» jondosetup.paf.exe
Overview
Analysis
File Details

jondosetup.paf.exe

JonDo

JonDos GmbH

The application jondosetup.paf.exe by JonDos GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Nullsoft Install System installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.

File name:

jondosetup.paf.exe

Publisher:

JonDos GmbH (signed and verified)

Product:

JonDo

Description:

JonDo Setup

Version:

00.16.006

MD5:

055eff4015ce7074cd715339c8789b64

SHA-1:

1ce18a903286efb8014ad6609ab1253f3dad8ef8

SHA-256:

d88df28d6e0baf3c72b881bad10882b1940522f216a93273672e19dff1949ac4

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the Solimba installer to bundle adware offers.

Analysis date:

12/27/2024 5:07:26 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Solimba.Bundler.Installer.Meta (M)

16.2.20.5

File size:

49.1 MB (51,508,280 bytes)

Product version:

00.16.006

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\jondosetup.paf.exe

Digital Signature

Signed by:

JonDos GmbH

Authority:

The USERTRUST Network

Valid from:

10/20/2008 2:00:00 AM

Valid to:

10/21/2011 1:59:59 AM

Subject:

CN=JonDos GmbH, O=JonDos GmbH, STREET=Bruderwöhrdstraße 15b, L=Regensburg, S=Bavaria, PostalCode=93055, C=DE

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

00A1926994BF51B5E4F74CEDE7C13CF77D

File PE Metadata

Compilation timestamp:

6/20/2011 2:23:14 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.21

CTPH (ssdeep):

786432:KzTBaWb2APjQsxvxJHIiEVr3lvhl+t0tNa9a7rOG/lwV62FcplsZl+a3g:US+jQs5HIiE3lvhca3JU62CSZLg

Entry address:

0x4323

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 83, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 84, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 84, 42, 00, 56, A3, 40, 6B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 6B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 84, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Code size:

34.5 KB (35,328 bytes)

Remove jondosetup.paf.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.