home

java.update.exe

new

The executable java.update.exe has been detected as malware by 2 anti-virus scanners. The file has been seen being downloaded from 80521812-285151226570692406.preview.editmysite.com and multiple other hosts.
Product:
new

Version:
1.0.0.0

MD5:
ee202c86dfb56c99a1aeebee4403c675

SHA-1:
4d2e83be07929c13dc29757bdb95c2b42872adec

SHA-256:
f8d82b504d36bc268eecc5b88ee509da69696d5d35724f5e48e1f3646161f52a

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
2/25/2025 1:29:29 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
MSIL:GenMalicious-ARJ [Trj]
160203-1

ESET NOD32
MSIL/Kryptik.FAT trojan
7.0.302.0

File size:
317.5 KB (325,120 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
new.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\java.update.exe

File PE Metadata
Compilation timestamp:
1/21/2016 3:19:42 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:SJggXrEjlE215vX3zyHHLnHqwOSNDbUum7B:EqC21KOSNDbEB

Entry address:
0x4938A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.1442

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
285 KB (291,840 bytes)

The file java.update.exe has been seen being distributed by the following 3 URLs.

http://80521812-285151226570692406.preview.editmysite.com/uploads/8/0/5/2/.../java.update.exe

http://73616081-509517242719949032.preview.editmysite.com/uploads/7/3/6/1/.../java.update.exe

http://55807193-134732981817953451.preview.editmysite.com/uploads/5/5/8/0/.../java.update.exe

Remove java.update.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.