» firmwaregnujava.exe
Overview
Analysis
File Details
Behaviors (1)

firmwaregnujava.exe

The application firmwaregnujava.exe has been detected as a potentially unwanted program by 21 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 18968 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.

File name:

firmwaregnujava.exe

MD5:

d84779c861a51be4ad178c278729f704

SHA-1:

ad40f1b6ea94ff62c1aa0e73eba0d356d01053cb

SHA-256:

8a2d6b0466f8952067320a442bc18ffa4ed5e292cac5256429e5df53becf9713

Scanner detections:

21 / 68

Status:

Potentially unwanted

Analysis date:

4/18/2024 9:58:25 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Graftor.151597

890

Agnitum Outpost

PUA.Pirrit

7.1.1

AhnLab V3 Security

Trojan/Win32.Agent

2014.08.22

Avira AntiVirus

TR/Rogue.174117

7.11.168.80

avast!

Win32:Downloader-VNP [Trj]

140813-1

AVG

Adware Generic5.BFTF

2014.0.4015

Bitdefender

Gen:Variant.Graftor.151597

1.0.20.1200

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.151597

9.0.0.4324

ESET NOD32

Win32/AdWare.Pirrit (variant)

8.10284

F-Secure

Gen:Variant.Graftor.151597

11.2014-28-08_5

G Data

Gen:Variant.Graftor.151597

14.8.24

IKARUS anti.virus

PUA.Pirrit

t3scan.1.7.5.0

K7 AntiVirus

Adware

13.183.13098

Malwarebytes

Spyware.Password

v2014.08.28.09

MicroWorld eScan

Gen:Variant.Graftor.151597

15.0.0.720

NANO AntiVirus

Riskware.Win32.Tirrip.dedxvn

0.28.2.61861

Panda Antivirus

Trj/Genetic.gen

14.08.28.09

Reason Heuristics

Threat.Win.Reputation.IMP

14.8.28.21

VIPRE Antivirus

Threat.4150696

32210

File size:

170 KB (174,117 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\classdocklog\firmwaregnujava.exe

File PE Metadata

Compilation timestamp:

8/13/2014 3:30:24 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:PJBkrEBzCRmr3rf0OBF0/I6tRoifKyz2OFCseDx:PJS5uf0w0AQoOK5OFCse9

Entry address:

0x12B59

Entry point:

E8, 95, 04, 00, 00, E9, 63, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 08, 88, 42, 00, 89, 0D, 04, 88, 42, 00, 89, 15, 00, 88, 42, 00, 89, 1D, FC, 87, 42, 00, 89, 35, F8, 87, 42, 00, 89, 3D, F4, 87, 42, 00, 66, 8C, 15, 20, 88, 42, 00, 66, 8C, 0D, 14, 88, 42, 00, 66, 8C, 1D, F0, 87, 42, 00, 66, 8C, 05, EC, 87, 42, 00, 66, 8C, 25, E8, 87, 42, 00, 66, 8C, 2D, E4, 87, 42, 00, 9C, 8F, 05, 18, 88, 42, 00, 8B, 45, 00, A3, 0C, 88, 42, 00, 8B, 45, 04, A3, 10, 88, 42, 00, 8D, 45, 08, A3, 1C, 88, 42... 
[+]

Entropy:

6.3830

Code size:

111 KB (113,664 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:18968/

Local host port:

18968

Default credentials:

Remove firmwaregnujava.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.