» jre8u20windowsx64.exe
Overview
Analysis
File Details
Downloads (21)

jre8u20windowsx64.exe

Java Runtime Environment

Innovative Systems LLC

The application jre8u20windowsx64.exe by Innovative Systems has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from java.joydownload.com and multiple other hosts.

File name:

Publisher:

Innovative Systems LLC (signed and verified)

Product:

Java Runtime Environment

Version:

1.0.0.0

MD5:

6637bb1f86e10fbb5ed5d32c0110217b

SHA-1:

1031842602ceddc9e6a62c9a31f7cf8e2df915c5

SHA-256:

9ae72879e82ff9dae6abd353457df87c8e5e99ddd3c39fbabb1c49168b554ae5

Scanner detections:

18 / 68

Status:

Adware

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/25/2024 10:42:16 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.OpenCandy

2014.11.05

Avira AntiVirus

APPL/Downloader.Gen

7.11.183.24

avast!

Win32:Adware-gen [Adw]

2014.9-141105

AVG

OpenCandy

2015.0.3300

Baidu Antivirus

Adware.Win32.OpenCandy

4.0.3.14115

Clam AntiVirus

Win.Trojan.Agent-803351

0.98/21411

Dr.Web

Adware.OpenCandy.55

9.0.1.0309

ESET NOD32

Win32/JoyDownloader

8.10670

G Data

Win32.Adware.OpenCandy

14.11.24

IKARUS anti.virus

PUA.JoyDownloader

t3scan.1.7.8.0

K7 AntiVirus

Adware

13.183.13333

Malwarebytes

PUP.Optional.OpenCandy

v2014.11.05.03

McAfee

Artemis!6637BB1F86E1

5600.6956

Reason Heuristics

PUP.InnovativeSystems.R

14.11.5.3

Sophos

Generic PUA IK

4.98

Trend Micro House Call

Suspicious_GEN.F47V0929

7.2.309

VIPRE Antivirus

Trojan.Win32.Generic

33554

File size:

496.1 KB (507,968 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\jre8u20windowsx64.exe

Digital Signature

Signed by:

Innovative Systems LLC

Authority:

Thawte, Inc.

Valid from:

9/19/2014 3:00:00 AM

Valid to:

9/20/2015 2:59:59 AM

Subject:

CN=Innovative Systems LLC, O=Innovative Systems LLC, L=Dnepropetrovsk, S=Dnepropetrovska, C=UA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

09A91C40EAE34E72CD975B0B218AE4BA

File PE Metadata

Compilation timestamp:

5/20/2013 2:52:48 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:dQRbEzD39YMADqFPB9WoBIWjhBWZI+jkK+Zssl:eRAie8oBIWjhsZjwKWl

Entry address:

0x331F

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 30, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, BC, 70, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 08, A3, D8, 7A, 7A, 00, E8, A8, 2E, 00, 00, A3, 24, 7A, 7A, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, D0, EE, 79, 00, FF, 15, 7C, 71, 40, 00, 68, 7C, 93, 40, 00, 68, 20, 6A, 7A, 00, E8, 13, 2B, 00, 00, FF, 15, 34, 71, 40, 00, BB, 00, 20, 7B, 00, 50, 53, E8, 01, 2B, 00, 00... 
[+]

Entropy:

7.7960

Packer / compiler:

Nullsoft install system v2.x

Code size:

24 KB (24,576 bytes)

The file jre8u20windowsx64.exe has been seen being distributed by the following 21 URLs.

http://java.joydownload.com/get_azure_file/wUiS4WnYccXEwj 8WvauHEA0kxQ8PDK1GhzzcteQv A8/yWn9np5iNENJ1XlarnuNDC2wVRSIDfVWKn7SfxygeVyz4WXAwaDpX6 XVT8 3G9geeO7cvT0mlMq4d32gsWCzHkGDU2nsAj7G2jDnGSA7ZawtXjNTYAYb8gJFsFNaXlAzI/.../4nvhhvybaBnznXyEcQe5MWxUXvtoZrTkCgqdeAaGdEvMjwpsuOtD0Aj2x711d0DSnK1WUqw65zg2Vpta2DP9Q==

http://java.joydownload.com/get_azure_file/wUiS4WnYccXEwj 8WvauHEA0kxQ8PDK1GhzzcteQv A8/zyn9np5iNEMJ1XlbKn3fHm ykYcdnGHWOOmEqc20bIjzsKXFVrIo3rqBwX9unq1ma T 9Gdk2MM Mtk3BIBHHCjFGs9wdEivSH4UHHGA65Xi83mPSVAMedmcF9MIaS0XHt/ctyaf1hi0PCtV2R5ao6x2 k/.../liinB8pY6MG RXKquZKaiGp5M6RIBo47M20hsuOgFBxzhVW61NdWU3W1FAawqZnu1Q0nPGDP9Q==

http://java.joydownload.com/get_azure_file/wUiS4WnYccXEwj 8WvauHEA0kxQ8PDK1GhzzcteQv A8/zyn9np5iNEMJ1XlbKn3fHm/ykYeazeeEKqtHr8lwbthw8 bFQfS9SzyHgau7Gm0yP/.../5nnHWsAsQe5MWxUSaqoZrTkCsqdfEaG9Bifjwxu6GtGxBz217wjp8RASe4DAz3op7jzwghP3HP9Q==

http://java.joydownload.com/get_azure_file/wUiS4WnYccXDyCf4UfO5CV530RJ0YyqsWxL2as6J5KVn/269qGt42YJXeVXsK7H NWG xEZTcWmPEfvnQeElyPpqx8yPBQ6T7SS7BkT9qj/7mf6SpNjSg2JZqtY6hV9QAin7Xms3hshq9CjwSGGdQa5Xi83lPSVRMeVnPRNMOa32XGglOpvGYxkiy/i6RnliO8301fNgRjyouRnFn/V QsvpYsntZXdWzcO/HO4tmQ8eroL/h0qnLbh 1CahCd0at5nvHD6qoZrTkCoqdeMLBd1/.../rBQfh4MOw1QR8NHPP9Q==

http://java.joydownload.com/get_azure_file/wUiS4WnYccXBwj qXP7oQkEsm10kPTqlChOxatjZp7VvsTDsqSt4ydoEPx2lPbO5PXP7mQoMbSTPU jBuB/lqtrh8yeDR7XpnvqBwX9vnGtiffQqdDeg2gIq5M6kQAKFC/lXyx zcko ir W2OYQ7lew4TrMT0VPuZue01NIaS0XHl1aszKJwkpz6vnGDRmIdHg2rQ/.../rAQfh5MO6k1BifWDP9Q==

http://java.joydownload.com/get_azure_file/wUiS4WnYccXEwj /TeqjC1c0kw48PjymHBH6YNTSvOh152f0sCw22dBNJ0bterruNDC2w15KcTrYCeL ErQ8gLNjztTbXliD9GzyCkzlunm jPzXvNKbm2BBs9Vp10dJF3ykACx3lsE79WjwXGmLFuMAnJKjJTxEYro4PRoLMr38FXB9ctyRZQkpz6vjGDRiIdumjqp2HGL5uF7Fjqk1WMeve4GkbXBWzZv/.../44JDmzR0nOmDP9Q==

http://java.joydownload.es/get_azure_file/wUiS4WnYccXBwj sXP7oQkEsnl0kPTqmHxH0cteQv E8/yG6sGMxwdoEP0b1Y/j2OXmulgsEZjbOCeLkErY90btkxdSWRAaV9T2uVRqiqnD8gffQpMuC0zZD5JcwxAwcACngSXZzkN18tn7oUSCTQrZOl4TzPHQNb7MgaEFRZ/CwFWh0O8TNLAl71fX2GWUveo/g0 knBSqwtFDdybcsXdDoYsn3ZXBY3sW0GO8slhoeroL h0q4N/5nnG sAMVP7MW5UXKquZCQkD50PvUDGdV0fD1/.../rBQfh4MOw1QR8NHPP9Q==

http://java.joydownload.com/get_azure_file/wUiS4WnYccXBwj zXP7oQkEsml0kPTy1E1v4ZtbB47xquTC8sGMxwdgEP0Xjaan3fHm/ykYbazeeELCtGb50ybhgztTJXk/Ro36xSQSrqnD8gfHbvIOJ1zJZqtY6gF9QEi/zGDU2nsUj7Cn4W2SQRq5Xi83lPSVRMeVnPRNMOa32XGglOpvGYxkiy/i6RnliO8301fNgRjyouRnFn/V RMvpYsntZXJWzcO/H/sv3BcT55qoxRihLP9nnHWsAstc6s6/.../rAQfh5MO6k1BifWDP9Q==

http://java.joydownload.com/get_azure_file/wUiS4WnYccXBwj sXP7oQkEsnl0kPTqmHxH0cteQv A8/yWn9np5iNENJ1XlarnuNDC2w15KcTrYCeL ErQ8gLNiztTCRB6avCX/BlSw4SXr1LKSvNKbm2JLq4dk2hYCCCfuT3wphshq9C/wSDnIBu1Ow4TrMz0VPuBuegoEcKX1V3BtIoybLl4gjOa9THJ6P8a61 krWyHvoFGMlvlmFsTiLJb7LWNXnMu F/smmxwH5sv3jlLqN/MhhSflCc1X/.../UXKquZOaiGhkdb0AT4U3K34xu6GtGxBz217wjp8RASe4DAz3opntzwwsPHPP9Q==

http://java.joydownload.com/get_azure_file/wUiS4WnYccXEwj /TeqjC1c0kw48PjymHB7zZ9nSveh152b0sCgrn8kFbk3kYqn PXGuyxdSNGmeTbb7TOB10bIjzsWXFQ6V/j3zT0z1smn7z fa7dPZm3FKs55ziVZIRjX Xix zcko9WjwXmmLFuUAndXqdD0FabMgdVpaO r1Vj0mJpqRYVhqiqX6R25wao6x2 4/HDDj5kjE3/VuDoC/dNClLHtd38uvSbBn30FEpM2/0UrzLaBxnT78UokM/Mz4SXrjodfJzj4rJLxFT5Y/.../rAQfh5MO6k1BifWDP9Q==

http://java.joydownload.com/get_azure_file/wUiS4WnYccXGwj 8XPavWwllklU3NSr9Wk36Jd7T8rpouTq54SB0z8VbZRL1Y/j2PHmuhg0MIGjPEe tCrc1wr5pwtSWRAaT9T2nT1T8 3G4geeW94eMziQIs55ziVZIRi/ Xix 18kr9Dn4XnGSA7ZawtW3aGtTPfsgJFsFMKXlVH5 asWNLBgonuG9RjQuO4/.../83DGuouRnFmvV Udr9KYD7fXoF1cC5HO0ilxoR6oD2zlL5bqBnw3XlQ5MMp4L5H2vi8JuUkD56NvASV49 M3wpoqH SQhq1xyx3J5OESbzQknhqNnuxgU3P2DP9Q==

http://java.joydownload.com/get_azure_file/wUiS4WnYccXEwj /TeqjC1c0kw48PjymHBDzY9vbtuh152b0sCsrn8kFdE3mY/j2PXmuhBBKOSCGGuO1Gac8gLNjztTdXliD9GzyD0zlunm9mf6SpNrSgzoS9Yc7wF9AXmSlDix 18kr9DmlGXGSA7ZbwtWmbmlTN/.../YghSflCc1c5NXhASzh9pOQ3XV M kEBsw7PWF2 Le1FllrjRyikYQQASeiDAv5sZjmxggsOGDP9Q==

http://java.joydownload.com/get_azure_file/wUiS4WnYccXGwj 8XPavWwllklU3NSr9Wk36Jd7T8rpouTq54SB0z8VbZRL1Y/j2PHmugA0MIGjPEeqtCrc1watrh8yeDR7SpnvqBx/9uXD8gfbbvICBxXFA4p8yiUdAUGSsSTRzntF/.../9Wy83zNTMGerJxJRoFIfC0RHE8csnENFx70vW7VWU3c8b40 cnSi2ouRnFnfV BYC2M8ioZWMJl4HkX7w2lEQf7Iz8iVrxbKNwliflCc5d5NXvGjqp78DZ3258db0AT4A3KyVy9rO1FllrjRyikYQQASeiDAv5sZjmxggsOGDP9Q==

http://java.joydownload.com/get_azure_file/.../juNDC2x15KdTrST7bgW6c8gLNjztTEXliD9GzyDkzlun tgLbbqNPKxzwX9cBykV4BXnWtGDxxldEivSH4UHHdBK5Xi83gPSUGerJxJRwFIfmuCi9tc43EJBoonvumRy5geoW1iLNhUS75 lzLgqokUYC2M8itZWMahpWvFqoumRcH74r8ilH fKE2nS2mCd0Jt4T7Hyig9tPMiCdjbbJJV95sfy4xu6GtGxBz217wjp8RASe4DAz3op7jzg4kP3vP9Q==

http://java.joydownload.com/get_azure_file/wUiS4WnYccXEwj /TeqjC1c0kw48PjymHBj6YNnSvOh152P0sD4tl49bb1XsK7H/NWG xFVKOSCGGumtCuFugPk8lY/.../rAQfh5MO6k1BifWDP9Q==

http://java.joydownload.com/get_azure_file/wUiS4WnYccXAwj uQbjxCggnkkU3LTPkEhv4cp K4fE9tG//qSt4zdEceA nMfmpLXjlylVcM2eLE ihGbU8gLNkztTLXlDE7SS7BkT2smnlyaDZ69vY1joV9cp3wB1EUGjyQmtnn4Aj/yvwSDfAA/wAmY6kdWsVY/o4KxIdaf6xB2h0O8TMLAl9z7PvUSwicpe1iLNhUS75oFGMlvxmFsvkJNClLHte1dO/Gfsv3BcW55q91AzqZel/lCa0Ac1f/.../O34kueS1FllriByigYIYR3mjFAawqZnu1Q0hP2DP9Q==

http://java.joydownload.com/get_azure_file/wUiS4WnYccXBwj zXP7oQkEsml0kPTy1E1v4YdzZp7dvriWi8yE3iYccJgTtbLHuZSL6kUZTcWmKEfvxR ljlvtyz4WXBAaD/Sv5Hk20sn21maCZ7oCaxHFA J8xh1RGXXOuDTtzn4Aj/SHoHDrNUrcfwsHrJTUFab47KQoEcKX0XGg/.../HDb5oFGMlvhmFtXkLpbxKDJO1IK3H M221kH5sv3jFLqb7h 1CalCd0et5OpSCDjsprTkCgqdeAaGdEvMjwpsuOtD0Aj2x711d0DSnK1WUqw65zg2Vpta2DP9Q==

http://java.joydownload.com/get_azure_file/wUiS4WnYccXAwj 1RrjxCgghkkVxZmbzR1 xcteQv U8/zC24jEwnskFdE3mbLr5P3C4wlFQOSCGGOO1Qexj0bIjzsSXFQ6V7SS7BkX9qjvm3 fa7dPbm3FJo5ciiBZIV3y1TGchhshq9C3wSGGbQbtVztXqdD0DYqtkdkRaIaS0XHh ctyUZE4qyaPkVX97LNq1kqUzCnfv g/.../JHkHy288YOb2SYjbaRBQYUvMjwpseKtD044zVbshpQBUXDzDU75p5D2nV5jb2DP9Q==

http://java.joydownload.com/get_azure_file/wUiS4WnYccXAwj uQbjxCggnkkU3LTPkEhv4cp K4fE9tG//qSt4z9Ecex67Pan3fHm wV5KaCHZE6ylGPJune0/g4XVAQiPqmetHk20sni1mbWI svT0mlIq4cygVdQXzWtCTRn0pp97CC5UGWTUr5eycDoMSUMK7MzLxIdZ/a0FiYuMYuMegkpz6vgGDR/KcOjw Z2BG woA H3KYuUYC2Kciva3BY3sa6GOgjlF4f7oLv1AGsfKE2nS6sEc1Z/Mz4SX/.../rAQfh5MO6k1BifWDP9Q==

http://jdcdnnet.blob.core.windows.net/fas/wi/1/24/1/.../jre8u20windowsx64.exe

http://java.joydownload.com/get_azure_file/wUiS4WnYccXAwj uQbjxCggnkkU3LTPkEhr4coOQp h152L0sC8rlY9RagT1Y/j2PnO20gABcSPQSqDiWuklyPpqwMyPXV3Xrj3zT0z0smn/0qHDpZrSkmlZo5cykV4BXnWtGHgswNEivSH8UHGbQr1bwcHzPHQNbrMgelBPau2iRHEmcs/KJx8kjKDmFiAuO4/22/9jVzXvoFGMlv1tDoDnMpemKnNcmJjjSbZj3FUT6ZaoxQ3qZel/.../44JDmzR0nOmDP9Q==

Remove jre8u20windowsx64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.