home

java_policy_v2.2.exe

The executable java_policy_v2.2.exe has been detected as malware by 28 anti-virus scanners. This is a setup program which is used to install the application. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from idse.imss.gob.mxii.cf.
MD5:
c3ef9edd48a019e72bec87a23655dac0

SHA-1:
f03bf69dd8e62acbc030909c1eb9407e543e2380

SHA-256:
7f86e2d602cd8a2b33f75e6a4fb6f5bf1570b37bcc47db09311c0eebc8472443

Scanner detections:
28 / 68

Status:
Malware

Analysis date:
1/13/2025 8:41:22 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.713387
342

Agnitum Outpost
TrojanSpy.Zbot
7.1.1

AhnLab V3 Security
Trojan/Win32.MDA
2015.08.28

Avira AntiVirus
TR/Crypt.Xpack.265439
8.3.2.2

Arcabit
Trojan.Kazy.DAE2AB
1.0.0.425

avast!
Win32:Dropper-gen [Drp]
2014.9-160228

AVG
Zbot
2017.0.2820

Baidu Antivirus
Trojan.Win32.Zbot
4.0.3.16228

Bitdefender
Gen:Variant.Kazy.713387
1.0.20.295

Dr.Web
Trojan.PWS.Panda.7934
9.0.1.059

Emsisoft Anti-Malware
Gen:Variant.Kazy.713387
8.16.02.28.12

ESET NOD32
Win32/Spy.Zbot.YW
10.12163

Fortinet FortiGate
W32/Zbot.YW!tr.spy
2/28/2016

F-Secure
Gen:Variant.Kazy.713387
11.2016-28-02_1

G Data
Gen:Variant.Kazy.713387
16.2.25

IKARUS anti.virus
Trojan-Spy.Agent
t3scan.1.9.5.0

K7 AntiVirus
Spyware
13.2017031

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.595

McAfee
PWSZbot-FAMS!C3EF9EDD48A0
5600.6476

Microsoft Security Essentials
PWS:Win32/Zbot!rfn
1.1.12002.0

MicroWorld eScan
Gen:Variant.Kazy.713387
17.0.0.177

NANO AntiVirus
Trojan.Win32.Panda.dvkuhw
0.30.24.3283

Panda Antivirus
Trj/Genetic.gen
16.02.28.12

Qihoo 360 Security
HEUR/QVM20.1.Malware.Gen
1.0.0.1015

Sophos
Mal/Inject-FX
4.98

Trend Micro House Call
TSPY_ZBOT.SMPR
7.2.59

Trend Micro
TROJ_GEN.R00JC0DHN15
10.465.28

VIPRE Antivirus
Trojan.Win32.Generic
43266

File size:
239.8 KB (245,562 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\java_policy_v2.2.exe

File PE Metadata
Compilation timestamp:
8/18/2015 1:05:13 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:WEzDB6+whtJOTzbAvtoqAGyKqMSULeCjK3iv:pNM1nAwpSUCCjyG

Entry address:
0x13D0

Entry point:
55, 8B, EC, 51, 6A, 1F, E8, 35, FC, FF, FF, 83, C4, 04, E8, 4D, FD, FF, FF, E8, 28, F0, 00, 00, 68, 30, 11, 40, 00, E8, 6E, EB, 00, 00, 83, C4, 04, 68, 30, 11, 40, 00, E8, 61, EB, 00, 00, 83, C4, 04, 68, B8, 0B, 00, 00, E8, 54, E9, 00, 00, 83, C4, 04, E8, 8C, E5, 00, 00, E8, 87, E5, 00, 00, 6A, 1F, E8, F0, FB, FF, FF, 83, C4, 04, 6A, 1F, E8, E6, FB, FF, FF, 83, C4, 04, E8, 6E, E5, 00, 00, E8, 39, BB, 00, 00, 33, C0, 8B, E5, 5D, C2, 10, 00, CC, 55, 8B, EC, 83, EC, 14, 33, C0, 88, 45, FB, 8D, 4D, EC, E8, 5D...
 
[+]

Entropy:
7.7102

Developed / compiled with:
Microsoft Visual C++

Code size:
68 KB (69,632 bytes)

The file java_policy_v2.2.exe has been seen being distributed by the following URL.

http://idse.imss.gob.mxii.cf/mx/imss/recursos/descargas/IDSE/.../?javapolicy=ir

Remove java_policy_v2.2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.