× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 49608f98944623321de3a8a46fa1e6f90926b6b1a51c9edd173ff1eac669705c
File name: JavaJREInstaller.exe
Detection ratio: 11 / 46
Analysis date: 2013-08-22 13:58:28 UTC ( 5 years, 9 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Fareit 20130822
DrWeb Trojan.PWS.Panda.2977 20130822
ESET-NOD32 Win32/Spy.Zbot.AAO 20130822
Fortinet W32/Kryptik.FA!tr 20130822
Kaspersky Trojan-Spy.Win32.Zbot.otpl 20130822
McAfee Artemis!00CE434CF737 20130822
McAfee-GW-Edition Artemis!00CE434CF737 20130822
Panda Trj/Genetic.gen 20130822
SUPERAntiSpyware Heur.Agent/Gen-WhiteBox 20130822
Symantec Suspicious.Cloud.5 20130822
VIPRE Trojan.Win32.ZAccess.bnc (v) 20130822
Yandex 20130821
AntiVir 20130822
Antiy-AVL 20130822
Avast 20130822
AVG 20130822
BitDefender 20130822
ByteHero 20130817
CAT-QuickHeal 20130822
ClamAV 20130822
Commtouch 20130822
Comodo 20130822
Emsisoft 20130822
F-Prot 20130822
F-Secure 20130822
GData 20130822
Ikarus 20130822
Jiangmin 20130822
K7AntiVirus 20130821
K7GW 20130821
Kingsoft 20130723
Malwarebytes 20130822
Microsoft 20130822
eScan 20130822
NANO-Antivirus 20130822
Norman 20130822
nProtect 20130822
PCTools 20130822
Rising 20130822
Sophos AV 20130822
TheHacker 20130822
TotalDefense 20130821
TrendMicro 20130822
TrendMicro-HouseCall 20130822
VBA32 20130822
ViRobot 20130822
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command UPX
F-PROT NSIS
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2003-10-20 19:05:52
Entry Point 0x00002D04
Number of sections 8
PE sections
PE imports
CreateHalftonePalette
EnumFontsW
ResizePalette
CreateHatchBrush
GetNearestColor
GetLayout
GetSystemWindowsDirectoryW
GetUserDefaultLCID
GetCurrentProcess
GetTickCount
GetProcessHeap
GetAsyncKeyState
GetCaretBlinkTime
VkKeyScanA
GetFocus
GetDC
GetMenuItemID
PE exports
Number of PE resources by type
RT_MENU 10
RT_ICON 1
MUI 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 13
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2003:10:20 20:05:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
30720

LinkerVersion
55.55

FileTypeExtension
exe

InitializedDataSize
188928

SubsystemVersion
5.1

EntryPoint
0x2d04

OSVersion
17.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 00ce434cf7377fb22e627b194be4e5ce
SHA1 855e6b45b2c9491e550049aa24a564c0b02ffd2e
SHA256 49608f98944623321de3a8a46fa1e6f90926b6b1a51c9edd173ff1eac669705c
ssdeep
3072:siu8bnA5ObfsyQRL6i1vf2lk42V/dGepmu2epFkrL2QsDOeaTQ0HK9nDytkU3O:iQbQLkVQ/mUU2QsD7aTOikU

authentihash f3f1bc73068100b2ad969cf1c7fef5cb485b5f839e542738298a49c2bc7847fc
imphash 809404e07477e501b4a24e1dd0f167cf
File size 215.5 KB ( 220672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2013-08-22 10:57:54 UTC ( 5 years, 9 months ago )
Last submission 2016-05-27 13:54:18 UTC ( 2 years, 11 months ago )
File names 2cba367c514341557a81ca53e915d7981da87cce
updates.01.exe.vir
14313308
invoiceE76TI8Q77G9OGH2YMB.JPG.exe
updates_exe
00ce434cf7377fb22e627b194be4e5ce.exe
file-5866500_
JavaJREInstaller.exe
855e6b45b2c9491e550049aa24a564c0b02ffd2e
updates.exe
updates.exe-ucTv5M
output.14313308.txt
Ja9Ui8BV.vcf
aa
855e6b45b2c9491e550049aa24a564c0b02ffd2e_updates.ex
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!