home

java.exe

Binarit personal computer peripheral equipment

The application java.exe by Binarit personal computer peripheral equipment has been detected as adware by 28 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from dlp.cloudsvr322.com.
Publisher:
Binarit personal computer peripheral equipment  (signed and verified)

MD5:
db102b2f06420f92c1e1675cddfb7dc1

SHA-1:
2ad0d4d33265aa03b598a9109d64993fc32a6f66

SHA-256:
4b718690d278291ad851d42b8bf4342ff150b5db493569bc4e40825b3b1c514c

Scanner detections:
28 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Analysis date:
4/26/2024 5:19:56 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.128175
989

Agnitum Outpost
PUA.DomaIQ
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
14.05.21

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.150.228

avast!
DomaIQ-CO [PUP]
140516-1

AVG
Adware Skodna.Bundle_r.S
2014.0.3950

Bitdefender
Gen:Variant.Application.Bundler.DomaIQ.3
1.0.20.705

Comodo Security
Application.Win32.DomaIQ.KKL
18308

Dr.Web
Trojan.DownLoad3.31551
9.0.1.05190

ESET NOD32
Win32/DomaIQ.AZ potentially unwanted application
7.0.302.0

F-Prot
W32/DomaIQ.E.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Application.Bundler
11.2014-21-05_4

G Data
Gen:Variant.Application.Bundler.DomaIQ
14.5.24

IKARUS anti.virus
AdWare.DomaIQ
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.178.12155

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.3830

Malwarebytes
PUP.Optional.DomaIQ
v2014.05.21.10

McAfee
RDN/Generic PUP.x!brl
5600.7123

MicroWorld eScan
Gen:Variant.Application.Bundler.DomaIQ.3
15.0.0.423

NANO AntiVirus
Trojan.Win32.DomaIQ.cssxal
0.28.0.59921

nProtect
Trojan-Clicker/W32.Lollipop.330904
14.05.28.01

Panda Antivirus
Trj/Genetic.gen
14.05.21.10

Reason Heuristics
PUP.Binaritpersonalcomputerperipheralequipment.E
14.5.21.21

Rising Antivirus
PE:Adware.Graftor!6.14B6
23.00.65.14519

Sophos
DomainIQ pay-per install
4.98

Vba32 AntiVirus
BScope.Downware.DomaIQ
3.12.26.0

VIPRE Antivirus
Threat.4150696
29418

Zillya! Antivirus
Adware.DomaIQ.Win32.83
2.0.0.1797

File size:
323.1 KB (330,896 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\java.exe

Digital Signature
Signed by:
Binarit personal computer peripheral equipment

Authority:
COMODO CA Limited

Valid from:
6/25/2013 8:00:00 PM

Valid to:
6/26/2014 7:59:59 PM

Subject:
CN=Binarit personal computer peripheral equipment, O=Binarit personal computer peripheral equipment, STREET=111 Hashayatim st., L=Ashdod, S=Israel, PostalCode=7744136, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009B1E67A8A40605CE803E9479F9649DE2

File PE Metadata
Compilation timestamp:
1/23/2014 11:53:01 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:Zrl8sf608N/cz9GD0mOh3Jhh9Ha24+7YV5:dl8sC08N89StOh4+u5

Entry address:
0x1BBB

Entry point:
E8, 37, 27, 00, 00, E9, 7F, FE, FF, FF, A1, D8, 0D, 41, 00, 56, 6A, 14, 5E, 85, C0, 75, 07, B8, 00, 02, 00, 00, EB, 06, 3B, C6, 7D, 07, 8B, C6, A3, D8, 0D, 41, 00, 6A, 04, 50, E8, C7, 2F, 00, 00, 59, 59, A3, D4, 0D, 41, 00, 85, C0, 75, 1E, 6A, 04, 56, 89, 35, D8, 0D, 41, 00, E8, AE, 2F, 00, 00, 59, 59, A3, D4, 0D, 41, 00, 85, C0, 75, 05, 6A, 1A, 58, 5E, C3, 33, D2, B9, 08, F0, 40, 00, 89, 0C, 02, 83, C1, 20, 8D, 52, 04, 81, F9, 88, F2, 40, 00, 7D, 07, A1, D4, 0D, 41, 00, EB, E8, 33, C0, 5E, C3, E8, D8, 2C...
 
[+]

Entropy:
5.8531

Code size:
33 KB (33,792 bytes)

The file java.exe has been seen being distributed by the following URL.

http://dlp.cloudsvr322.com/dEcSWjB_azbZp0UUzeFhkYx9kyUEO6PygkwcT3xBkV91yeq1v4UzpXqiHHwc3gwAYjSGKDkGW5SXd1TUQH8LiQ

Remove java.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.