» java.exe
Overview
Analysis
File Details

java.exe

Mindad media Ltd.

The application java.exe by Mindad media has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.

File name:

java.exe

Publisher:

Mindad media Ltd. (signed and verified)

MD5:

01cd9c4ba12b36dbe27fb29b876fa8ff

SHA-1:

7063bfbde4704939b15bef8a21ebc25379e091cf

SHA-256:

665421caaf36183ffca39683e9220cec33ead15ff72d586ab7c7291f3d53fe84

Scanner detections:

15 / 68

Status:

Adware

Explanation:

Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Analysis date:

4/26/2024 1:19:44 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.OutBrowse

7.1.1

Avira AntiVirus

APPL/Downloader.Gen

7.11.180.174

AVG

Generic

2016.0.3156

Dr.Web

Trojan.OutBrowse.27

9.0.1.05190

ESET NOD32

Win32/OutBrowse.M potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/OutBrowse

3/28/2015

F-Prot

W32/Outbrowse.B.gen

v6.4.7.1.166

G Data

Win32.Application.OutBrowse

15.3.25

herdProtect (fuzzy)

variant of soundclouddownloader.exe (Adware)

2015.7.3.8

K7 AntiVirus

Unwanted-Program

13.184.13741

McAfee

Adware-OutBrowse

5600.6716

NANO AntiVirus

Trojan.Win32.Generic.cthmwf

0.28.2.62841

Reason Heuristics

PUP.Installer.MindAd

15.3.28.20

Sophos

DomainIQ pay-per install

4.98

VIPRE Antivirus

Threat.4150696

38552

File size:

105.2 KB (107,752 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\java.exe

Digital Signature

Signed by:

Mindad media Ltd.

Authority:

COMODO CA Limited

Valid from:

8/4/2013 6:00:00 PM

Valid to:

8/5/2014 5:59:59 PM

Subject:

CN=Mindad media Ltd., O=Mindad media Ltd., STREET=hamenofim 9, STREET=herzeliya, L=herzeliya, S=herzeliya, PostalCode=46725, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0E7140EE5347CFF2FBDBE59A34386099

File PE Metadata

Compilation timestamp:

12/5/2009 3:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:HgXdZt9P6D3XJ2Cw5Ky/9XO3jR0eWSzUu/0W:He34lwUQ9OzRgW/c

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.6782

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove java.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.