home

juggernautclient.exe

Клиент игры Джаггернаут, версия 1.3.91

LLC Mail.Ru

The executable juggernautclient.exe has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address cache.google.com on port 80 using the HTTP protocol.
Publisher:
LLC Mail.Ru  (signed and verified)

Product:
Клиент игры Джаггернаут, версия 1.3.91

Version:
1.3.0.91

MD5:
b14288628fcce4a3fb05e9740179ee8e

SHA-1:
ef157c134912f1b11cf114d3f1ce9b9805dd515a

SHA-256:
4cb2c6ed57889bdc95479448f4a6ae9d17ed23e0bb9e85e868bdb994a30180bb

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/27/2024 8:45:11 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.2.4.11

File size:
4.4 MB (4,579,480 bytes)

Product version:
1.3.0.91

Copyright:
Copyright (C) 2012 LLC Mail.Ru

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
LLC Mail.Ru

Authority:
Thawte, Inc.

Valid from:
12/9/2011 6:00:00 AM

Valid to:
2/7/2014 5:59:59 AM

Subject:
CN=LLC Mail.Ru, O=LLC Mail.Ru, L=Moscow, S=Moscow, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
1C09DBBC732D4B58F7A88EBACF323417

File PE Metadata
Compilation timestamp:
9/4/2012 4:54:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:7E0kDSR+iEwYNDKq1je67x9Q53TOwvzT1n+vXLxk7f8FVlJlyz8sL32GUjtK1:7E0qwYNDKq1je67fGNT1nIkj8FVlWQtg

Entry address:
0x1E60A0

Entry point:
55, 8B, EC, 83, C4, F0, B8, C4, 3F, 5D, 00, E8, 84, 52, E2, FF, B8, 70, EA, 5C, 00, 8B, 15, AC, F4, 5E, 00, 89, 02, A1, 34, E9, 5C, 00, E8, C9, CB, FE, FF, E8, 70, 09, E2, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.9 MB (1,986,048 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to jugger0.ext.terrhq.ru  (188.93.63.51:80)

TCP (HTTP SSL):
Connects to www.my.mail.ru  (94.100.180.39:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-waw1.fbcdn.net  (31.13.81.13:443)

TCP (HTTP SSL):
Connects to ip159.156.odnoklassniki.ru  (217.20.156.159:443)

TCP (HTTP):
Connects to a23-43-139-27.deploy.static.akamaitechnologies.com  (23.43.139.27:80)

TCP (HTTP SSL):
Connects to 2link9.ext.terrhq.ru  (178.22.89.57:443)

TCP (HTTP SSL):
Connects to top-fwz1.mail.ru  (217.69.136.176:443)

TCP (HTTP SSL):
Connects to tango.p.mail.ru  (217.69.143.37:443)

TCP (HTTP SSL):
Connects to rfko.r.smailru.net  (217.69.139.42:443)

TCP (HTTP):
Connects to jugger1.ext.terrhq.ru  (188.93.63.172:80)

TCP (HTTP SSL):
Connects to ip5.23.odnoklassniki.ru  (5.61.23.5:443)

TCP (HTTP SSL):
Connects to host207.rax.ru  (88.212.201.207:443)

TCP (HTTP):
Connects to cache.google.com  (195.12.176.118:80)

TCP (HTTP SSL):
Connects to topf8.l.smailru.net  (217.69.133.145:443)

TCP (HTTP SSL):
Connects to rfbo2.r.smailru.net  (94.100.180.76:443)

TCP (HTTP SSL):
Connects to host03.rax.ru  (88.212.196.103:443)

TCP (HTTP):
Connects to gmru1.games.mail.ru  (178.22.88.129:80)

TCP (HTTP):
Connects to ch4plpkivs-v03.any.prod.ord1.secureserver.net  (50.63.243.230:80)

TCP (HTTP):
Connects to a23-52-27-27.deploy.static.akamaitechnologies.com  (23.52.27.27:80)

Remove juggernautclient.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.