home

sunjava.exe

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable sunjava.exe has been detected as malware by 2 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘SunJava’. While running, it connects to the Internet address www.parsonline.com on port 80 using the HTTP protocol.
Publisher:
Microsoft Corporation*  (Invalid match)

Product:
Microsoft Corporation

Version:
1.00

MD5:
1bc928c12dc511fe168415eff6685628

SHA-1:
f323171e5bc0e316c7331845828ed1a2f82f1589

SHA-256:
a4071f8253cdfa01523c97b66be7dd6e06afd003062b4d5a6631307a5a23e5d6

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
12/26/2024 2:15:19 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Sality
160917-0

ESET NOD32
Win32/VB.RBU trojan
6.3.12010.0

File size:
284 KB (290,816 bytes)

Product version:
1.00

Copyright:
Microsoft Corporation

Trademarks:
Microsoft Corporation

Original file name:
smsfree-sender.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\sunjava\sunjava.exe

File PE Metadata
Compilation timestamp:
10/5/2003 12:04:15 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x1180

Entry point:
68, D4, 42, 41, 00, E8, EE, FF, FF, FF, 00, 00, 58, 00, 00, 00, 30, 00, 00, 00, 50, 00, 00, 00, 00, 00, 00, 00, 58, 1D, 68, BA, A8, FC, 0E, 44, A8, 97, 07, 9F, 07, 31, 67, 45, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 4A, 00, 06, 50, 83, 01, 4D, 69, 63, 72, 6F, 73, 6F, 66, 74, 57, 69, 6E, 64, 6F, 77, 73, 45, 78, 70, 6C, 6F, 72, 65, 72, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A0, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 06, 00, 00, 00, 93, 92, 9B, F0, 17, 83, 1E, 4D...
 
[+]

Entropy:
4.2752

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
128 KB (131,072 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SunJava

Command:
C:\users\{user}\appdata\roaming\sunjava\sunjava.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 67-220-217-235.hosted.static.webnx.com  (67.220.217.235:80)

TCP (HTTP):
Connects to www.parsonline.com  (91.98.29.182:80)

TCP (HTTP):
Connects to ec2-54-235-135-109.compute-1.amazonaws.com  (54.235.135.109:80)

Remove sunjava.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.