pooface.exe

Ja

The application pooface.exe, “Ja Icon Management” has been detected as a potentially unwanted program by 9 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. While running, it connects to the Internet address lb-182-207.above.com on port 80 using the HTTP protocol.
Publisher:
Ja

Product:
Ja

Description:
Ja Icon Management

Version:
1.00.0013

MD5:
053d2bcd77f870feb217d8ebbf560795

SHA-1:
12bc66744581333258015ad353047ec76e7310d3

SHA-256:
2193a4f83a043b6608ca4bae1d7116561ba336b04a6070978a15aa5f958c1d7a

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
11/22/2024 9:51:04 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.148536
923

Avira AntiVirus
TR/Graftor.148536
7.11.163.164

Baidu Antivirus
Adware.Win32.Amonetize
4.0.3.14727

Bitdefender
Gen:Variant.Graftor.148536
1.0.20.1040

Emsisoft Anti-Malware
Gen:Variant.Graftor.148536
8.14.07.27.09

F-Secure
Gen:Variant.Graftor.148536
11.2014-27-07_1

G Data
Gen:Variant.Graftor.148536
14.7.24

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Amonetize
14.0.0.3498

MicroWorld eScan
Gen:Variant.Graftor.148536
15.0.0.624

File size:
48 KB (49,152 bytes)

Product version:
1.00.0013

Copyright:
JA

Original file name:
pooface.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\235559\pooface.exe

File PE Metadata
Compilation timestamp:
6/30/2014 12:58:24 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:4fNPXhzDiLAM8CiRJM6pmMx/Xx0Kfh8QXUzZX:4VPXhEr6pP4HzZX

Entry address:
0x15DC

Entry point:
68, 00, 24, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 38, 00, 00, 00, BB, 99, EC, 71, 52, B1, 5D, 4E, 97, B3, 10, 12, 82, BE, F9, BD, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 20, 26, 20, 43, 68, 72, 4A, 61, 49, 63, 6F, 6E, 00, 43, 49, 63, 6F, 6E, 20, 4D, 61, 6E, 61, 67, 65, 6D, 65, 6E, 74, 00, 00, 00, 00, 00, FF, CC, 31, 00, 02, 86, 54, 5F, E1, 1F, 88, 03, 4E, 9F, A7, 42, 8B, 93, 49, B6, 55, 7A, B3, 27, C4, 7B, 2F, B4, 41, B3, 0C, 43, DB, DC, 93, DE, D0, 3A, 4F, AD...
 
[+]

Entropy:
4.7574

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
36 KB (36,864 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to lb-182-207.above.com  (103.224.182.207:80)

Remove pooface.exe - Powered by Reason Core Security