» 1055eb7aa3c16105dd81376d906c9f9a14a83295e3662977c96e47c2bc08db4f.exe.000
Overview
Analysis
File Details

1055eb7aa3c16105dd81376d906c9f9a14a83295e3662977c96e47c2bc08db4f.exe.000

Java Platform SE 7 U4

The file 1055eb7aa3c16105dd81376d906c9f9a14a83295e3662977c96e47c2bc08db4f.exe.000, “Java(TM) Platform SE binary” has been detected as malware by 51 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup.

File name:

Publisher:

Oracle Corporation* (Invalid match)

Product:

Java(TM) Platform SE 7 U4

Description:

Java(TM) Platform SE binary

Version:

7.0.40.20

MD5:

71ad502ef681a6a3c6cbf3ccd7d3d5b1

SHA-1:

65771151d501ea43a3020843ace7de88c74c95b4

SHA-256:

1055eb7aa3c16105dd81376d906c9f9a14a83295e3662977c96e47c2bc08db4f

Scanner detections:

51 / 68

Status:

Malware

Explanation:

The software cotains keystroke monitoring/logging capablities which may or may not be installed without the user's knowledge.

Analysis date:

4/25/2024 2:48:28 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1781810

920

AhnLab V3 Security

Trojan/Win32.Reveton

2014.07.30

Avira AntiVirus

TR/Crypt.ZPACK.90068

7.11.164.106

avast!

Win32:Trojan-gen

2014.9-140730

AVG

Downloader.Generic13

2015.0.3398

Baidu Antivirus

Trojan.Win32.Small

4.0.3.14730

Bitdefender

Trojan.GenericKD.1781810

1.0.20.1055

Bkav FE

HW32.Keylogger

1.3.0.4959

Comodo Security

UnclassifiedMalware

19014

Dr.Web

Trojan.DownLoad3.32784

9.0.1.0211

Emsisoft Anti-Malware

Trojan-Downloader.Win32.Agent

8.14.07.30.03

ESET NOD32

Win32/TrojanDownloader.Small.PSD

8.10171

Fortinet FortiGate

W32/Badur.GAI!tr

7/30/2014

F-Secure

Trojan.GenericKD.1781810

11.2014-30-07_4

G Data

Trojan.GenericKD.1781810

14.7.24

IKARUS anti.virus

Trojan.Win32.Badur

t3scan.1.6.1.0

Kaspersky

Trojan.Win32.Badur

14.0.0.3484

Malwarebytes

Trojan.Downloader

v2014.07.30.03

McAfee

RDN/Generic.bfr!ho

5600.7054

MicroWorld eScan

Trojan.GenericKD.1781810

15.0.0.633

NANO AntiVirus

Trojan.Win32.DownLoad3.dcyxvu

0.28.2.61148

Panda Antivirus

Trj/Chgt.C

14.07.30.03

Qihoo 360 Security

HEUR/Malware.QVM20.Gen

1.0.0.1015

Rising Antivirus

PE:Malware.FakeDOC@CV!1.9C3C

23.00.65.14728

Sophos

Troj/Zbot-ISA

4.98

Trend Micro House Call

TROJ_BADUR.XXGI

7.2.211

Trend Micro

TROJ_BADUR.XXGI

10.465.30

VIPRE Antivirus

Trojan.Win32.Generic.pak!cobra

31722

File size:

64.5 KB (66,048 bytes)

Product version:

7.0.40.20

Original file name:

java-rmi.exe

Common path:

C:\users\{user}\downloads\apt file\1055eb7aa3c16105dd81376d906c9f9a14a83295e3662977c96e47c2bc08db4f.exe.000

File PE Metadata

Compilation timestamp:

7/29/2014 11:14:43 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

384:bGbX54B6AJj/bF1T9ntT9VK94knsEU8BmGdMBrxGrt257T6tb:gKBnj/R1zObnsumsATUb

Entry address:

0x5FB0

Entry point:

55, 8B, EC, 83, EC, 1C, C7, 45, F4, 03, 00, 00, 00, C7, 45, F0, 03, 00, 00, 00, C7, 45, EC, 03, 00, 00, 00, C7, 45, FC, 03, 00, 00, 00, C7, 45, F8, 03, 00, 00, 00, C7, 45, FC, 00, 00, 00, 00, EB, 09, 8B, 45, FC, 83, C0, 01, 89, 45, FC, 83, 7D, FC, 06, 73, 0B, 8B, 4D, F8, 03, 4D, F8, 89, 4D, F0, EB, E6, 6A, 00, FF, 15, 78, 10, 40, 00, 8B, 55, FC, C1, EA, 71, 89, 55, F0, C7, 45, FC, 00, 00, 00, 00, EB, 09, 8B, 45, FC, 83, C0, 01, 89, 45, FC, 83, 7D, FC, 06, 73, 08, FF, 15, 78, 11, 40, 00, EB, E9, 68, E7, 05... 
[+]

Entropy:

3.2062

Developed / compiled with:

Microsoft Visual C++

Code size:

60 KB (61,440 bytes)

Remove 1055eb7aa3c16105dd81376d906c9f9a14a83295e3662977c96e47c2bc08db4f.exe.000 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.