home

java.exe

The application java.exe has been detected as a potentially unwanted program by 29 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.1freedown.com.
MD5:
0fa05aa78ff8bbe4c1ac0584ae269ce6

SHA-1:
a4ff940e15f9a960361718f2d85c86324a3dae5e

SHA-256:
0d3380df988c5b6fab517fb8b3a5b2db3dc16b57de65b0cb5fa775c7474da5ef

Scanner detections:
29 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/25/2024 10:10:50 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Outbrowse.A
984

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
14.05.26

Avira AntiVirus
APPL/OutBrowse.A
7.11.151.40

avast!
Win32:PUP-gen [PUP]
2014.9-140526

AVG
OutBrowse
2015.0.3462

Baidu Antivirus
HackTool.Win32.OutBrowse
4.0.3.14526

Bitdefender
Application.Bundler.Outbrowse.A
1.0.20.730

Comodo Security
Application.Win32.OutBrowse.~A
18313

Dr.Web
Adware.Downware.1770
9.0.1.0146

ESET NOD32
Win32/OutBrowse (variant)
8.9837

Fortinet FortiGate
Riskware/NSIS_OutBrowse
5/26/2014

F-Secure
Application.Bundler.Outbrowse
11.2014-26-05_2

G Data
Application.Bundler.Outbrowse
14.5.24

K7 AntiVirus
Trojan
13.178.12171

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.3807

Malwarebytes
PUP.Optional.OutBrowse
v2014.05.26.12

McAfee
RDN/Generic PUP.x!b2f
5600.7118

MicroWorld eScan
Application.Bundler.Outbrowse.A
15.0.0.438

NANO AntiVirus
Trojan.Win32.OutBrowse.csrlza
0.28.0.59921

Panda Antivirus
Trj/CI.A
14.05.26.12

Qihoo 360 Security
Win32/Virus.Downloader.ad6
1.0.0.1015

Quick Heal
TrojanDownloader.NSIS.OutBrowse.B
5.14.14.00

Sophos
OutBrowse Revenyou
4.98

Trend Micro House Call
TROJ_GEN.R0CBC0ECI14
7.2.146

Trend Micro
TROJ_GEN.R0CBC0ECI14
10.465.26

Vba32 AntiVirus
Downloader.OutBrowse
3.12.26.0

VIPRE Antivirus
OutBrowse
29512

XVirus List
Win32.Detected
2.5.26

File size:
616.5 KB (631,255 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\java.exe

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:1IFyhCfsMntd1zdwVWyK1EzotWlj+kzVX0xp+lHTNo5uLMxHeXAkepYsq4E:14yhCfsMtpwof1EzotWln3M6VXopa4E

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9775

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file java.exe has been seen being distributed by the following URL.

http://www.1freedown.com/.../download.php?id=52d9b5066d5a9&i=adus4

Remove java.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.