MalScore
100/100
MalFamily
Alien

Document_CA_18861.jar

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 22/56
File details Download PDF Report
File type: Java archive data (JAR)
File size: 250.03 KB (256028 bytes)
MD5: a54b24d49b69d1fe6d404a69dfbb5481
SHA1: 7c0fa2f53a6a68d07a59dc527cd1c34487899521
SHA256: 1580d25707d41971dc8a6516ce110fd86e4e633496745b114e37fb130e3c6bc7
First submission: 2019-04-16 10:30:04
Last submission: 2019-04-16 10:30:04
Filename detected: - Document_CA_18861.jar (1)
URL file hosting
hXXps://beautyebooking.com/Document_CA_18861.jarVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2019-04-16 08:24:53 [22/56] VirusTotal
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
No packers found for this file
File found
No file name detected
IP Found
No IP detected
URL(s)
No URL found
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven06_64 Seven06_64 VirtualBox 2019-04-19 13:29:31 2019-04-19 13:32:42 191

4 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven06_64 Seven06_64 VirtualBox 2019-04-19 13:29:31 2019-04-19 13:32:42 191

7 Summary items with data

Files

C:\Users\Seven01\AppData\Local\Temp\Document_CA_18861.jar
C:\Program Files (x86)\Java\jre1.8.0_74\bin\java.dll
C:\Windows\System32\tzres.dll
C:\Windows\System32\it-IT\tzres.dll.mui
C:\Program Files (x86)\Java\jre1.8.0_74\lib\i386\jvm.cfg
C:\Program Files (x86)\Java\jre1.8.0_74\bin\client\jvm.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\msvcr100.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\WSOCK32.dll
C:\Windows\System32\wsock32.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\WINMM.dll
C:\Windows\System32\winmm.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\VERSION.dll
C:\Windows\System32\version.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\verify.dll
C:\Users\Seven01\AppData\Local\Temp\.hotspotrc
C:\Program Files (x86)\Java\jre1.8.0_74\lib\endorsed
C:\
C:\Users\Seven01\AppData\Local\Temp\hsperfdata_Seven01
C:\Users\Seven01\AppData\Local\Temp\hsperfdata_Seven01\*.*
C:\Users\Seven01\AppData\Local\Temp\hsperfdata_Seven01\2412
C:\Program Files (x86)\Java\jre1.8.0_74\bin\zip.dll
C:\Program Files (x86)\Java\jre1.8.0_74\lib\resources.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\rt.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\sunrsasign.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\jsse.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\jce.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\charsets.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\jfr.jar
C:\Program Files (x86)\Java\jre1.8.0_74\classes
C:\Program Files (x86)\Java\jre1.8.0_74\lib\meta-index
C:\Program Files (x86)\Java\jre1.8.0_74\bin\client\classes.jsa
C:\Program Files (x86)
C:\Program Files (x86)\Java
C:\Program Files (x86)\Java\jre1.8.0_74
C:\Program Files (x86)\Java\jre1.8.0_74\lib
C:\Users\Seven01\AppData\Local\Temp\.hotspot_compiler
C:\Program Files (x86)\Java\jre1.8.0_74\bin
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\meta-index
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext
C:\Windows\Sun\Java\lib\ext\meta-index
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\*
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\access-bridge-32.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\cldrdata.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\dnsns.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\jaccess.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\jfxrt.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\localedata.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\nashorn.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\sunec.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\sunjce_provider.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\sunmscapi.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\sunpkcs11.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\zipfs.jar
C:\Windows\Sun\Java\lib\ext
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Program Files (x86)\Java\conf\usagetracker.properties
C:\Program Files (x86)\Java\jre1.8.0_74\lib\management\usagetracker.properties
C:\Users\Seven01\.oracle_jre_usage\48ac84126bcac2cd.timestamp
C:\Program Files (x86)\Java\jre1.8.0_74\meta-index
C:\Program Files (x86)\Java\jre1.8.0_74\lib\security\java.security
C:\Program%20Files%20(x86)\Java\jre1.8.0_74\lib\ext\x86\sunec.dll
C:\Program%20Files%20(x86)\Java\jre1.8.0_74\lib\ext\sunec.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\sunec.dll
C:\Program Files (x86)\Java\jre1.8.0_74\lib\security\US_export_policy.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\security\local_policy.jar
C:\Program Files (x86)\Java\jre1.8.0_74\bin\net.dll
C:\Users\Seven01\AppData\Local\Temp\*
C:\Program Files (x86)\Java\jre1.8.0_74\lib\security\blacklisted.certs
C:\Users\Seven01\577cd1d5
C:\Users\Seven01\577cd1d5\bda431f8\a90f3bcc\83e7cdf9
C:\Users\Seven01\577cd1d5\bda431f8
C:\Users\Seven01\577cd1d5\bda431f8\a90f3bcc
C:\Program Files (x86)\Java\jre1.8.0_74\lib\net.properties

Read Files

C:\Users\Seven01\AppData\Local\Temp\Document_CA_18861.jar
C:\Windows\System32\tzres.dll
C:\Windows\System32\it-IT\tzres.dll.mui
C:\Program Files (x86)\Java\jre1.8.0_74\lib\i386\jvm.cfg
C:\Program Files (x86)\Java\jre1.8.0_74\bin\msvcr100.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\client\jvm.dll
C:\Windows\System32\wsock32.dll
C:\Windows\System32\winmm.dll
C:\Windows\System32\version.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\verify.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\java.dll
C:\Users\Seven01\AppData\Local\Temp\hsperfdata_Seven01\2412
C:\Program Files (x86)\Java\jre1.8.0_74\bin\zip.dll
C:\Program Files (x86)\Java\jre1.8.0_74\lib\meta-index
C:\Program Files (x86)\Java\jre1.8.0_74\bin\client\classes.jsa
C:\Program Files (x86)\Java\jre1.8.0_74\lib\rt.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\meta-index
C:\Program Files (x86)\Java\jre1.8.0_74\lib\jce.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\security\java.security
C:\Program Files (x86)\Java\jre1.8.0_74\lib\jsse.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\sunec.jar
C:\Program Files (x86)\Java\jre1.8.0_74\bin\sunec.dll
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\sunjce_provider.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\security\US_export_policy.jar
C:\Program Files (x86)\Java\jre1.8.0_74\bin\net.dll
C:\Program Files (x86)\Java\jre1.8.0_74\lib\security\local_policy.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\security\blacklisted.certs
C:\Users\Seven01\577cd1d5\bda431f8\a90f3bcc\83e7cdf9
C:\Program Files (x86)\Java\jre1.8.0_74\lib\net.properties

Write Files

C:\Users\Seven01\AppData\Local\Temp\hsperfdata_Seven01\2412
C:\Users\Seven01\.oracle_jre_usage\48ac84126bcac2cd.timestamp
C:\Users\Seven01\577cd1d5\bda431f8\a90f3bcc\83e7cdf9

Delete Files

C:\Users\Seven01\577cd1d5\bda431f8\a90f3bcc\83e7cdf9

Keys

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CMF\Config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

kernel32.dll.FlsAlloc
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.FlsFree
jvm.dll.JNI_CreateJavaVM
jvm.dll.JNI_GetDefaultJavaVMInitArgs
java.dll.JDK_GetVersionInfo0
advapi32.dll.SetSecurityDescriptorControl
zip.dll.ZIP_Open
zip.dll.ZIP_Close
zip.dll.ZIP_FindEntry
zip.dll.ZIP_ReadEntry
zip.dll.ZIP_GetNextEntry
zip.dll.ZIP_CRC32
java.dll.Canonicalize
java.dll._Java_java_lang_Object_registerNatives@8
java.dll._Java_java_lang_System_registerNatives@8
java.dll._Java_java_lang_Thread_registerNatives@8
java.dll._Java_java_security_AccessController_getStackAccessControlContext@8
java.dll._Java_java_security_AccessController_getInheritedAccessControlContext@8
java.dll._Java_java_lang_Class_registerNatives@8
java.dll._Java_java_lang_ClassLoader_registerNatives@8
java.dll._Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedAction_2@12
java.dll._Java_java_lang_Class_forName0@24
java.dll._Java_java_lang_Throwable_fillInStackTrace@12
java.dll._Java_sun_reflect_Reflection_getCallerClass__@8
java.dll._Java_java_lang_Class_getPrimitiveClass@12
java.dll._Java_java_lang_Float_floatToRawIntBits@12
java.dll._Java_java_lang_Double_doubleToRawLongBits@16
java.dll._Java_java_lang_Double_longBitsToDouble@16
java.dll._Java_sun_misc_VM_initialize@8
jvm.dll.JVM_GetVersionInfo
java.dll._Java_java_lang_System_initProperties@12
shell32.dll.SHGetKnownFolderPath
java.dll.NewStringPlatform
java.dll._Java_java_lang_Runtime_maxMemory@8
java.dll._Java_java_io_FileInputStream_initIDs@8
java.dll._Java_java_io_FileDescriptor_initIDs@8
java.dll._Java_java_io_FileDescriptor_set@12
java.dll._Java_java_io_FileOutputStream_initIDs@8
java.dll._Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedExceptionAction_2@12
java.dll._Java_java_lang_String_intern@8
java.dll._Java_java_lang_System_setIn0@12
java.dll._Java_java_lang_Object_getClass@8
java.dll._Java_sun_reflect_Reflection_getClassAccessFlags@12
java.dll._Java_sun_reflect_NativeConstructorAccessorImpl_newInstance0@16
java.dll._Java_java_util_concurrent_atomic_AtomicLong_VMSupportsCS8@8
java.dll._Java_java_lang_System_setOut0@12
java.dll._Java_java_lang_System_setErr0@12
java.dll._Java_java_io_WinNTFileSystem_initIDs@8
kernel32.dll.GetFinalPathNameByHandleW
java.dll._Java_java_lang_System_mapLibraryName@12
java.dll._Java_java_lang_ClassLoader_findBuiltinLib@12
java.dll._Java_java_io_WinNTFileSystem_getBooleanAttributes@12
java.dll._Java_java_io_WinNTFileSystem_canonicalize0@12
java.dll._Java_java_lang_ClassLoader_00024NativeLibrary_load@16
java.dll._Java_sun_misc_Signal_findSignal@12
java.dll._Java_sun_misc_Signal_handle0@20
java.dll._Java_sun_io_Win32ErrorMode_setErrorMode@16
java.dll._Java_java_lang_Compiler_registerNatives@8
java.dll._Java_java_lang_Class_isAssignableFrom@12
java.dll._Java_java_io_FileInputStream_open0@12
java.dll._Java_java_io_FileInputStream_readBytes@20
java.dll._Java_java_io_FileInputStream_available@8
java.dll._Java_java_lang_reflect_Array_newArray@16
java.dll._Java_java_lang_Runtime_availableProcessors@8
java.dll._Java_java_io_FileInputStream_close0@8
java.dll._Java_java_io_WinNTFileSystem_list@12
java.dll._Java_java_io_WinNTFileSystem_canonicalizeWithPrefix0@16
java.dll._Java_sun_misc_URLClassPath_getLookupCacheURLs@12
java.dll._Java_java_lang_ProcessEnvironment_environmentBlock@8
java.dll._Java_java_io_FileOutputStream_open0@16
java.dll._Java_java_io_FileOutputStream_writeBytes@24
java.dll._Java_java_io_FileOutputStream_close0@8
jvm.dll.JVM_FindClassFromBootLoader
java.dll._Java_java_lang_ClassLoader_00024NativeLibrary_find@12
zip.dll._Java_java_util_zip_ZipFile_initIDs@8
java.dll._Java_java_io_WinNTFileSystem_getLastModifiedTime@12
zip.dll._Java_java_util_zip_ZipFile_open@28
zip.dll._Java_java_util_zip_ZipFile_getTotal@16
zip.dll._Java_java_util_zip_ZipFile_startsWithLOC@16
zip.dll._Java_java_util_zip_ZipFile_getEntry@24
zip.dll._Java_java_util_zip_ZipFile_getEntryFlag@16
zip.dll._Java_java_util_zip_ZipFile_getEntryTime@16
zip.dll._Java_java_util_zip_ZipFile_getEntryCrc@16
zip.dll._Java_java_util_zip_ZipFile_getEntrySize@16
zip.dll._Java_java_util_zip_ZipFile_getEntryCSize@16
zip.dll._Java_java_util_zip_ZipFile_getEntryMethod@16
zip.dll._Java_java_util_zip_ZipFile_getEntryBytes@20
zip.dll._Java_java_util_zip_ZipFile_freeEntry@24
zip.dll._Java_java_util_zip_Inflater_initIDs@8
zip.dll._Java_java_util_zip_Inflater_init@12
zip.dll._Java_java_util_zip_Inflater_inflateBytes@28
zip.dll._Java_java_util_zip_ZipFile_read@44
zip.dll._Java_java_util_zip_Inflater_reset@16
zip.dll._Java_java_util_zip_Inflater_end@16
zip.dll._Java_java_util_zip_ZipFile_close@16
java.dll._Java_java_lang_ClassLoader_findLoadedClass0@12
java.dll._Java_java_lang_ClassLoader_findBootstrapClass@12
java.dll._Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedExceptionAction_2Ljava_security_AccessControlContext_2@16
zip.dll._Java_java_util_jar_JarFile_getMetaInfEntryNames@8
java.dll._Java_java_lang_ClassLoader_defineClass1@32
java.dll._Java_sun_reflect_NativeMethodAccessorImpl_invoke0@20
java.dll._Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedAction_2Ljava_security_AccessControlContext_2@16
java.dll._Java_java_lang_Package_getSystemPackage0@12
zip.dll._Java_java_util_zip_ZipFile_getNextEntry@20
net.dll._JNI_OnLoad@8
net.dll._Java_java_net_InetAddress_init@8
net.dll._Java_java_net_InetAddressImplFactory_isIPv6Supported@8
net.dll._Java_java_net_Inet6AddressImpl_getLocalHostName@8
net.dll._Java_java_net_Inet6AddressImpl_lookupAllHostAddr@12
net.dll._Java_java_net_Inet4Address_init@8
net.dll._Java_java_net_Inet6Address_init@8
java.dll._Java_java_lang_Runtime_totalMemory@8
java.dll._Java_java_lang_Runtime_freeMemory@8
java.dll._Java_java_lang_Class_isInstance@12
java.dll._Java_java_lang_System_identityHashCode@12
java.dll._Java_java_lang_SecurityManager_getClassContext@8
zip.dll._Java_java_util_zip_CRC32_update@16
zip.dll._Java_java_util_zip_CRC32_updateBytes@24
java.dll._Java_java_lang_reflect_Array_getLength@12
java.dll._Java_java_io_ObjectStreamClass_initNative@8
java.dll._Java_sun_misc_VM_latestUserDefinedLoader@8
java.dll._Java_java_lang_Float_intBitsToFloat@12
java.dll._Java_java_io_WinNTFileSystem_createDirectory@12
java.dll._Java_java_io_WinNTFileSystem_delete0@12
java.dll._Java_java_io_WinNTFileSystem_createFileExclusively@12
net.dll._Java_java_net_DualStackPlainSocketImpl_initIDs@8
net.dll._Java_java_net_DualStackPlainSocketImpl_socket0@16
net.dll._Java_java_net_DualStackPlainSocketImpl_connect0@20
net.dll._Java_java_net_DualStackPlainSocketImpl_close0@12

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven06_64 Seven06_64 VirtualBox 2019-04-19 13:29:31 2019-04-19 13:32:42 191

1 Host(s) detected

IP Address Hostname Reverse DNS
104.248.21.161 United States icloud-iphone.us-server.

Host(s) by Country

Hosts Country 1
1 United States United States

#infosec #automation

TheSystem Itself @ 2019-04-16 10:30:05

Detected family: #Alien

TheSystem Itself @ 2019-04-19 21:00:02