xnjbyfai.exe

News Alert

Mathematical Applications

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The application xnjbyfai.exe, “BreakingNewsAlert Service” by Mathematical Applications has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “XNjbyfai”.
Publisher:
Mathematical Applications  (signed and verified)

Product:
News Alert

Description:
BreakingNewsAlert Service

Version:
1.0.0.0

MD5:
726217c32c09152a7194e3fd9d4da6bc

SHA-1:
d1b370f575d01c9de7129b5c7393d27f580796eb

SHA-256:
49c3e8c9c782263e5e906cd78383e590675b6b2653b906abdca64f668e56073f

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
12/25/2024 4:48:29 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt (M)
16.10.24.2

File size:
2.6 MB (2,734,864 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Mathematical Applications 2015

Original file name:
BreakingNewsAlertService.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\jpfayhmsse\xnjbyfai.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
10/27/2014 1:00:00 AM

Valid to:
10/28/2015 12:59:59 AM

Subject:
CN=Mathematical Applications, O=Mathematical Applications, L=St. James, S=St. James, C=BB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
79F6406432970C77D2FA7772E5EB6BDC

File PE Metadata
Compilation timestamp:
2/8/2015 5:10:45 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:U10H/xcm7J/0Vt69Jw+Md7gv3Un87LwTKMzT+8NHAI3UFDOTZQEGWYHE:K0H/F/o6bw+yH8wTKMziIc6Nz

Entry address:
0x29B56E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.6 MB (2,725,376 bytes)

Service
Display name:
XNjbyfai

Type:
Win32OwnProcess

Depends on:
Winmgmt CryptSvc


Remove xnjbyfai.exe - Powered by Reason Core Security