» java.windows.exe
Overview
Analysis
File Details
Downloads (1)

java.windows.exe

The executable java.windows.exe has been detected as malware by 3 anti-virus scanners. The file has been seen being downloaded from 73616081-509517242719949032.preview.editmysite.com.

File name:

java.windows.exe

MD5:

b3a028bc49f92677aabef5d1d31ac69e

SHA-1:

9db8e6cab6b460ae8688f92bcb87c9ddaa88b3f8

SHA-256:

c50b789a6a99f8bd261c996be00ef71f5ef20c4ad2569489b99c303093fb8605

Scanner detections:

3 / 68

Status:

Malware

Analysis date:

7/8/2025 5:53:54 PM UTC (today)

Scan engine

Detection

Engine version

avast!

MSIL:GenMalicious-ANK [Trj]

160215-2

ESET NOD32

MSIL/Kryptik.FAT trojan

8.0.319.0

Norman

Gen:Variant.Strictor.47721

17.02.2016 05:18:35

File size:

192 KB (196,608 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\java.windows.exe

File PE Metadata

Compilation timestamp:

2/25/2016 10:33:15 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:K3WpylEMMXBEpLeMMcj5983vZHTC8rXUZn7FvGVNqA0/zrXziIjvz/jZqMN:wWslEMMXBEx9d1NLjRv

Entry address:

0x29DFE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.5052

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

160 KB (163,840 bytes)

The file java.windows.exe has been seen being distributed by the following URL.

http://73616081-509517242719949032.preview.editmysite.com/uploads/7/3/6/1/.../java.windows.exe

Remove java.windows.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.