| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | java.exe |
| File Type: | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows |
| SHA1: | 54bcf774774d5a64bb0f7641325f381443a5dfca |
| MD5: | c7ace8d52dbc590cb25b467528eb72b7 |
| First Seen Date: | 2023-07-02 09:05:08.654716 ( ) |
| Number of Clients Seen: | 3 |
| Last Analysis Date: | 2023-07-02 21:28:55.939511 ( ) |
| Human Expert Analysis Date: | 2023-07-03 10:20:41.088566 ( ) |
| Human Expert Analysis Result: | Malware |
| Property | Value |
|---|---|
| magic literal enum | 4 |
| file type enum | 7 |
| debug artifacts | [] |
| number of sections | 3 |
| trid | [[87.1, u'UPX compressed Win32 Executable'], [6.4, u'Generic Win/DOS Executable'], [6.4, u'DOS Executable Generic']] |
| compilation time stamp | 0x64A144E9 [Sun Jul 2 09:35:37 2023 UTC] |
| LegalCopyright | Copyright \xc2\xa9 2018 |
| FileVersion | 1.8.0_171-b11 |
| CompanyName | |
| ProductName | Java(TM) Platform SE 8 |
| ProductVersion | 1.8.0_171-b11 |
| FileDescription | Java(TM) Platform SE binary |
| OriginalFilename | java.exe |
| Translation | 0x0000 0x04b0 |
| entry point | 0x140740ea0 (UPX1) |
| machine type | AMD64 only, not Itaniums, with 0200 - 64 bit |
| file size | 1638400 |
| ssdeep | 49152:GXt17+Rfj3ppdpZjoNcUT93rADmMvRkvuYZ7D6:GaVjDhUNc299CuD6 |
| sha256 | 8af4b8a734f28ee133c6a388bc8737b414532a8294d5a6f095cd8f0fe0a113ef |
| exifinfo | [{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/5/4/b/c/54bcf774774d5a64bb0f7641325f381443a5dfca', u'EXE:OriginalFileName': u'java.exe', u'EXE:ProductName': u'Java(TM) Platform SE 8', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2023:07:02 09:04:26+00:00', u'EXE:InitializedDataSize': 12288, u'File:FileModifyDate': u'2023:07:02 09:04:26+00:00', u'EXE:FileVersionNumber': u'3.3.1.0', u'EXE:FileVersion': u'1.8.0_171-b11', u'File:FileSize': u'1600 kB', u'EXE:CharacterSet': u'Unicode', u'EXE:MachineType': u'AMD AMD64', u'EXE:FileOS': u'Win32', u'EXE:ProductVersion': u'1.8.0_171-b11', u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win64 EXE', u'EXE:CompanyName': u'', u'File:FileName': u'54bcf774774d5a64bb0f7641325f381443a5dfca', u'EXE:ImageVersion': 0.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 6.0, u'EXE:PEType': u'PE32+', u'EXE:TimeStamp': u'2023:07:02 09:35:37+00:00', u'EXE:FileFlagsMask': u'0x003f', u'EXE:LegalCopyright': u'Copyright \xc2\xa9 2018', u'EXE:LinkerVersion': 14.29, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/5/4/b/c', u'EXE:FileDescription': u'Java(TM) Platform SE binary', u'EXE:EntryPoint': u'0x740ea0', u'EXE:SubsystemVersion': 6.0, u'EXE:CodeSize': 1626112, u'File:FileInodeChangeDate': u'2023:07:02 09:04:26+00:00', u'EXE:UninitializedDataSize': 5980160, u'EXE:LanguageCode': u'Neutral', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'3.3.1.0'}] |
| mime type | application/x-dosexec |
| imphash | bb388b5fb16beacfa2a7403d25eaa8c4 |
| File Path on Client | Seen Count |
|---|---|
| 54bcf774774d5a64bb0f7641325f381443a5dfca | 1 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| UPX0 | 0x1000 | 0x5b4000 | 0x0 | 0.0 | d41d8cd98f00b204e9800998ecf8427e |
| UPX1 | 0x5b5000 | 0x18d000 | 0x18ce00 | 7.99978751176 | 3e8cdb9544e42c7fa85a73c2acec4e45 |
| .rsrc | 0x742000 | 0x3000 | 0x2e00 | 5.67580083649 | a5e68c44143c4320ccf9f337f19dddee |
-
ADVAPI32.dll
- LsaClose
-
bcrypt.dll
- BCryptGenRandom
-
CRYPT32.dll
- CertOpenStore
-
IPHLPAPI.DLL
- GetAdaptersAddresses
-
KERNEL32.DLL
- LoadLibraryA
- ExitProcess
- GetProcAddress
- VirtualProtect
-
ole32.dll
- CoInitializeEx
-
PSAPI.DLL
- GetProcessMemoryInfo
-
USER32.dll
- ShowWindow
-
USERENV.dll
- GetUserProfileDirectoryW
-
WS2_32.dll
- ioctlsocket
{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 7610676, u'sha256': u'752046db2d5ba9b48214cfdc907886277a63ca3638eb1d38a00f207878da0a7d', u'type': u'data', u'size': 9640}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_GROUP_ICON', u'offset': 7620320, u'sha256': u'6eb54801f91b6d8effccbfaefe6b2d7705a274a75940e6226e24e0d4ec58c396', u'type': u'MS Windows icon resource - 1 icon, 48x48', u'size': 20}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_VERSION', u'offset': 7620344, u'sha256': u'337dcde727e6203f36765a9d8cce1e0f3dab983cd4921bb10481dd49e476b009', u'type': u'data', u'size': 684}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_MANIFEST', u'offset': 7621032, u'sha256': u'49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e', u'type': u'ASCII text, with CRLF line terminators', u'size': 346}