jump v2.exe

The executable jump v2.exe has been detected as malware by 10 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from fs04n5.sendspace.com.
MD5:
c1b32b928d43a3bc6ba0045c3e31b027

SHA-1:
c7dbe69b2d248fdfc54c2be1a5074ec7e070e773

SHA-256:
a2c76547e02faf5afbcbad7c66ff4ff588d928796410747da0bc54ef54cd27f5

Scanner detections:
10 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
12/27/2024 9:13:26 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:RmnDrp
160503-1

AVG
Win32/Ramnit.A
2015.0.4568

Dr.Web
Win32.Rmnet
9.0.1.05190

Emsisoft Anti-Malware
Win32.Ramnit
16.05.24

ESET NOD32
Win32/Ramnit.A virus
8.0.319.0

F-Prot
W32/Ramnit.B!Generic
4.6.5.141

F-Secure
Win32.Ramnit
5.15.96

McAfee
Virus.W32/Ramnit.a
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.221.397.0

Norman
Win32.Ramnit
19.05.2016 05:17:13

File size:
3.7 MB (3,839,488 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\jump v2.exe

File PE Metadata
Compilation timestamp:
6/28/2013 7:45:44 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:xG5EUmyEtRWDjw/BnIohM5cxL/7o1kjhFxi8RY42OfNkn:A5EzywRWvanv1xL/7o1KcJ422

Entry address:
0x391000

Entry point:
60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, 32, 6F, 01, 20, 2B, 85, 50, 72, 01, 20, 89, 85, 4C, 72, 01, 20, B0, 00, 86, 85, 9E, 74, 01, 20, 3C, 01, 0F, 85, DE, 02, 00, 00, 8B, 85, 4C, 72, 01, 20, 2B, 85, 58, 72, 01, 20, 8B, 00, 89, 85, EA, 73, 01, 20, 8B, 85, 4C, 72, 01, 20, 2B, 85, 5C, 72, 01, 20, 8B, 00, 89, 85, F2, 73, 01, 20, 83, BD, F2, 73, 01, 20, 00, 0F, 84, A9, 02, 00, 00, 83, BD, EA, 73, 01, 20, 00, 0F, 84, 9C, 02, 00, 00, 8D, 85, 8D, 74, 01, 20, 50, FF, 95, EA, 73, 01, 20, 83, F8, 00, 0F, 84, 86...
 
[+]

Entropy:
7.9627

Packer / compiler:
ASPack v1.08.04

Code size:
35.5 KB (36,352 bytes)

The file jump v2.exe has been seen being distributed by the following URL.

Remove jump v2.exe - Powered by Reason Core Security