× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 65d01ce15f1cf78bb72bae2d6b5e4e7c91d3bc8a43fa246e5eb91ca94b6649bf
File name: f4945d82594e01d6edae29263f09d4a61d2821f6
Detection ratio: 44 / 67
Analysis date: 2018-04-02 05:47:13 UTC ( 1 year ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.478702 20180402
AegisLab Exploit.W32.Bypassuac!c 20180402
ALYac Gen:Variant.Graftor.478702 20180402
Antiy-AVL Trojan[Exploit]/Win32.BypassUAC 20180402
Arcabit Trojan.Graftor.D74DEE 20180402
Avast Win32:Malware-gen 20180402
AVG Win32:Malware-gen 20180402
Avira (no cloud) TR/AD.Remcos.yhvij 20180401
AVware Trojan.Win32.Generic!BT 20180402
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20180330
BitDefender Gen:Variant.Graftor.478702 20180402
Comodo .UnclassifiedMalware 20180402
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170201
Cylance Unsafe 20180402
DrWeb Trojan.PWS.Stealer.23506 20180402
Emsisoft Gen:Variant.Graftor.478702 (B) 20180402
Endgame malicious (high confidence) 20180316
ESET-NOD32 a variant of Win32/Injector.DWVT 20180402
F-Secure Gen:Variant.Graftor.478702 20180402
Fortinet W32/Injector.DWVA!tr 20180402
GData Gen:Variant.Graftor.478702 20180402
Ikarus Trojan.Win32.Injector 20180401
Sophos ML heuristic 20180121
K7AntiVirus Trojan ( 0052b73d1 ) 20180402
K7GW Trojan ( 0052b73d1 ) 20180401
Kaspersky Exploit.Win32.BypassUAC.kdj 20180402
MAX malware (ai score=97) 20180402
McAfee Packed-FCJ!C739AFC35A47 20180402
McAfee-GW-Edition BehavesLike.Win32.Packed.cm 20180402
Microsoft Trojan:Win32/Vibem!rfn 20180402
eScan Gen:Variant.Graftor.478702 20180402
Palo Alto Networks (Known Signatures) generic.ml 20180402
Panda Trj/GdSda.A 20180401
Qihoo-360 Win32/Trojan.Exploit.988 20180402
Rising Trojan.Injector!1.B0EA (CLASSIC) 20180402
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Generic-S 20180402
Symantec Trojan.Gen.2 20180401
Tencent Win32.Exploit.Bypassuac.Sxef 20180402
TrendMicro TSPY_HPFAREIT.SMVB 20180402
TrendMicro-HouseCall TSPY_HPFAREIT.SMVB 20180402
VIPRE Trojan.Win32.Generic!BT 20180402
Yandex Exploit.BypassUAC! 20180331
ZoneAlarm by Check Point Exploit.Win32.BypassUAC.kdj 20180402
AhnLab-V3 20180402
Alibaba 20180330
Avast-Mobile 20180401
Bkav 20180331
CAT-QuickHeal 20180402
ClamAV 20180401
CMC 20180401
Cybereason 20180225
Cyren 20180402
eGambit 20180402
F-Prot 20180402
Jiangmin 20180402
Kingsoft 20180402
Malwarebytes 20180402
NANO-Antivirus 20180402
nProtect 20180402
SUPERAntiSpyware 20180402
Symantec Mobile Insight 20180401
TheHacker 20180330
TotalDefense 20180402
Trustlook 20180402
VBA32 20180330
ViRobot 20180402
WhiteArmor 20180324
Zillya 20180330
Zoner 20180401
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2017

Product Java(TM) Platform SE 8 U151
Original name ssvagent.exe
Internal name ssvagent
File version 11.151.0002
Description Java(TM) Platform SE binary
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-16 15:24:00
Entry Point 0x0000127C
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(518)
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaI4Cy
_adj_fdivr_m64
_adj_fprem
Ord(607)
_adj_fpatan
EVENT_SINK_AddRef
Ord(693)
__vbaStrToUnicode
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaUbound
__vbaVarAdd
Ord(589)
Ord(100)
__vbaFreeVar
__vbaObjSetAddref
_adj_fdiv_r
Ord(520)
_adj_fdiv_m64
_CIsin
_CIsqrt
_adj_fdivr_m32
_CIlog
__vbaVarTstGt
_allmul
__vbaStrVarVal
_CIcos
__vbaFreeStr
_adj_fptan
Ord(610)
__vbaVarMove
__vbaErrorOverflow
_CIatan
Ord(540)
__vbaNew2
__vbaR8IntI4
_adj_fdivr_m32i
_CItan
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
__vbaVarDup
__vbaFpI4
Ord(698)
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
11.151

FileSubtype
0

FileVersionNumber
11.151.0.2

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Java(TM) Platform SE binary

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
73728

EntryPoint
0x127c

OriginalFileName
ssvagent.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017

FileVersion
11.151.0002

TimeStamp
2015:12:16 16:24:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ssvagent

ProductVersion
11.151.0002

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Oracle Corporation

CodeSize
770048

ProductName
Java(TM) Platform SE 8 U151

ProductVersionNumber
11.151.0.2

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c739afc35a475a56ed91bbe6c3e94e75
SHA1 4f920dc2260727ac2da863e87e982f7924d73234
SHA256 65d01ce15f1cf78bb72bae2d6b5e4e7c91d3bc8a43fa246e5eb91ca94b6649bf
ssdeep
12288:SnMtfUireG5jqhaZLNRfnZNlEVAFhHhUlbC9WUoZZwo0kQy25EtBzQAN/2vD:SMtcdGDmiovQy25EtBzQAN/2v

authentihash e601eeb998a26097fb5b58e716768a2fa780eb9be8b02471e71bea083514b5c9
imphash 06c8a6ca8b1c2fec2caf52aee6cedc7a
File size 828.0 KB ( 847872 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-28 06:00:51 UTC ( 1 year ago )
Last submission 2018-05-24 17:59:08 UTC ( 11 months ago )
File names ssvagent.exe
ssvagent
asddfr33455rr4rfrr.exe
f4945d82594e01d6edae29263f09d4a61d2821f6
hugo.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Searched windows
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.