File name:

jingling.exe

Full analysis: https://app.any.run/tasks/1ca5a6a0-616a-487e-9ac1-8b72981422fc
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: March 17, 2021, 18:20:27
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
sogou
opendir
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

2B7809C589A059C4BB04B8F582F267E7

SHA1:

50242F6001B0EE7ED81A625D9969ECFFC929F72E

SHA256:

33ABC58DDA281C7D56EC6A2BC44E542B15E634BA36837498F74F8BA913904132

SSDEEP:

12288:oIKYprEdfh8HrHA9BzvWeDorIp41VeNPR6TUgunF5SV60R10n2:ozfh8HrHALzvZ+IWqETJunF5SV6Vn2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • jingling.exe (PID: 2152)

    • Connects to CnC server

      • jingling.exe (PID: 2152)

    • Changes settings of System certificates

      • jingling.exe (PID: 3132)
      • jingling.exe (PID: 2400)
      • jingling.exe (PID: 3416)
      • jingling.exe (PID: 3496)
      • jingling.exe (PID: 2384)
      • jingling.exe (PID: 664)
      • jingling.exe (PID: 2892)
      • jingling.exe (PID: 5904)

  • SUSPICIOUS

    • Creates files in the user directory

      • jingling.exe (PID: 2152)

    • Changes IE settings (feature browser emulation)

      • jingling.exe (PID: 2152)

    • Adds / modifies Windows certificates

      • jingling.exe (PID: 3132)
      • jingling.exe (PID: 2400)
      • jingling.exe (PID: 3416)
      • jingling.exe (PID: 2384)
      • jingling.exe (PID: 664)
      • jingling.exe (PID: 3496)
      • jingling.exe (PID: 5904)
      • jingling.exe (PID: 2892)

    • Reads internet explorer settings

      • jingling.exe (PID: 2400)
      • jingling.exe (PID: 3496)
      • jingling.exe (PID: 2384)
      • jingling.exe (PID: 3416)
      • jingling.exe (PID: 2152)
      • jingling.exe (PID: 664)
      • jingling.exe (PID: 3132)
      • jingling.exe (PID: 5904)
      • jingling.exe (PID: 2892)

    • Application launched itself

      • jingling.exe (PID: 2152)

    • Executed via COM

      • iexplore.exe (PID: 4728)
      • iexplore.exe (PID: 2292)

  • INFO

    • Dropped object may contain Bitcoin addresses

      • jingling.exe (PID: 2400)
      • jingling.exe (PID: 664)
      • jingling.exe (PID: 3416)
      • jingling.exe (PID: 3496)
      • jingling.exe (PID: 2384)
      • jingling.exe (PID: 3132)
      • jingling.exe (PID: 5904)
      • jingling.exe (PID: 2892)

    • Reads settings of System Certificates

      • jingling.exe (PID: 3416)
      • jingling.exe (PID: 2384)
      • jingling.exe (PID: 2400)
      • iexplore.exe (PID: 2292)
      • iexplore.exe (PID: 4728)
      • jingling.exe (PID: 5904)
      • jingling.exe (PID: 2892)

    • Application launched itself

      • iexplore.exe (PID: 2292)
      • iexplore.exe (PID: 4728)

    • Changes internet zones settings

      • iexplore.exe (PID: 2292)
      • iexplore.exe (PID: 4728)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2292)
      • iexplore.exe (PID: 4728)
      • iexplore.exe (PID: 5824)
      • iexplore.exe (PID: 2744)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 4728)
      • iexplore.exe (PID: 2744)
      • iexplore.exe (PID: 2292)
      • iexplore.exe (PID: 5824)

    • Creates files in the user directory

      • iexplore.exe (PID: 2292)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (35.8)
.exe | Win64 Executable (generic) (31.7)
.scr | Windows screen saver (15)
.dll | Win32 Dynamic Link Library (generic) (7.5)
.exe | Win32 Executable (generic) (5.1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:03:20 06:49:16+01:00
PEType: PE32
LinkerVersion: 8
CodeSize: 441344
InitializedDataSize: 190976
UninitializedDataSize: -
EntryPoint: 0x4ede6
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2016.3.20.103
ProductVersionNumber: 4.1.2.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: Chinese (Simplified)
CharacterSet: Unicode
Comments: 流量精灵(1097)
CompanyName: 精灵软件
FileDescription: 流量精灵
FileVersion: 2016.3.20.103
InternalName: jingling.exe
LegalCopyright: Copyright 2012 Spiritsoft All Rights Reserved.
OriginalFileName: jingling.exe
ProductName: 流量精灵
ProductVersion: 4.1.2.1

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 20-Mar-2016 05:49:16
Detected languages:
  • Chinese - PRC
  • English - United States
Debug artifacts:
  • d:\Code\urlsoft\trunk\product\win32\urlcore4.pdb
Comments: 流量精灵(1097)
CompanyName: 精灵软件
FileDescription: 流量精灵
FileVersion: 2016.3.20.103
InternalName: jingling.exe
LegalCopyright: Copyright 2012 Spiritsoft All Rights Reserved.
OriginalFilename: jingling.exe
ProductName: 流量精灵
ProductVersion: 4.1.2.1

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x000000F0

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 4
Time date stamp: 20-Mar-2016 05:49:16
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_RELOCS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
0x00001000
0x0006BBB9
0x0006BC00
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.65535
.rdata
0x0006D000
0x0001B9EA
0x0001BA00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
5.25376
.data
0x00089000
0x00007844
0x00003600
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
4.41138
.rsrc
0x00091000
0x0000F804
0x0000FA00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
5.43298

Resources

Title
Entropy
Size
Codepage
Language
Type
1
5.01314
453
Latin 1 / Western European
English - United States
RT_MANIFEST
2
3.97532
2440
Latin 1 / Western European
Chinese - PRC
RT_ICON
3
3.77779
4264
Latin 1 / Western European
Chinese - PRC
RT_ICON
4
3.71653
9640
Latin 1 / Western European
Chinese - PRC
RT_ICON
9
6.25642
502
Latin 1 / Western European
Chinese - PRC
RT_STRING
10
6.15346
866
Latin 1 / Western European
Chinese - PRC
RT_STRING
128
2.62308
62
Latin 1 / Western European
Chinese - PRC
RT_GROUP_ICON
129
3.51253
530
Latin 1 / Western European
Chinese - PRC
RT_DIALOG
149
4.87878
28118
Latin 1 / Western European
Chinese - PRC
RT_BITMAP
202
4.51029
580
Latin 1 / Western European
Chinese - PRC
RT_DIALOG

Imports

ADVAPI32.dll
COMCTL32.dll
GDI32.dll
KERNEL32.dll
OLEAUT32.dll
PSAPI.DLL
RASAPI32.dll
SHELL32.dll
SHLWAPI.dll
USER32.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
53
Monitored processes
15
Malicious processes
9
Suspicious processes
0

Behavior graph

Click at the process to see the details
start jingling.exe jingling.exe jingling.exe jingling.exe jingling.exe jingling.exe jingling.exe iexplore.exe iexplore.exe iexplore.exe no specs iexplore.exe jingling.exe iexplore.exe iexplore.exe no specs jingling.exe

Process information

PID
CMD
Path
Indicators
Parent process
664"C:\Users\admin\AppData\Local\Temp\jingling.exe" /idx=50C:\Users\admin\AppData\Local\Temp\jingling.exe
jingling.exe
User:
admin
Company:
精灵软件
Integrity Level:
MEDIUM
Description:
流量精灵
Exit code:
3221225477
Version:
2016.3.20.103
Modules
Images
c:\users\admin\appdata\local\temp\jingling.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
2152"C:\Users\admin\AppData\Local\Temp\jingling.exe" C:\Users\admin\AppData\Local\Temp\jingling.exe
explorer.exe
User:
admin
Company:
精灵软件
Integrity Level:
MEDIUM
Description:
流量精灵
Exit code:
0
Version:
2016.3.20.103
Modules
Images
c:\users\admin\appdata\local\temp\jingling.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
2292"C:\Program Files\Internet Explorer\iexplore.exe" -startmediumtab -EmbeddingC:\Program Files\Internet Explorer\iexplore.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2384"C:\Users\admin\AppData\Local\Temp\jingling.exe" /idx=30C:\Users\admin\AppData\Local\Temp\jingling.exe
jingling.exe
User:
admin
Company:
精灵软件
Integrity Level:
MEDIUM
Description:
流量精灵
Exit code:
88
Version:
2016.3.20.103
Modules
Images
c:\users\admin\appdata\local\temp\jingling.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
2400"C:\Users\admin\AppData\Local\Temp\jingling.exe" /idx=0C:\Users\admin\AppData\Local\Temp\jingling.exe
jingling.exe
User:
admin
Company:
精灵软件
Integrity Level:
MEDIUM
Description:
流量精灵
Exit code:
88
Version:
2016.3.20.103
Modules
Images
c:\users\admin\appdata\local\temp\jingling.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
2540"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2292 CREDAT:333058 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
3221225794
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2744"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2292 CREDAT:144385 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2892"C:\Users\admin\AppData\Local\Temp\jingling.exe" /idx=30C:\Users\admin\AppData\Local\Temp\jingling.exe
jingling.exe
User:
admin
Company:
精灵软件
Integrity Level:
MEDIUM
Description:
流量精灵
Exit code:
0
Version:
2016.3.20.103
Modules
Images
c:\users\admin\appdata\local\temp\jingling.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
3132"C:\Users\admin\AppData\Local\Temp\jingling.exe" /idx=20C:\Users\admin\AppData\Local\Temp\jingling.exe
jingling.exe
User:
admin
Company:
精灵软件
Integrity Level:
MEDIUM
Description:
流量精灵
Exit code:
0
Version:
2016.3.20.103
Modules
Images
c:\users\admin\appdata\local\temp\jingling.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
3416"C:\Users\admin\AppData\Local\Temp\jingling.exe" /idx=10C:\Users\admin\AppData\Local\Temp\jingling.exe
jingling.exe
User:
admin
Company:
精灵软件
Integrity Level:
MEDIUM
Description:
流量精灵
Exit code:
0
Version:
2016.3.20.103
Modules
Images
c:\users\admin\appdata\local\temp\jingling.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
Total events
11 087
Read events
7 300
Write events
3 655
Delete events
132

Modification events

(PID) Process:(2152) jingling.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:urlspace
Value:
C:\Users\admin\AppData\Local\Temp\jingling.exe -h
(PID) Process:(2152) jingling.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2152) jingling.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2152) jingling.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2152) jingling.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2152) jingling.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2152) jingling.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
Operation:writeName:jingling.exe
Value:
8000
(PID) Process:(2152) jingling.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jingling_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(2152) jingling.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jingling_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(2152) jingling.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\jingling_RASAPI32
Operation:writeName:FileTracingMask
Value:
4294901760
Executable files
0
Suspicious files
769
Text files
6 376
Unknown types
473

Dropped files

PID
Process
Filename
Type
2400jingling.exeC:\Users\admin\AppData\Local\Temp\Cab9DF1.tmp
MD5:
SHA256:
2400jingling.exeC:\Users\admin\AppData\Local\Temp\Tar9DF2.tmp
MD5:
SHA256:
2400jingling.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0A17BC17FF10008872A7205D0D43E2_5FE90E28A5C4F66460B6A36ECFF82C5Eder
MD5:
SHA256:
2400jingling.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FE2BD01AB6BC312BF0DADE7F797388F_F7F9B7BDCC367A8E3539D28F7D4D4BA2der
MD5:
SHA256:
2152jingling.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\url[1].htmhtml
MD5:
SHA256:
2152jingling.exeC:\Users\admin\AppData\Roaming\Spiritsoft\urlspirit\bd.datini
MD5:
SHA256:
2152jingling.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\stat[1].jstext
MD5:
SHA256:
2400jingling.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9D161B3CD7C8B9D7B5C97E4395A9ABD5_E12E350322BBFC9152A08B47F139DA41der
MD5:
SHA256:
2400jingling.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3FE2BD01AB6BC312BF0DADE7F797388F_F7F9B7BDCC367A8E3539D28F7D4D4BA2binary
MD5:
SHA256:
2400jingling.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2543B5AF7D46D42E6CEED21F85143F6A_A756B1DC2BF0324B6CF71064DDB1C208binary
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1 639
TCP/UDP connections
4 621
DNS requests
1 070
Threats
108

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2400
jingling.exe
GET
200
47.89.37.108:80
http://www.tydcp99.com/
HK
html
28.2 Kb
unknown
2400
jingling.exe
GET
200
47.246.43.230:80
http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D
US
der
471 b
whitelisted
2400
jingling.exe
GET
200
47.89.37.108:80
http://www.tydcp99.com/manager/css/coupon/coupon.css
HK
text
6.46 Kb
unknown
2152
jingling.exe
GET
200
58.215.157.250:80
http://s11.cnzz.com/stat.php?id=1189654&web_id=1189654
CN
text
3.99 Kb
whitelisted
2400
jingling.exe
GET
200
47.89.37.108:80
http://www.tydcp99.com/manager/css/upDateStyle.css
HK
text
3.60 Kb
unknown
2400
jingling.exe
GET
200
47.246.43.209:80
http://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAsTYrbuap0%2Blokw8W4gfTk%3D
US
der
471 b
whitelisted
2400
jingling.exe
GET
200
47.246.43.230:80
http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHv1Dj%2BciPJEWH5JNtwL5Y07mRqwQUxBF%2BiECGwkG%2FZfMa4bRTQKOr7H0CEA70U2D%2Bj%2FdCs6VUpEISqKg%3D
US
der
471 b
whitelisted
2400
jingling.exe
GET
200
47.246.43.209:80
http://ocsp.digicert.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRXf%2BqAIajMnZeiQcx27p1CzET2wQUJG%2BRP4mHhw4ywkAY38VM60%2FISTICEAuqsw6ctCKRr8GKGUP7TBw%3D
US
der
471 b
whitelisted
2152
jingling.exe
GET
200
120.55.28.122:80
http://urlspirit.spiritsoft.cn/urlcore/olcfgs.dat?q=41
CN
binary
439 b
suspicious
2400
jingling.exe
GET
200
47.89.37.108:80
http://www.tydcp99.com/manager/css/style.css
HK
text
19.1 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2152
jingling.exe
120.55.28.122:80
us0.spiritsoft.cn
Hangzhou Alibaba Advertising Co.,Ltd.
CN
malicious
2400
jingling.exe
104.244.42.69:443
t.co
Twitter Inc.
US
suspicious
2400
jingling.exe
175.100.207.206:443
www.sohu.com
ISP
HK
malicious
2400
jingling.exe
47.246.43.230:80
ocsp.dcocsp.cn
US
malicious
2152
jingling.exe
58.215.157.250:80
s11.cnzz.com
AS Number for CHINANET jiangsu province backbone
CN
unknown
2152
jingling.exe
111.177.18.28:80
info.spiritsoft.cn
No.31,Jin-rong Street
CN
malicious
2400
jingling.exe
175.100.207.233:443
txt.go.sohu.com
ISP
HK
malicious
2400
jingling.exe
104.21.15.130:443
vietnamtimes.org.vn
Cloudflare Inc
US
suspicious
2400
jingling.exe
175.100.207.231:443
txt.go.sohu.com
ISP
HK
suspicious
2400
jingling.exe
211.91.160.226:80
sucimg.itc.cn
CHINA UNICOM China169 Backbone
CN
unknown

DNS requests

Domain
IP
Reputation
us0.spiritsoft.cn
  • 120.55.28.122
malicious
info.spiritsoft.cn
  • 111.177.18.28
suspicious
s11.cnzz.com
  • 58.215.157.250
whitelisted
t.co
  • 104.244.42.69
  • 104.244.42.5
  • 104.244.42.197
  • 104.244.42.133
shared
ocsp.digicert.com
  • 93.184.220.29
whitelisted
vietnamtimes.org.vn
  • 104.21.15.130
  • 172.67.162.162
suspicious
www.sohu.com
  • 175.100.207.206
  • 175.100.207.205
  • 175.100.207.204
malicious
ocsp.dcocsp.cn
  • 47.246.43.230
  • 47.246.43.226
  • 47.246.43.229
  • 47.246.43.223
  • 47.246.43.225
  • 47.246.43.227
  • 47.246.43.224
  • 47.246.43.228
whitelisted
www.tydcp99.com
  • 47.89.37.108
unknown
statics.itc.cn
  • 203.205.224.59
malicious

Threats

PID
Process
Class
Message
2152
jingling.exe
Misc activity
ADWARE [PTsecurity] FlowSpirit.a clicker and web traffic generator
2152
jingling.exe
Misc activity
ADWARE [PTsecurity] FlowSpirit.A clicker and web traffic generator
2152
jingling.exe
Misc activity
ADWARE [PTsecurity] FlowSpirit.a clicker and web traffic generator
2152
jingling.exe
Misc activity
ADWARE [PTsecurity] FlowSpirit.A clicker and web traffic generator
2152
jingling.exe
Misc activity
ADWARE [PTsecurity] FlowSpirit.a clicker and web traffic generator
2152
jingling.exe
Misc activity
ADWARE [PTsecurity] FlowSpirit.A clicker and web traffic generator
2152
jingling.exe
Misc activity
ADWARE [PTsecurity] FlowSpirit.a clicker and web traffic generator
2152
jingling.exe
Misc activity
ADWARE [PTsecurity] FlowSpirit.A clicker and web traffic generator
2152
jingling.exe
Misc activity
ADWARE [PTsecurity] FlowSpirit.a clicker and web traffic generator
2152
jingling.exe
Misc activity
ADWARE [PTsecurity] FlowSpirit.A clicker and web traffic generator
13 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
jingling.exe