home

setup_20131118.exe

Jet Applications

The application setup_20131118.exe by Jet Applications has been detected as adware by 3 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from d1t653m828c3x8.cloudfront.net and multiple other hosts.
Publisher:
Jet Applications  (signed and verified)

MD5:
8d29e4b6a85d33116faf04249206506a

SHA-1:
8f095b22ceb9a8b7cb5ea2e21c818fd01099a397

SHA-256:
89c969a0f4a7fa9b17f1321f2ff87f60f80e238a5b32bcfb6bd2ef7c0f685c8d

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
11/27/2024 2:54:14 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Plugin.127
9.0.1.0356

Reason Heuristics
PUP.Installer.JetApplications.O
14.8.15.13

VIPRE Antivirus
Wordextra
24594

File size:
1.5 MB (1,520,576 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Local settings\temporary internet files\content.ie5\{random}\setup_20131118.exe

Digital Signature
Signed by:
Jet Applications

Authority:
DigiCert Inc

Valid from:
7/15/2013 6:00:00 PM

Valid to:
7/21/2014 6:00:00 AM

Subject:
CN=Jet Applications, O=Jet Applications, L=New York, S=New York, C=US

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
01136EE337BD9B637D7DE58891BA39D8

File PE Metadata
Compilation timestamp:
2/19/2012 8:01:57 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
24576:zBPiwXE252KJoOEFHO3a6wolAzwmnhXOdXMXXZgm9yWow52KJoO9srHMrA6aoAA5:zTd2fOEFu3/jlVsh+xM5gNi2fOersrlv

Entry address:
0x4131

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 43, 43, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 44, 43, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 44, 43, 00, 56, A3, F4, 27, 43, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8B, 3B, 00, 00, A3, 50, 28, 43, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A9, B2, 40, 00, FF, 15, AC, 44, 43, 00, 83, EC, 14, C7, 44, 24, 04, AA, B2, 40, 00, C7...
 
[+]

Entropy:
7.9833  (probably packed)

Code size:
33.5 KB (34,304 bytes)

The file setup_20131118.exe has been seen being distributed by the following 2 URLs.

http://d1t653m828c3x8.cloudfront.net/bundles/.../Setup_20131118.exe

http://d3emsmln8xfj03.cloudfront.net/bundles/.../Setup_20131118.exe

Remove setup_20131118.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.