Xcitium Cloud Verdict

File Name: HEUR.Trojan.Win32.Generic-a3543a25e839c4b2ef7fa68f923c174aa73f79cbdcafc701bfd9577ed20fbc9e

File Type: PE32 executable (console) Intel 80386, for MS Windows, UPX compressed

SHA1: e25fc8b1d8a1880d3f194df90646c9032f2d76ab

MD5: 88a45f1c930af04c295f7a89f8983fe5

CREATED / DROPPED FILES

File Path	Type and Hashes

MATCH YARA RULES

Match Rules

STATIC FILE INFO

File Name:	HEUR.Trojan.Win32.Generic-a3543a25e839c4b2ef7fa68f923c174aa73f79cbdcafc701bfd9577ed20fbc9e
File Type:	PE32 executable (console) Intel 80386, for MS Windows, UPX compressed
SHA1:	e25fc8b1d8a1880d3f194df90646c9032f2d76ab
MD5:	88a45f1c930af04c295f7a89f8983fe5
First Seen Date:	2024-12-08 17:17:14.855782 ( 2024-12-08 17:17:14.855782 )
Number of Clients Seen:	2
Last Analysis Date:	2024-12-08 17:17:14.855782 ( 2024-12-08 17:17:14.855782 )
Human Expert Analysis Date:	2024-12-09 07:57:32.766371 ( 2024-12-09 07:57:32.766371 )
Human Expert Analysis Result:	Malware

ADDITIONAL FILE INFORMATION

PE Headers

Property	Value
magic literal enum	1
file type enum	6
debug artifacts	[]
number of sections	3
trid	[[64.2, u'UPX compressed Win32 Executable'], [15.6, u'Win32 Dynamic Link Library (generic)'], [10.6, u'Win32 Executable (generic)'], [4.7, u'Generic Win/DOS Executable'], [4.7, u'DOS Executable Generic']]
compilation time stamp	0x5403E840 [Mon Sep 1 03:30:08 2014 UTC]
LegalCopyright	Copyright \xa9 2012
InternalName	java
FileVersion	6.0.310.5
Full Version	1.6.0_31-b05
CompanyName	Sun Microsystems, Inc.
ProductName	Java(TM) Platform SE 6 U31
ProductVersion	6.0.310.5
FileDescription	Java(TM) Platform SE binary
OriginalFilename	java.exe
Translation	0x0000 0x04b0
entry point	0x41b790 (UPX1)
machine type	Intel 386 or later - 32Bit
file size	46738
ssdeep	768:NhP0kDE9N5dCA8J7VHXdrIniQaBTT+QQ+r1n4K8+C9TtIuCjaqUODvJVQ23:vsWE9N5dFu53dsniQaB/xZ14n7zIF+qj
sha256	a3543a25e839c4b2ef7fa68f923c174aa73f79cbdcafc701bfd9577ed20fbc9e
exifinfo	[{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/e/2/5/f/e25fc8b1d8a1880d3f194df90646c9032f2d76ab', u'EXE:OriginalFileName': u'java.exe', u'EXE:ProductName': u'Java(TM) Platform SE 6 U31', u'EXE:InternalName': u'java', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2024:12:08 17:17:05+00:00', u'EXE:InitializedDataSize': 4096, u'File:FileModifyDate': u'2024:12:08 17:16:49+00:00', u'EXE:FileVersionNumber': u'6.0.310.5', u'EXE:FileVersion': u'6.0.310.5', u'File:FileSize': u'46 kB', u'EXE:CharacterSet': u'Unicode', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Win32', u'EXE:ProductVersion': u'6.0.310.5', u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win32 EXE', u'EXE:CompanyName': u'Sun Microsystems, Inc.', u'File:FileName': u'e25fc8b1d8a1880d3f194df90646c9032f2d76ab', u'EXE:ImageVersion': 0.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 4.0, u'EXE:FullVersion': u'1.6.0_31-b05', u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'2014:09:01 03:30:08+00:00', u'EXE:FileFlagsMask': u'0x003f', u'EXE:LegalCopyright': u'Copyright \xa9 2012', u'EXE:LinkerVersion': 8.0, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows command line', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/e/2/5/f', u'EXE:FileDescription': u'Java(TM) Platform SE binary', u'EXE:EntryPoint': u'0x1b790', u'EXE:SubsystemVersion': 4.0, u'EXE:CodeSize': 45056, u'File:FileInodeChangeDate': u'2024:12:08 17:17:05+00:00', u'EXE:UninitializedDataSize': 65536, u'EXE:LanguageCode': u'Neutral', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'6.0.310.5'}]
mime type	application/x-dosexec
imphash	608623ae839fcac6578403190d291e5d

File Paths

File Path on Client	Seen Count
HEUR.Trojan.Win32.Generic-a3543a25e839c4b2ef7fa68f923c174aa73f79cbdcafc701bfd9577ed20fbc9e	1

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	MD5
UPX0	0x1000	0x10000	0x0	0.0	d41d8cd98f00b204e9800998ecf8427e
UPX1	0x11000	0xb000	0xaa00	7.8942387058	0a7e8153e89bb71d0e6e5d55ec15f1a9
.rsrc	0x1c000	0x1000	0x800	3.39885914779	51adbd2b6a36528e3e1ad403d8a30b29

PE Imports

GDI32.dll
- GetDeviceCaps
KERNEL32.DLL
- LoadLibraryA
- ExitProcess
- GetProcAddress
- VirtualProtect
mscms.dll
- CheckColors
msvcrt.dll
- srand
ole32.dll
- CoInitialize
WINMM.dll
- mmioRead

PE Resources

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 70184, u'sha256': u'0790a648794cf5f5a20d4a5c45baea2319e94a2dee1857fc1fb526290317f3bb', u'type': u'data', u'size': 1640}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 71840, u'sha256': u'41d2ec33e2248a4058058ffba1a94637c9cbe6444e9cf6e672ba5ddcd3ceb113', u'type': u'data', u'size': 744}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 72600, u'sha256': u'800c51eacaf0ff634179e8b38ae4ea91b78f32a9e7fff177d4986ba00dd2ee79', u'type': u'data', u'size': 488}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 73104, u'sha256': u'0dcf1c6a7a2d57f678932edbedca66925d8ee1b0054de485f70a2ffd6b3ff2b5', u'type': u'data', u'size': 296}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 73416, u'sha256': u'535d4c11ea361921031f892fffc2b42cb0cba09bf424879c54e97368b2086ab9', u'type': u'data', u'size': 3752}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 77184, u'sha256': u'95ea488a0e952a8a3cafa2f836f80e220a2c354ff04931c81bfa5b4ea5506296', u'type': u'data', u'size': 2216}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 79416, u'sha256': u'ba1f525ddf1854ae034b601b93f507832e942784cc599aa85ec412ad4962c58c', u'type': u'data', u'size': 1736}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 81168, u'sha256': u'0713ab2c5e4c64ca3d6dee810a21ac322e72c657edae16efb0f1a05f7e7dda0b', u'type': u'data', u'size': 1384}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 82568, u'sha256': u'bde2320e34194f1f0d5c7d4b49990b2bccc4b19f487c5ab73563ff02cf360524', u'type': u'data', u'size': 9640}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 92224, u'sha256': u'd7d6afe4cecb64334abfbbaeef60d96f49a5b5ed9244c86677f4653ad558af90', u'type': u'data', u'size': 4264}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 96504, u'sha256': u'1e61305901ac2e1caac0829b1729034cbd61d75c6f9767b99467bfafb0cf65bb', u'type': u'data', u'size': 2440}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 98960, u'sha256': u'3481c7db242c4b81c33525a08ce9153396df7b6a8e5bf16594ef6e0e113b4eff', u'type': u'data', u'size': 1128}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_GROUP_ICON', u'offset': 100104, u'sha256': u'45004060829aa76e9b782d28bf1c656ad594913c1731ed47ff57ec35369d5e1a', u'type': u'data', u'size': 174}

{u'lang': u'LANG_NEUTRAL', u'name': u'RT_VERSION', u'offset': 115452, u'sha256': u'752ff0d5928ecf0dfa6903671a9bd63bb56f385e674bef807be16943057c9ca3', u'type': u'data', u'size': 828}

CERTIFICATE VALIDATION

Loading...