× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fffaf2ddf236b0a7c1ec8e94a26dd91dc0380e584a0ae98c94c3933eacd188cb
File name: java
Detection ratio: 0 / 70
Analysis date: 2019-04-10 05:53:06 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Acronis 20190409
Ad-Aware 20190410
AegisLab 20190410
AhnLab-V3 20190410
Alibaba 20190402
ALYac 20190410
Antiy-AVL 20190410
Arcabit 20190410
Avast 20190410
Avast-Mobile 20190409
AVG 20190410
Avira (no cloud) 20190409
Babable 20180918
Baidu 20190318
BitDefender 20190410
Bkav 20190409
CAT-QuickHeal 20190409
ClamAV 20190409
CMC 20190321
Comodo 20190410
CrowdStrike Falcon (ML) 20190212
Cybereason 20190403
Cylance 20190410
Cyren 20190410
DrWeb 20190410
eGambit 20190410
Emsisoft 20190410
Endgame 20190403
ESET-NOD32 20190410
F-Prot 20190410
F-Secure 20190410
FireEye 20190410
Fortinet 20190410
GData 20190410
Ikarus 20190409
Sophos ML 20190313
Jiangmin 20190410
K7AntiVirus 20190409
K7GW 20190410
Kaspersky 20190410
Kingsoft 20190410
Malwarebytes 20190410
MAX 20190410
McAfee 20190410
McAfee-GW-Edition 20190409
Microsoft 20190409
eScan 20190410
NANO-Antivirus 20190410
Palo Alto Networks (Known Signatures) 20190410
Panda 20190409
Qihoo-360 20190410
Rising 20190410
SentinelOne (Static ML) 20190407
Sophos AV 20190410
SUPERAntiSpyware 20190404
Symantec 20190410
Symantec Mobile Insight 20190408
TACHYON 20190410
Tencent 20190410
TheHacker 20190405
Trapmine 20190325
TrendMicro 20190410
TrendMicro-HouseCall 20190410
Trustlook 20190410
VBA32 20190409
ViRobot 20190410
Webroot 20190410
Yandex 20190408
Zillya 20190409
ZoneAlarm by Check Point 20190410
Zoner 20190409
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2016

Product Java(TM) Platform SE 8
Original name java.exe
Internal name java
File version 8.0.1120.15
Description Java(TM) Platform SE binary
Signature verification Signed file, verified signature
Signing date 6:12 AM 9/23/2016
Signers
[+] Oracle America, Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 12:00 AM 04/14/2015
Valid to 11:59 PM 04/13/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 3B75816D15A6D8F4598E9CF5603F1839EE84D73D
Serial number 12 F0 27 7E 0F 23 3B 39 F9 41 9B 06 E8 CD E3 52
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 12/10/2013
Valid to 11:59 PM 12/09/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 11/08/2006
Valid to 11:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 12:00 AM 10/18/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine x64
Compilation timestamp 2016-09-23 04:40:41
Entry Point 0x0000A8C0
Number of sections 6
PE sections
Overlays
MD5 868a90c8e2e6122d07985feb172078bd
File type data
Offset 200704
Size 6208
Entropy 7.32
PE imports
RegOpenKeyExA
RegEnumKeyA
RegQueryValueExA
RegCloseKey
InitCommonControlsEx
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
EncodePointer
FlsGetValue
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
FindClose
FormatMessageA
SetLastError
PeekNamedPipe
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlsSetValue
GetModuleFileNameA
HeapSetInformation
RtlVirtualUnwind
UnhandledExceptionFilter
MultiByteToWideChar
GetModuleHandleA
CreateThread
SetEnvironmentVariableW
GetExitCodeThread
SetUnhandledExceptionFilter
ExitThread
DecodePointer
SetEnvironmentVariableA
TerminateProcess
SetEndOfFile
GetVersion
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
LoadLibraryA
GetStartupInfoW
GetProcAddress
GetProcessHeap
CompareStringW
GetFileInformationByHandle
FindFirstFileExA
FindFirstFileA
GetCurrentThreadId
RtlLookupFunctionEntry
FindNextFileA
RtlUnwindEx
GetTimeZoneInformation
CreateFileW
GetFileType
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetCurrentProcessId
WideCharToMultiByte
HeapSize
FlsAlloc
GetCommandLineA
FlsFree
QueryPerformanceFrequency
SetFilePointer
ReadFile
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
CreateProcessA
IsValidCodePage
HeapCreate
Sleep
CharNextExA
MessageBoxA
Number of PE resources by type
RT_ICON 12
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 15
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
82432

ImageVersion
0.0

ProductName
Java(TM) Platform SE 8

FileVersionNumber
8.0.1120.15

LanguageCode
Neutral

FileFlagsMask
0x003f

FullVersion
1.8.0_112-b15

ImageFileCharacteristics
Executable, Large address aware

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
java.exe

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
8.0.1120.15

TimeStamp
2016:09:23 05:40:41+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
java

SubsystemVersion
5.2

ProductVersion
8.0.1120.15

FileDescription
Java(TM) Platform SE binary

OSVersion
5.2

FileOS
Win32

LegalCopyright
Copyright 2016

MachineType
AMD AMD64

CompanyName
Oracle Corporation

CodeSize
117248

FileSubtype
0

ProductVersionNumber
8.0.1120.15

EntryPoint
0xa8c0

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 e790ddf15d5f5880742e43e44b9725bb
SHA1 07cbce9fd809c024876a96a1ac03119036c2b810
SHA256 fffaf2ddf236b0a7c1ec8e94a26dd91dc0380e584a0ae98c94c3933eacd188cb
ssdeep
3072:fAivwgV/wTmkrTHjzvBQdT7qKBnusl/Kbi6oyQSqwTBfYG2ZX6ZLzjZqMN68un:WgSTmUHvOdT7duCKbi6ozzwTB/R5vbW

authentihash 82a6b9290a0cb4b462de474fce2155575a2c6dc6039df5ed89f5250071576929
imphash bb9f83f2ccf071025cfcf6c07dc24b5c
File size 202.1 KB ( 206912 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID InstallShield setup (46.1%)
Win64 Executable (generic) (29.6%)
Microsoft Visual C++ compiled executable (generic) (17.7%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
Tags
64bits peexe assembly signed overlay

VirusTotal metadata
First submission 2016-10-18 22:52:06 UTC ( 2 years, 7 months ago )
Last submission 2018-01-17 12:41:47 UTC ( 1 year, 4 months ago )
File names java.exe
126f7be.rbf
java.exe
java.exe_
[8]java.exe
java.exe
java.exe
i4j4935018098405191578.tmp
java
i4j1877072132803644387.tmp
FFFAF2DDF236B0A7C1EC8E94A26DD91DC0380E584A0AE98C94C3933EACD188CB
java.exe
java.exe
java.exe
8487b733-d809-43ba-93bc-11e5db0aba47java.exe
path_hash-71c321004d148a096dc1c9c787cbcd733a656a9cbcc9b2773de1350cda9974a6
FFFAF2DDF236B0A7C1EC8E94A26DD91DC0380E584A0AE98C94C3933EACD188CB.exe
java.exe
i4j8842018477347863361.tmp
227251.tmpscan
i4j2244599959947630172.tmp
i4j7197637754973924523.tmp
9a2a731.tmpscan
b9917d2.tmpscan
is-gr1dt.tmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!