home

javasched.exe

Application

GPA Generator

The executable javasched.exe, “GPA Generator PRO” has been detected as malware by 3 anti-virus scanners. While running, it connects to the Internet address unknown.servernap.com on port 443.
Publisher:
GPA Generator

Product:
Application

Description:
GPA Generator PRO

Version:
2.1.0.0

MD5:
e6ce81f308210111d0a83536bb334126

SHA-1:
a0831a54e0f3912ac5eac0a64657ae449e6f1556

SHA-256:
6d363384b9791647c8a115b45ab99221304745c875da25a0b05a68134117e61e

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
11/27/2024 8:44:09 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.DownLoader23.48824
9.0.1.05190

ESET NOD32
MSIL/Injector.RFV trojan
6.3.12010.0

Kaspersky
Trojan-Spy.MSIL.Omaneat
15.0.2.529

File size:
821.5 KB (841,216 bytes)

Product version:
2.1.0.0

Copyright:
Copyright 2016

Original file name:
GPA Generator.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\javasched.exe

File PE Metadata
Compilation timestamp:
1/22/2017 4:29:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0xAB94E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
678.5 KB (694,784 bytes)

User Start Menu Item
Name:
javasched.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to unknown.servernap.com  (69.65.17.35:443)

TCP (HTTP SSL):
Connects to static.khi77.pie.net.pk  (221.120.207.49:443)

Remove javasched.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.