» jue3dd9.exe
Overview
Analysis
File Details
Downloads (1)
Network (3)

jue3dd9.exe

Installer

The application jue3dd9.exe has been detected as a potentially unwanted program by 25 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from shooky-26-05-2015.s3-website-us-east-1.amazonaws.com. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

jue3dd9.exe

Product:

Installer

Description:

Installer-H

Version:

1.0.0.0

MD5:

26b0da92d8a6f4082dc2bb9669c3700c

SHA-1:

9b427abe88f5991ca5fa39afb5f671faaf364306

SHA-256:

b30cf99ab59616f59cae58b8d789a08dc87dcb711780f01bc9f72b6b4d07602c

Scanner detections:

25 / 68

Status:

Potentially unwanted

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

12/26/2024 1:24:54 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.607544

622

Agnitum Outpost

PUA.Agent

7.1.1

AhnLab V3 Security

Adware/Win32.Imali

2015.05.24

Avira AntiVirus

TR/Dropper.MSIL.Gen

8.3.1.6

avast!

Win32:GenMaliciousA-FRH [Adw]

2014.9-150524

AVG

Downloader

2016.0.3100

Baidu Antivirus

Adware.MSIL.Imali

4.0.3.15524

Bitdefender

Gen:Variant.Kazy.607544

1.0.20.720

Comodo Security

ApplicUnwnt

22228

Dr.Web

Trojan.Crossrider1.31615

9.0.1.0144

Emsisoft Anti-Malware

Gen:Variant.Kazy.607544

8.15.05.24.11

ESET NOD32

MSIL/Adware.Imali (variant)

9.11675

Fortinet FortiGate

Adware/Imali

5/24/2015

F-Secure

Gen:Variant.Kazy.607544

11.2015-24-05_1

G Data

Gen:Variant.Kazy.607544

15.5.25

K7 AntiVirus

Adware

13.204.16011

Kaspersky

not-a-virus:AdWare.MSIL.Agent

14.0.0.1993

McAfee

Artemis!26B0DA92D8A6

5600.6756

MicroWorld eScan

Gen:Variant.Kazy.607544

16.0.0.432

NANO AntiVirus

Riskware.Win32.Imali.drxbdq

0.30.24.1636

Panda Antivirus

Trj/CI.A

15.05.24.11

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1015

Sophos

Offer Installer

4.98

Trend Micro House Call

TROJ_GEN.R047H07EK15

7.2.144

VIPRE Antivirus

Adware.MSIL.Agent

40500

File size:

2.9 MB (2,998,272 bytes)

Product version:

1.0.0.0

Original file name:

FinalInstaller_dotnet2.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\jue3dd9.exe

File PE Metadata

Compilation timestamp:

5/20/2015 8:17:40 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:bt2pfNhlIleZOqgFounxPwUMwuBu+wCmouqYTgpSkqyE13TIy96eBjMxXSEhZbgg:gbZFUAMgmjjTySlH4eBjMxXRhCs22v

Entry address:

0x2D1ECE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

2.8 MB (2,949,120 bytes)

The file jue3dd9.exe has been seen being distributed by the following URL.

http://shooky-26-05-2015.s3-website-us-east-1.amazonaws.com/FinalInstaller_dotnet2.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

TCP (HTTP):

Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com (54.221.252.69:80)

Remove jue3dd9.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.