pena_guarita.exe

Java corporate

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘HLI23383’.
Publisher:
Java corporate  (signed and verified)

Version:
1.0.0.0

MD5:
46837f16b9b1f1017c1045fa81146712

SHA-1:
afdf531651674299f7ded70eeb24bd06a1b8c70e

SHA-256:
a3a0618af2e9542dcad96e6ce908e8557335820806309d10b9269a52442a91b3

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/24/2024 11:58:24 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Kryptik.FPTV trojan
6.3.12010.0

F-Secure
Variant.Razy.145880
5.16.24

File size:
2.6 MB (2,745,912 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\zizavzqwzr\pena_guarita.exe

Digital Signature
Signed by:

Authority:
Java corporate

Valid from:
3/14/2017 10:46:27 AM

Valid to:
3/14/2018 10:46:27 AM

Subject:
CN=Java corporate, O=Java corporate, C=BR

Issuer:
CN=Java corporate, O=Java corporate, C=BR

Serial number:
01

File PE Metadata
Compilation timestamp:
3/15/2017 7:42:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x69D000

Entry point:
EB, 04, 00, 89, E2, 5F, 50, EB, 03, D9, BF, 1D, E8, 16, 00, 00, 00, EB, 04, 28, A1, 5F, C8, EB, 02, D3, A5, 33, C0, EB, 03, F2, BF, 5B, 71, 61, EB, 01, 39, EB, 01, EB, B8, 34, 48, 0A, F7, EB, 04, DF, 8F, 47, 14, EB, 03, 3D, 1F, 5F, 05, CC, B7, F5, 08, EB, 02, F0, EA, 75, 40, EB, 03, BA, 8A, 97, 64, FF, 30, EB, 05, 18, BF, 17, 9B, 96, 64, 89, 20, EB, 04, A0, 31, 84, 4F, EB, 02, C2, 21, 8B, 10, EB, 02, E8, 38, 64, 8F, 00, EB, 04, 87, 99, BA, BD, 83, C4, 04, EB, 01, B7, 58, EB, 05, 0A, 97, 74, 22, 19, C3, EB...
 
[+]

Code size:
2.9 MB (3,010,048 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
HLI23383

Command:
C:\ProgramData\zizavzqwzr\pena_guarita.exe


Scan pena_guarita.exe - Powered by Reason Core Security