What is "Jacard.13238"? – Adware Reports

The Jacard.13238 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Jacard.13238 virus can do?

Presents an Authenticode digital signature
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Unconventionial language used in binary resources: Russian
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Network activity detected but not expressed in API logs

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Jacard.13238?


File Info:
crc32: 430B20D5
md5: 26778b995b0e7ea86c8e89e2c2cc4e30
name: 26778B995B0E7EA86C8E89E2C2CC4E30.mlw
sha1: 4555365ffa0ab461f6f8a005d1a0db4d3067ef67
sha256: dcbc182173b06dce19426bea023c521222df2bbf2222edc6d36943f03288de55
sha512: 37bf1dd10e62e4956b444600c1cae8fe511fec3fbb88d9b8a882f2a54c44c2f0474b3c6149158fff4a0cf9322c331f73136f72216ca23c09567a42e0f57d8ffa
ssdeep: 24576:X24gsa6Qb1kXGxFAAhQhwszj+kve5LqZEB72ks0rTdq:m4gsvQb1k28nwsnNEIDWTI
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:
LegalCopyright: Copyright 1984-2016 Adobe Systems Incorporated and its licensors. All rights reserved.
InternalName: Adobe Acrobat Reader DX
FileVersion: 10.7.20033.13737
ProductName: Adobe Acrobat Reader DX
ProductVersion: 10.7.20033.13737
FileDescription: Adobe Acrobat Reader DX
OriginalFilename: AcroRd32.exe
Translation: 0x0409 0x04e4

Jacard.13238 also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Jacard.13238
FireEye	Generic.mg.26778b995b0e7ea8
McAfee	GenericRXAA-FA!26778B995B0E
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
K7AntiVirus	Trojan-Downloader ( 004e02ad1 )
BitDefender	Gen:Variant.Jacard.13238
K7GW	Trojan-Downloader ( 004e02ad1 )
Cybereason	malicious.95b0e7
BitDefenderTheta	AI:Packer.E19542C118
Cyren	W32/Trojan.LDAJ-6031
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/TrojanDownloader.Delf.BYK
APEX	Malicious
Avast	Win32:Delf-UFQ [Trj]
Kaspersky	Trojan-Downloader.Win32.Rakhni.krx
NANO-Antivirus	Trojan.Win32.Rakhni.emjeda
AegisLab	Trojan.Win32.Rakhni.a!c
Rising	Downloader.Gendwnurl!8.D8D6 (TFE:4:JA2eR7x6PuI)
Ad-Aware	Gen:Variant.Jacard.13238
Sophos	Mal/Generic-S (PUA)
Comodo	Malware@#3e70tkdqlhrm0
F-Secure	Trojan.TR/Downloader.Gen7
DrWeb	Trojan.DownLoader24.62972
Zillya	Downloader.Rakhni.Win32.223
McAfee-GW-Edition	GenericRXBB-LA!3FD93394035B
Emsisoft	Gen:Variant.Jacard.13238 (B)
Ikarus	Trojan-Downloader.Win32.Rakhni
Jiangmin	Trojan.Bcex.ih
Avira	TR/Downloader.Gen7
MAX	malware (ai score=82)
Antiy-AVL	Trojan/Win32.Bcex
Microsoft	Trojan:Win32/Skeeyah.A!rfn
Arcabit	Trojan.Jacard.D33B6
AhnLab-V3	Downloader/Win32.Delf.C1783347
ZoneAlarm	Trojan-Downloader.Win32.Rakhni.krx
GData	Gen:Variant.Jacard.13238
Cynet	Malicious (score: 85)
VBA32	TScope.Trojan.Delf
ALYac	Gen:Variant.Jacard.13238
Malwarebytes	Generic.Trojan.Malicious.DDS
Panda	Trj/Genetic.gen
Tencent	Malware.Win32.Gencirc.10b3a92b
Yandex	Trojan.GenAsa!B4SWzjBtgJ4
SentinelOne	Static AI – Malicious PE – Installer
eGambit	Unsafe.AI_Score_88%
Fortinet	W32/Dloader.CDW!tr
AVG	Win32:Delf-UFQ [Trj]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_90% (D)
Qihoo-360	Win32/Trojan.b19

How to remove Jacard.13238?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

What is “Jacard.13238”?