ojsbujpimv.exe

News Alert

Mathematical Applications

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The application ojsbujpimv.exe, “BreakingNewsAlert” by Mathematical Applications has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Mathematical Applications  (signed and verified)

Product:
News Alert

Description:
BreakingNewsAlert

Version:
1.0.0.0

MD5:
e906208e9b48c69bdf9fecf1f43b645a

SHA-1:
b81d47c23d29d9824f55645687d3e992d1463f26

SHA-256:
2b57071407f1edf8d2eb601bee0ec110562d59ccc45d58dc8b2054452e359a21

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
12/25/2024 4:37:32 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt (M)
16.10.24.2

File size:
47.3 KB (48,400 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Mathematical Applications 2015

Original file name:
BreakingNewsAlert.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\jpfayhmsse\dat\ojsbujpimv.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
10/27/2014 1:00:00 AM

Valid to:
10/28/2015 12:59:59 AM

Subject:
CN=Mathematical Applications, O=Mathematical Applications, L=St. James, S=St. James, C=BB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
79F6406432970C77D2FA7772E5EB6BDC

File PE Metadata
Compilation timestamp:
2/8/2015 5:09:47 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:z1aEomrJR6goVbxDVgK1npI2ycE4nOO8T4Tfmv/8v3Y6uBYje:zEEoAR3oVFV1CdWWTImvG3Y6wR

Entry address:
0xB84E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
38.5 KB (39,424 bytes)

Remove ojsbujpimv.exe - Powered by Reason Core Security