× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fa18c4f6cf710cc1cb846eff0c661373b9f73c3343feb0f936ee6b47014ea944
File name: fr12aaa.exe
Detection ratio: 11 / 68
Analysis date: 2018-05-03 06:31:03 UTC ( 9 months, 3 weeks ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180503
Bkav W32.HfsAdware.D281 20180502
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180418
Cylance Unsafe 20180503
eGambit PE.Heur.InvalidSig 20180503
ESET-NOD32 a variant of MSIL/Kryptik.NWA 20180503
Fortinet MSIL/Generic.AP.274458!tr 20180503
Kaspersky HEUR:Trojan-PSW.Win32.Generic 20180503
SentinelOne (Static ML) static engine - malicious 20180225
Symantec ML.Attribute.HighConfidence 20180503
ZoneAlarm by Check Point HEUR:Trojan-PSW.Win32.Generic 20180503
Ad-Aware 20180503
AegisLab 20180503
AhnLab-V3 20180503
Alibaba 20180503
ALYac 20180503
Antiy-AVL 20180503
Arcabit 20180503
Avast 20180503
Avast-Mobile 20180502
AVG 20180503
Avira (no cloud) 20180502
AVware 20180428
Babable 20180406
BitDefender 20180503
CAT-QuickHeal 20180503
ClamAV 20180503
CMC 20180502
Comodo 20180503
Cybereason None
Cyren 20180503
DrWeb 20180503
Emsisoft 20180503
Endgame 20180403
F-Prot 20180503
F-Secure 20180503
GData 20180503
Ikarus 20180502
Sophos ML 20180121
Jiangmin 20180503
K7AntiVirus 20180503
K7GW 20180503
Kingsoft 20180503
Malwarebytes 20180503
MAX 20180503
McAfee 20180503
McAfee-GW-Edition 20180503
Microsoft 20180503
eScan 20180503
NANO-Antivirus 20180503
nProtect 20180503
Palo Alto Networks (Known Signatures) 20180503
Panda 20180502
Qihoo-360 20180503
Rising 20180503
Sophos AV 20180502
SUPERAntiSpyware 20180503
Symantec Mobile Insight 20180501
Tencent 20180503
TheHacker 20180430
TotalDefense 20180503
TrendMicro 20180503
TrendMicro-HouseCall 20180503
Trustlook 20180503
VBA32 20180502
VIPRE 20180503
ViRobot 20180503
Webroot 20180503
Yandex 20180428
Zillya 20180502
Zoner 20180502
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2018

Product Java(TM) Platform SE 8
Original name rmiregistry.exe
Internal name rmiregistry.exe
File version 4.2.5.6
Description rmiregistry
Comments Java(TM) Platform SE binary
Signature verification The digital signature of the object did not verify.
Signing date 2:25 AM 5/26/2018
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-03 04:56:45
Entry Point 0x000824AE
Number of sections 3
.NET details
Module Version ID 411f53e2-bfb7-4d1c-bf1a-888868f31417
PE sections
Overlays
MD5 fd6b3326f3ec13b287e3c811c25db921
File type data
Offset 576512
Size 12928
Entropy 7.33
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
PE resources
ExifTool file metadata
CodeSize
525824

SubsystemVersion
4.0

Comments
Java(TM) Platform SE binary

InitializedDataSize
50176

ImageVersion
0.0

ProductName
Java(TM) Platform SE 8

FileVersionNumber
4.2.5.6

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
11.0

FileTypeExtension
exe

OriginalFileName
rmiregistry.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.2.5.6

TimeStamp
2018:05:03 05:56:45+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
rmiregistry.exe

ProductVersion
4.2.5.6

FileDescription
rmiregistry

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2018

MachineType
Intel 386 or later, and compatibles

CompanyName
Oracle Corporation

LegalTrademarks
rmiregistry

FileSubtype
0

ProductVersionNumber
4.2.5.6

EntryPoint
0x824ae

ObjectFileType
Executable application

AssemblyVersion
8.0.2.6

File identification
MD5 c6ecc9e2a17ad00d09b3ead6c1f333f9
SHA1 965d636562e120fbc204b1dc2159f577f4516d73
SHA256 fa18c4f6cf710cc1cb846eff0c661373b9f73c3343feb0f936ee6b47014ea944
ssdeep
12288:W2fSRHrD3yXWWcKk2H+XMM/eQYIuynBHkvbtihJMIHoB:W2fSRHrD3yGWcKk2LQYIFHkv+k

authentihash f6c4b963ab58872344db8562476759ff5e6d2dd14b952abe6f21d1b277dcec47
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 575.6 KB ( 589440 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2018-05-03 06:31:03 UTC ( 9 months, 3 weeks ago )
Last submission 2018-05-26 01:25:42 UTC ( 8 months, 4 weeks ago )
File names b648e32f9f94898280f0a2825e47e81d63d46deb
rmiregistry.exe
fr12aaa.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!