» java.exe
Overview
Analysis
File Details
Behaviors (1)

java.exe

Gk9r4N7Dq

q1DXz

The executable java.exe has been detected as malware by 24 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘ab0f243f31b4a84eaeeda161c598148e’.

File name:

java.exe

Publisher:

q1DXz

Product:

Gk9r4N7Dq

Description:

z8PAb57

Version:

14.6.50.60

MD5:

0127d0834768a05d74e37f987173bf8b

SHA-1:

e4938c4a875409e78dc33da9658e62439bc47c8c

SHA-256:

7c5bf5877af46cba8b4c8a41094768a85c9315e91d94ddd1ce845469fc2d1599

Scanner detections:

24 / 68

Status:

Malware

Analysis date:

4/20/2024 12:23:06 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Barys.19623

864

Agnitum Outpost

Trojan.DR.Dorifel

7.1.1

AhnLab V3 Security

Win-Trojan/Bladabindi.Gen

2014.08.14

avast!

Win32:Malware-gen

2014.9-140923

AVG

Dropper.Generic8

2015.0.3342

Baidu Antivirus

Trojan.MSIL.Agent

4.0.3.14923

Bitdefender

Gen:Variant.Barys.19623

1.0.20.1330

Clam AntiVirus

Win.Trojan.Njrat-1

0.98/21411

Comodo Security

UnclassifiedMalware

19174

Emsisoft Anti-Malware

Gen:Variant.Barys.19623

8.14.09.23.01

ESET NOD32

MSIL/Packed.NetShrink (variant)

8.10248

Fortinet FortiGate

W32/Generic!tr

9/23/2014

F-Secure

Gen:Variant.Barys.19623

11.2014-23-09_3

G Data

Gen:Variant.Barys.19623

14.9.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.6.1.0

K7 AntiVirus

Backdoor

13.183.13043

Kaspersky

Trojan.MSIL.Agent

14.0.0.3207

McAfee

Artemis!0127D0834768

5600.6998

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi

1.10802

MicroWorld eScan

Gen:Variant.Barys.19623

15.0.0.798

NANO AntiVirus

Trojan.Win32.Disfa.ctnuxy

0.28.2.61519

Qihoo 360 Security

Win32/Trojan.975

1.0.0.1015

Sophos

Mal/Generic-S

4.98

VIPRE Antivirus

Trojan.Win32.Generic

32176

File size:

368.5 KB (377,344 bytes)

Product version:

14.6.50.60

b0XWy

Trademarks:

d2GWp73

Original file name:

cbiorwjk.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\galijas\java.exe

File PE Metadata

Compilation timestamp:

5/26/2013 4:15:38 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:XgdmCUt3SI7v3nQe1vVVuHZIBp/0rpQJc8:0UXce1vVOIBp/cp+c8

Entry address:

0x2B87E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

166.5 KB (170,496 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

ab0f243f31b4a84eaeeda161c598148e

Command:

"C:\users\galijas\java.exe"..

Remove java.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.