» java.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

java.exe

The executable java.exe has been detected as malware by 4 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘apo5’. While running, it connects to the Internet address mailrelay.203.website.ws on port 80 using the HTTP protocol.

File name:

java.exe

MD5:

595279c80c6c25f8156b7b390450020c

SHA-1:

617ee255d777cc31896fcbce436d517798760b54

SHA-256:

262b89955e1cd222b024fef5b391b0d21de681394bd2f2135fbff3b0c640b7a6

Scanner detections:

4 / 68

Status:

Malware

Analysis date:

11/16/2024 7:27:59 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Xpirat

160917-0

Clam AntiVirus

Win.Trojan.Agent-1379661

0.98/23183

Dr.Web

Trojan.DownLoader22.23546

9.0.1.05190

F-Prot

New or modified Expiro

4.6.5.141

File size:

982.5 KB (1,006,080 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

3/27/2011 2:06:40 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.20

Entry address:

0x12C0

Entry point:

60, 55, 89, E5, 81, EC, 08, 01, 00, 00, C7, 45, EC, 06, 00, 00, 00, C7, 45, F4, 04, 00, 00, 00, 83, 65, F8, 00, 8B, 45, EC, 83, E8, 06, 89, 45, F0, C7, 45, B8, 4C, 3A, 00, 00, C7, 45, E8, 79, D2, 64, F3, B8, 4D, 01, 00, 00, F7, 65, B8, 89, 45, 90, 89, 45, F8, C7, 45, F0, 03, 55, 00, 00, 81, 45, F0, 4C, 13, 00, 00, 81, 45, F0, B1, 4F, 03, 00, 8B, 45, F4, 03, 45, EC, 83, E8, 0A, 89, 45, C4, 81, 45, F8, D4, 1D, 00, 00, FF, 4D, E8, C7, 45, E4, 1A, 12, 00, 00, 8B, 45, E4, 29, 45, F8, C7, 45, DC, B0, F6, 4B, 00... 
[+]

Entropy:

6.9800

Code size:

232 KB (237,568 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

apo5

Command:

C:\win\msn.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to mailrelay.203.website.ws (64.70.19.203:80)

Remove java.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.