home

java.exe

The application java.exe has been detected as a potentially unwanted program by 30 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.1freedown.com and multiple other hosts.
MD5:
49b2d48bef148bea3db885a41b23b5d2

SHA-1:
679ecc708bfddfcf069e17c2fadd3b796bb3c3d4

SHA-256:
a26ba5653ad26849ab4daf28eef2cddb69933ef8e96e155cbbfb445acb957166

Scanner detections:
30 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/30/2024 11:30:50 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Outbrowse.A
904

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2014.05.24

Avira AntiVirus
APPL/Downloader.Gen
7.11.151.88

avast!
Win32:Malware-gen
2014.9-140814

AVG
MalSign.OutBrowse
2015.0.3382

Baidu Antivirus
HackTool.Win32.OutBrowse
4.0.3.14814

Bitdefender
Application.Bundler.Outbrowse.A
1.0.20.1130

Comodo Security
Application.Win32.OutBrowse.~A
17925

Dr.Web
Adware.Downware.1676
9.0.1.0226

Emsisoft Anti-Malware
Gen:Variant.Dropper.99
8.14.10.30.10

ESET NOD32
Win32/OutBrowse (variant)
8.9308

Fortinet FortiGate
Riskware/NSIS_OutBrowse
8/14/2014

F-Secure
Application.Bundler.Outbrowse
11.2014-14-08_5

G Data
Application.Bundler.Outbrowse
14.8.24

IKARUS anti.virus
not-a-virus:Downloader.NSIS
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.175.10881

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.3407

Malwarebytes
PUP.Optional.OutBrowse
v2014.08.14.03

McAfee
Artemis!9DDCBF0D0925
5600.7038

MicroWorld eScan
Application.Bundler.Outbrowse.A
15.0.0.678

NANO AntiVirus
Trojan.Win32.OutBrowse.csrlza
0.28.0.58394

Panda Antivirus
Trj/CI.A
14.08.14.03

Qihoo 360 Security
Win32/Virus.Downloader.ad6
1.0.0.1015

Quick Heal
TrojanDownloader.NSIS.OutBrowse.B
8.14.14.00

Sophos
Generic PUA CH
4.96

Trend Micro House Call
TROJ_GEN.R047H07AI14
7.2.226

Trend Micro
TROJ_GEN.R02SC0EBN14
10.465.14

Vba32 AntiVirus
Downloader.OutBrowse
3.12.24.3

VIPRE Antivirus
OutBrowse
25568

File size:
616.5 KB (631,256 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\java.exe

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:14FyhCfsMntd1zdwVWyK1EzotWlj+kzVX0xp+lHTNo5uLMxHeXAkepYsq42:1IyhCfsMtpwof1EzotWln3M6VXopa42

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9775

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file java.exe has been seen being distributed by the following 3 URLs.

http://www.1freedown.com/.../download.php?id=52e712f3eef68&i=adus3

http://www.1freedown.com/download/r/.../java.exe

http://www.1freedown.com/.../download.php?id=52e2e9576071d&i=adus3

Remove java.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.