» javaw.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

javaw.exe

The executable javaw.exe has been detected as malware by 9 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘4348cb5925f5501f5c512527933f663e’. While running, it connects to the Internet address google-public-dns-a.google.com on port 1199.

File name:

javaw.exe

MD5:

26e98dbc5a1cc8ba3e139635236b4995

SHA-1:

078457918dfdd3c13354ddd40c7cef2d3b7cc27a

SHA-256:

2bcf55d65b14e9fc5ac5405f0bdd1c80a20d43d6cea58d3f1c8080297abb690c

Scanner detections:

9 / 68

Status:

Malware

Analysis date:

11/5/2024 1:57:43 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.Generic

2014.08.27

Avira AntiVirus

TR/ATRAPS.Gen

7.11.169.144

Dr.Web

Trojan.PackedENT.24715

9.0.1.0362

ESET NOD32

MSIL/Bladabindi (variant)

8.10323

F-Prot

W32/Zusy.Q.gen

v6.4.7.1.166

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.2728

Malwarebytes

Trojan.Facebook

v2014.12.28.09

Rising Antivirus

PE:Trojan.Injector!6.50

23.00.65.141226

SUPERAntiSpyware

Trojan.Agent/Gen-Zusy

10150

File size:

188 KB (192,512 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\javaw.exe

File PE Metadata

Compilation timestamp:

8/30/2014 12:48:59 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:NREEC2Oi8NXC797F8TBfFvj4bq57HT6dmqoymPQPeCgo:N9C2F8NXC796TB9vj48H+dfeJo

Entry address:

0xFFEF

Entry point:

E8, 12, 5B, 00, 00, E9, A4, FE, FF, FF, 6A, 0C, 68, 38, 11, 42, 00, E8, 67, 0D, 00, 00, 6A, 0E, E8, 68, 02, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, F4, 37, 42, 00, BA, F0, 37, 42, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, D9, E7, FF, FF, 59, FF, 76, 04, E8, D0, E7, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, 56, 0D, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, 33, 01, 00, 00, 59, C3, CC, CC, CC, CC, CC, CC... 
[+]

Entropy:

7.1965

Code size:

102 KB (104,448 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

4348cb5925f5501f5c512527933f663e

Command:

"C:\windows\javaw.exe"..

The executing file has been seen to make the following network communication in live environments.

TCP:

Connects to google-public-dns-a.google.com (8.8.8.8:1199)

Remove javaw.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.