× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0269ac833206d9b59d6293888e4f8bc19e124ae4a0b1dc7a33acb2fbaccc33b8
File name: 5fb33a3f7cff06f5c2d36955b0eb136d06093669
Detection ratio: 10 / 55
Analysis date: 2014-10-12 23:45:33 UTC ( 4 years, 5 months ago )
Antivirus Result Update
AegisLab Troj.W32.Gen 20141013
Antiy-AVL Trojan[Spy]/Win32.Zbot 20141012
Avast Win32:Malware-gen 20141012
AVware Trojan.Win32.Reveton.af (v) 20141013
ESET-NOD32 a variant of Generik.KQMLAUW 20141012
Kaspersky Trojan-Spy.Win32.Zbot.ujds 20141012
McAfee-GW-Edition BehavesLike.Win32.Virut.fm 20141012
Microsoft PWS:Win32/Zbot 20141012
Rising PE:Malware.FakeDOC@CV!1.9C3C 20141012
VIPRE Trojan.Win32.Reveton.af (v) 20141012
Ad-Aware 20141012
Yandex 20141012
AhnLab-V3 20141012
AVG 20141012
Avira (no cloud) 20141012
Baidu-International 20141012
BitDefender 20141013
Bkav 20141011
ByteHero 20141013
CAT-QuickHeal 20141011
ClamAV 20141012
CMC 20141009
Comodo 20141012
Cyren 20141013
DrWeb 20141012
Emsisoft 20141013
F-Prot 20141013
F-Secure 20141012
Fortinet 20141013
GData 20141013
Ikarus 20141012
Jiangmin 20141012
K7AntiVirus 20141010
K7GW 20141011
Kingsoft 20141013
Malwarebytes 20141013
McAfee 20141012
eScan 20141012
NANO-Antivirus 20141012
Norman 20141012
nProtect 20141012
Panda 20141012
Qihoo-360 20141013
Sophos AV 20141012
SUPERAntiSpyware 20141011
Symantec 20141012
Tencent 20141013
TheHacker 20141010
TotalDefense 20141012
TrendMicro 20141013
TrendMicro-HouseCall 20141012
VBA32 20141010
ViRobot 20141012
Zillya 20141012
Zoner 20141010
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher ORacle Corporation
File version 7.0.40.20
Description Java(TM) Platform SE binary
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-11 09:43:18
Entry Point 0x000026C0
Number of sections 3
PE sections
PE imports
SetSecurityDescriptorDacl
RegEnumValueW
RegCloseKey
CloseEventLog
FreeSid
RegQueryValueExA
RegEnumKeyW
InitializeSecurityDescriptor
RegOpenKeyExA
ReadEventLogW
RegOpenKeyExW
OpenEventLogW
SetSecurityInfo
RegOpenKeyW
CancelDC
GetTextCharset
CreateMetaFileW
GetLastError
HeapFree
GetDriveTypeW
ReleaseMutex
VirtualAllocEx
FileTimeToSystemTime
GetFileAttributesA
FindVolumeClose
EnterCriticalSection
WaitForSingleObject
HeapAlloc
IsBadWritePtr
lstrcmpiW
FindNextVolumeW
lstrlenW
GetVolumePathNamesForVolumeNameW
DeleteCriticalSection
FileTimeToLocalFileTime
FindNextFileW
GetFileSize
GetCommandLineW
FileTimeToDosDateTime
MultiByteToWideChar
GetFileInformationByHandle
DeleteFileW
lstrcatW
GetProcessHeap
CreateFileMappingW
GetModuleHandleA
lstrcpyW
FindFirstVolumeW
WideCharToMultiByte
MapViewOfFile
ExpandEnvironmentStringsW
ReadFile
CreateMutexW
GetVolumeNameForVolumeMountPointW
OpenMutexW
FindFirstFileW
LocalFree
InitializeCriticalSection
UnmapViewOfFile
CreateFileW
FindClose
IsBadReadPtr
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
LocalAlloc
SetLastError
CloseHandle
LoadIconA
GetInputState
LoadIconW
GetCursor
wsprintfW
GetSysColor
GetKeyboardType
GetKeyState
wcsncmp
__p__fmode
malloc
sscanf
wcscat
_wfopen
__getmainargs
_wcsnicmp
wcsftime
__doserrno
_waccess
_lseek
_wenviron
_open
printf
fread
_cexit
wcslen
_c_exit
wcscmp
_errno
fprintf
swscanf
_environ
_onexit
__initenv
_wtol
towlower
exit
_XcptFilter
wcsrchr
__setusermatherr
wcsncpy
_adjust_fdiv
_close
__CxxFrameHandler
_CxxThrowException
_wcsicmp
__p__commode
free
swprintf
sprintf
fclose
__dllonexit
_except_handler3
_write
_controlfp
memmove
localtime
_read
_wgetenv
remove
wcscpy
wcschr
_tempnam
time
_initterm
_exit
__set_app_type
_iob
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

FileDescription
Java(TM) Platform SE binary

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
7.0.40.20

LanguageCode
Neutral

FileFlagsMask
0x003f

FullVersion
1.7.0_04-b20

CharacterSet
Unicode

InitializedDataSize
383488

MIMEType
application/octet-stream

FileVersion
7.0.40.20

TimeStamp
2014:10:11 10:43:18+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:10:13 00:47:16+01:00

SubsystemVersion
5.0

OSVersion
5.0

FileCreateDate
2014:10:13 00:47:16+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ORacle Corporation

CodeSize
8704

FileSubtype
0

ProductVersionNumber
7.0.40.20

EntryPoint
0x26c0

ObjectFileType
Executable application

File identification
MD5 102f5539249beb2ab840075bbd5a1500
SHA1 d92ce4df8eade141407c8203d258ca23a35ed132
SHA256 0269ac833206d9b59d6293888e4f8bc19e124ae4a0b1dc7a33acb2fbaccc33b8
ssdeep
6144:vy3ch35SC0IzEJBJ/ZAyw0qyOjvesb6tSHZh2B1dlVCLnWdlVCLnWdlVhm4:vy3chJSQzwBtZhgZxb6on8m4

authentihash 774f6c7c902be17f80edbc112b0f9fd9c8558aaac516a8c119d17306e369eeb1
imphash 417afd9533df22d958fb9fc4bf717085
File size 384.0 KB ( 393216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-12 23:45:33 UTC ( 4 years, 5 months ago )
Last submission 2014-10-12 23:45:33 UTC ( 4 years, 5 months ago )
File names 0269ac833206d9b59d6293888e4f8bc19e124ae4a0b1dc7a33acb2fbaccc33b8.exe
5fb33a3f7cff06f5c2d36955b0eb136d06093669
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications