java4.exe

The executable java4.exe has been detected as malware by 24 anti-virus scanners. This trojon will perform a number of actions that will compromise a PC including changing protected system registry values, hiding in protected operating system locations and downloading and installing additional malware. The file has been seen being downloaded from weebly.com.
MD5:
cce1613155e82035782970b815fb61dd

SHA-1:
06b1929e7934225e1d646db1e97c21da7ba6ce3f

SHA-256:
ba8a1a4d8fbf119bb64fe97745e93a149ac234a93fc19e4b4e4c408309c69f00

Scanner detections:
24 / 68

Status:
Malware

Analysis date:
1/21/2018 9:48:38 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.53865
1041

Avira AntiVirus
TR/Strictor.53865
7.11.140.86

avast!
Win32:Malware-gen
2014.9-140331

AVG
MSIL2
2015.0.3519

Baidu Antivirus
Trojan.MSIL.Injector
4.0.3.14331

Bitdefender
Gen:Variant.Strictor.53865
1.0.20.450

Comodo Security
UnclassifiedMalware
18022

Dr.Web
BackDoor.Siggen.56953
9.0.1.090

Emsisoft Anti-Malware
Gen:Variant.Strictor.53865
8.14.03.31.09

ESET NOD32
MSIL/Injector.DBO (variant)
8.9616

Fortinet FortiGate
MSIL/Injector.DBO!tr
3/31/2014

F-Secure
Gen:Variant.Strictor.53865
11.2014-31-03_2

G Data
Gen:Variant.Strictor.53865
14.3.24

IKARUS anti.virus
Backdoor.Win32.DarkKomet
t3scan.2.2.29

Kaspersky
Trojan.MSIL.Citron
14.0.0.4088

McAfee
Artemis!CCE1613155E8
5600.7175

McAfee Web Gateway
Artemis!CCE1613155E8
7.7175

Microsoft Security Essentials
Trojan:Win32/Malagent
1.10401

MicroWorld eScan
Gen:Variant.Strictor.53865
15.0.0.270

Norman
Suspicious_Gen5.ANUYD
11.20140331

Qihoo 360 Security
Win32/Trojan.1f9
1.0.0.1015

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.F47V0329
7.2.90

VIPRE Antivirus
Trojan.Win32.Generic
27886

File size:
576 KB (589,824 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\virus\java4.exe

File PE Metadata
Compilation timestamp:
3/15/2014 8:01:07 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:NqgEpFBnHlzBR9WN/PrwZJ2emRYFfBlF8p8/3FTg:Nqg81zBRANTG8XGFLOp8vx

Entry address:
0x385BE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.6681

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
220 KB (225,280 bytes)

The file java4.exe has been seen being distributed by the following URL.

Remove java4.exe - Powered by Reason Core Security