» njax.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

njax.exe

NINJASOFT LLC

The application njax.exe by NINJASOFT has been detected as adware by 13 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “NJax”. While running, it connects to the Internet address ip67.ip-198-50-225.net on port 80 using the HTTP protocol.

File name:

njax.exe

Publisher:

NINJASOFT LLC (signed and verified)

MD5:

4b20907ce23537d3cac5901ea3a236d2

SHA-1:

9becf6a793563693bcd98b22d863db55e43abdb0

SHA-256:

051f18a0bba6530d56913c78fb8442098ff77e17a7b36cf1bc728cc9da9ea6a5

Scanner detections:

13 / 68

Status:

Adware

Analysis date:

4/12/2025 11:45:53 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Generic.1174424

683

Avira AntiVirus

Adware/BrAppWare.461984

7.11.218.184

avast!

Win32:Adware-gen [Adw]

2014.9-150324

Bitdefender

Application.Generic.1174424

1.0.20.415

Comodo Security

ApplicUnwnt

21475

ESET NOD32

Win32/Adware.BrAppWare (variant)

9.11351

F-Secure

Application.Generic.1174424

11.2015-24-03_3

G Data

Application.Generic.1174424

15.3.25

IKARUS anti.virus

PUA.BrAppWare

t3scan.1.8.6.0

K7 AntiVirus

Adware

13.202.15326

MicroWorld eScan

Application.Generic.1174424

16.0.0.249

Reason Heuristics

PUP.Service.BR Software

15.4.2.1

Rising Antivirus

PE:AdWare.Win32.BrAppWare.b!1075356804

23.00.65.15322

File size:

433.1 KB (443,480 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\njax\njax.exe

Digital Signature

Signed by:

NINJASOFT LLC

Authority:

Starfield Technologies, Inc.

Valid from:

10/3/2014 2:43:01 AM

Valid to:

10/2/2015 8:10:47 PM

Subject:

CN=NINJASOFT LLC, O=NINJASOFT LLC, L=Lewes, S=Delaware, C=US

Issuer:

SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

27811F75D46CBB

File PE Metadata

Compilation timestamp:

6/19/1992 11:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:J/G5VpkQlN/tPk3VcMgoFpdBZ/MQoF4QTV6Ztw:J+wmzk3VcnClGbVB

Entry address:

0x5A88C

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, 5C, A6, 45, 00, E8, 7F, B6, FA, FF, A1, A4, C1, 45, 00, 8B, 00, 8B, 10, FF, 52, 34, 8B, 0D, D4, C2, 45, 00, A1, A4, C1, 45, 00, 8B, 00, 8B, 15, 08, 97, 45, 00, 8B, 18, FF, 53, 30, A1, A4, C1, 45, 00, 8B, 00, 8B, 10, FF, 52, 38, 5B, E8, A5, 96, FA, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

358.5 KB (367,104 bytes)

Service

Display name:

NJax

Type:

Win32OwnProcess

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to ip67.ip-198-50-225.net (198.50.225.67:80)

Remove njax.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.