jvsc.exe

The application jvsc.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from secure.seawavecdn.com and multiple other hosts.
MD5:
0c70c7e65d110de63764c18da55df494

SHA-1:
40894f7bccb8fac51704f46c9e60c219818bbfd4

SHA-256:
de16d77920e93c5662375d8fd1a1b16ba6d6c3f4451145af808a80a8bc054e7e

Scanner detections:
14 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
12/25/2024 12:32:59 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
NSIS:InstMonetizer-AR [PUP]
2014.9-140517

Baidu Antivirus
Adware.Win32.InstallMonetizer
4.0.3.14517

Comodo Security
Application.Win32.InstallMonetizer.~A
18166

Dr.Web
Adware.Downware.918
9.0.1.0137

ESET NOD32
Win32/InstallMonetizer.AT
8.9723

K7 AntiVirus
Trojan
13.176.11888

Kaspersky
not-a-virus:Downloader.NSIS.Agent
14.0.0.3851

Malwarebytes
PUP.Optional.InstallMonetizer.A
v2014.05.17.08

McAfee
Artemis!0C70C7E65D11
5600.7127

NANO AntiVirus
Riskware.Nsis.Downware.cvzsgq
0.28.0.59492

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.14515

Sophos
AppMonetizer Installer
4.98

Trend Micro House Call
TROJ_GEN.R002H07DB14
7.2.137

VIPRE Antivirus
InstallMonetizer
28602

File size:
270 KB (276,510 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\jvsc.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:ne34MP4vR7pJ59EuWn3Zyt5q2pd5A8Wwtf0pVSUfQg:QM7pB0JybJd5A8yZQg

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.7356

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file jvsc.exe has been seen being distributed by the following 4 URLs.

http://secure.seawavecdn.com/nsi/.../TraySkins_v2_5047.exe

http://www.ntdlzone.com/download.php?lHmBdw==

Remove jvsc.exe - Powered by Reason Core Security