home

java.exe

Sysinternals Debugview

The executable java.exe has been detected as malware by 10 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘xinlen’.
Publisher:
Sysinternals*  (Invalid match)

Product:
Sysinternals Debugview

Description:
DebugView

Version:
4.76

MD5:
4c936343ef126348cb9e11365e9afd83

SHA-1:
d8d5f0549cccbb22f6aa216f09fbd4a599856d0f

SHA-256:
9c7e84cfea7ddb3559d8dccd3140330a300e5bc530488a7533a9ac700d8018ab

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
4/19/2024 2:47:48 PM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Ml.Attribute.Gen!c
2.1.4+

Baidu Antivirus
Win32.Trojan.WisdomEyes.16070401.9500
4.0.3.17316

Bkav FE
HW32.Packed
1.3.0.8876

ESET NOD32
Win32/Spy.Agent.OWQ (variant)
11.15096

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.-1318

McAfee
Artemis!4C936343EF12
5600.6093

Microsoft Security Essentials
Trojan:Win32/Qzonit.A!bit
1.1.13504.0

Panda Antivirus
Trj/Genetic.gen
17.03.16.12

Quick Heal
(Suspicious) - DNAScan
3.17.14.00

Sophos
Mal/VMProtBad-A
4.98

File size:
717 KB (734,208 bytes)

Product version:
4.76

Copyright:
Copyright © 1998-2008 Mark Russinovich

Original file name:
Dbgview.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\java.exe

File PE Metadata
Compilation timestamp:
3/15/2017 1:05:34 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0xE4875

Entry point:
60, 57, C7, 44, 24, 20, B0, FF, 5C, C5, E8, 5B, B6, 00, 00, F5, C1, E7, 08, 66, 0F, BA, E1, 03, 83, C4, 40, 0F, 86, 25, 84, FF, FF, 01, C7, 60, 66, F7, C7, 9A, EC, 66, 39, EF, 60, 83, E9, 01, 8D, 64, 24, 40, 0F, 8E, B0, D4, FF, FF, 0F, 85, 38, 0B, 0A, 00, C1, C9, 1A, 89, 7D, E4, 68, EC, 5D, FC, A2, 8B, 7D, 0C, 66, 87, CA, 66, 0F, C1, D1, C6, 04, 24, 40, 29, C0, F6, C2, FD, 88, 45, FE, 9C, 89, C1, F5, 66, 81, FD, 6D, A6, 66, 21, C2, 89, 45, E0, 9C, 08, FE, 68, 5C, 59, 9C, 85, 89, 45, DC, 83, EC, F0, C0, D6...
 
[+]

Entropy:
7.9799  (probably packed)

Code size:
131 KB (134,144 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
xinlen

Command:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\java.exe


Remove java.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.