe

Radyoos Media Ltd.

The application jollywallet_01072013.exe, “JollyWallet Installer” by Radyoos Media has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from dl-2.kbm2.com.

File name:

Publisher:

JollyWallet (signed by Radyoos Media Ltd.)

Product:

JollyWallet

Description:

JollyWallet Installer

Version:

1.26.151.151

MD5:

5bd84f61cb715edb713cff51ec4a9585

SHA-1:

75ff4ffb8a7cd0be9de17a3a93e88408b5b4da91

SHA-256:

dbe5c7bb451145e29e8205cc4ac7b1446ba5f2e4edee17dca84bb5506fc61adf

Scanner detections:

7 / 68

Status:

Adware

Analysis date:

11/14/2024 2:03:20 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Crossrider-B [PUP]

2014.9-141008

Comodo Security

Heur.Suspicious

16056

Dr.Web

Adware.Plugin.22

9.0.1.0281

Emsisoft Anti-Malware

Packed.Win32.ScrambleWrapper.AMN

8.14.10.08.02

ESET NOD32

Win32/Packed.ScrambleWrapper

8.8266

Reason Heuristics

PUP.Installer.RadyoosMedia.U

14.10.8.14

Trend Micro House Call

TROJ_GEN.F47V0114

7.2.281

File size:

2.5 MB (2,662,840 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\jollywallet_01072013.exe

Digital Signature

Signed by:

Radyoos Media Ltd.

Authority:

VeriSign, Inc.

Valid from:

12/23/2012 7:00:00 PM

Valid to:

12/24/2013 6:59:59 PM

Subject:

CN=Radyoos Media Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Radyoos Media Ltd., L=Tel Aviv-Jaffa, S=Israel, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

49AC6CD3FC56DEFFDF28CC3D8009CFD8

File PE Metadata

Compilation timestamp:

1/5/2010 7:09:32 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

49152:CfBvWJcIJ37j8cMultuesKX9c2PiQ8QMRJiy71Dvlh/Nn/7X7TK59qLkcqVN:zJTJLbu/KX9c2PiDhnj3h/F/2599VN

Entry address:

0x4044

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, E8, 97, 52, 00, 00, C7, 04, 24, 01, 80, 00, 00, E8, 43, 4F, 00, 00, 56, C7, 04, 24, 00, 00, 00, 00, E8, A6, 52, 00, 00, A3, 88, 5C, 42, 00, 53, C7, 04, 24, 08, 00, 00, 00, E8, 26, 32, 00, 00, A3, 38, 5D, 42, 00, 8D, 85, 84, FE, FF, FF, 51, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A4, B2, 40, 00, E8, D0, 51, 00, 00, 83, EC, 14, C7, 44, 24, 04, A5, B2, 40, 00, C7, 04, 24, 68, 5D... 
[+]

Entropy:

7.9891 (probably packed)

Code size:

33 KB (33,792 bytes)

The file jollywallet_01072013.exe has been seen being distributed by the following URL.

http://dl-2.kbm2.com/Download/.../JollyWallet_01072013.exe

Remove jollywallet_01072013.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.