MalScore
100/100
MalFamily
Qrat

Scan0003.jar

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 18/60
File details Download PDF Report
File type: Java archive data (JAR)
File size: 223.30 KB (228663 bytes)
MD5: eabe54ded2aa911dbec1b67d8856b7e2
SHA1: 18b933123b690cf7adb13e36900874331aed178b
SHA256: 6fb727fe60810f0d3ab465b714f52cb7f5e6ee4f580f0792b1a20afcb2beb19e
First submission: 2019-04-16 10:27:07
Last submission: 2019-04-16 10:27:07
Filename detected: - Scan0003.jar (1)
URL file hosting
hXXps://gentcreativa.com/wp/Scan0003.jarVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2019-04-15 14:56:17 [18/60] VirusTotal
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
No packers found for this file
File found
No file name detected
IP Found
No IP detected
URL(s)
No URL found
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2019-04-19 13:19:21 2019-04-19 13:22:06 165

4 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2019-04-19 13:19:21 2019-04-19 13:22:06 165

7 Summary items with data

Files

C:\Users\Seven01\AppData\Local\Temp\Scan0003.jar
C:\Program Files (x86)\Java\jre1.8.0_74\bin\java.dll
C:\Windows\System32\tzres.dll
C:\Windows\System32\it-IT\tzres.dll.mui
C:\Program Files (x86)\Java\jre1.8.0_74\lib\i386\jvm.cfg
C:\Program Files (x86)\Java\jre1.8.0_74\bin\client\jvm.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\msvcr100.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\WSOCK32.dll
C:\Windows\System32\wsock32.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\WINMM.dll
C:\Windows\System32\winmm.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\VERSION.dll
C:\Windows\System32\version.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\verify.dll
C:\Users\Seven01\AppData\Local\Temp\.hotspotrc
C:\Program Files (x86)\Java\jre1.8.0_74\lib\endorsed
C:\
C:\Users\Seven01\AppData\Local\Temp\hsperfdata_Seven01
C:\Users\Seven01\AppData\Local\Temp\hsperfdata_Seven01\*.*
C:\Users\Seven01\AppData\Local\Temp\hsperfdata_Seven01\2872
C:\Program Files (x86)\Java\jre1.8.0_74\bin\zip.dll
C:\Program Files (x86)\Java\jre1.8.0_74\lib\resources.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\rt.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\sunrsasign.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\jsse.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\jce.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\charsets.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\jfr.jar
C:\Program Files (x86)\Java\jre1.8.0_74\classes
C:\Program Files (x86)\Java\jre1.8.0_74\lib\meta-index
C:\Program Files (x86)\Java\jre1.8.0_74\bin\client\classes.jsa
C:\Program Files (x86)
C:\Program Files (x86)\Java
C:\Program Files (x86)\Java\jre1.8.0_74
C:\Program Files (x86)\Java\jre1.8.0_74\lib
C:\Users\Seven01\AppData\Local\Temp\.hotspot_compiler
C:\Program Files (x86)\Java\jre1.8.0_74\bin
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\meta-index
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext
C:\Windows\Sun\Java\lib\ext\meta-index
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\*
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\access-bridge-32.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\cldrdata.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\dnsns.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\jaccess.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\jfxrt.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\localedata.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\nashorn.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\sunec.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\sunjce_provider.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\sunmscapi.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\sunpkcs11.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\zipfs.jar
C:\Windows\Sun\Java\lib\ext
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Program Files (x86)\Java\conf\usagetracker.properties
C:\Program Files (x86)\Java\jre1.8.0_74\lib\management\usagetracker.properties
C:\Users\Seven01\.oracle_jre_usage\48ac84126bcac2cd.timestamp
C:\Program Files (x86)\Java\jre1.8.0_74\meta-index
C:\Program Files (x86)\Java\jre1.8.0_74\lib\security\java.security
C:\Program%20Files%20(x86)\Java\jre1.8.0_74\lib\ext\x86\sunec.dll
C:\Program%20Files%20(x86)\Java\jre1.8.0_74\lib\ext\sunec.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\sunec.dll
C:\Program Files (x86)\Java\jre1.8.0_74\lib\security\US_export_policy.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\security\local_policy.jar
C:\Program Files (x86)\Java\jre1.8.0_74\bin\net.dll
C:\Users\Seven01\AppData\Local\Temp\*
C:\Program Files (x86)\Java\jre1.8.0_74\lib\security\blacklisted.certs
C:\Users\Seven01\577cd1d5
C:\Users\Seven01\577cd1d5\bda431f8\a90f3bcc\83e7cdf9
C:\Users\Seven01\577cd1d5\bda431f8
C:\Users\Seven01\577cd1d5\bda431f8\a90f3bcc
C:\Program Files (x86)\Java\jre1.8.0_74\lib\net.properties

Read Files

C:\Users\Seven01\AppData\Local\Temp\Scan0003.jar
C:\Windows\System32\tzres.dll
C:\Windows\System32\it-IT\tzres.dll.mui
C:\Program Files (x86)\Java\jre1.8.0_74\lib\i386\jvm.cfg
C:\Program Files (x86)\Java\jre1.8.0_74\bin\msvcr100.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\client\jvm.dll
C:\Windows\System32\wsock32.dll
C:\Windows\System32\winmm.dll
C:\Windows\System32\version.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\verify.dll
C:\Program Files (x86)\Java\jre1.8.0_74\bin\java.dll
C:\Users\Seven01\AppData\Local\Temp\hsperfdata_Seven01\2872
C:\Program Files (x86)\Java\jre1.8.0_74\bin\zip.dll
C:\Program Files (x86)\Java\jre1.8.0_74\lib\meta-index
C:\Program Files (x86)\Java\jre1.8.0_74\bin\client\classes.jsa
C:\Program Files (x86)\Java\jre1.8.0_74\lib\rt.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\meta-index
C:\Program Files (x86)\Java\jre1.8.0_74\lib\jce.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\security\java.security
C:\Program Files (x86)\Java\jre1.8.0_74\lib\jsse.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\sunec.jar
C:\Program Files (x86)\Java\jre1.8.0_74\bin\sunec.dll
C:\Program Files (x86)\Java\jre1.8.0_74\lib\ext\sunjce_provider.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\security\US_export_policy.jar
C:\Program Files (x86)\Java\jre1.8.0_74\bin\net.dll
C:\Program Files (x86)\Java\jre1.8.0_74\lib\security\local_policy.jar
C:\Program Files (x86)\Java\jre1.8.0_74\lib\security\blacklisted.certs
C:\Users\Seven01\577cd1d5\bda431f8\a90f3bcc\83e7cdf9
C:\Program Files (x86)\Java\jre1.8.0_74\lib\net.properties

Write Files

C:\Users\Seven01\AppData\Local\Temp\hsperfdata_Seven01\2872
C:\Users\Seven01\.oracle_jre_usage\48ac84126bcac2cd.timestamp
C:\Users\Seven01\577cd1d5\bda431f8\a90f3bcc\83e7cdf9

Delete Files

C:\Users\Seven01\577cd1d5\bda431f8\a90f3bcc\83e7cdf9

Keys

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CMF\Config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

kernel32.dll.FlsAlloc
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.FlsFree
jvm.dll.JNI_CreateJavaVM
jvm.dll.JNI_GetDefaultJavaVMInitArgs
java.dll.JDK_GetVersionInfo0
advapi32.dll.SetSecurityDescriptorControl
zip.dll.ZIP_Open
zip.dll.ZIP_Close
zip.dll.ZIP_FindEntry
zip.dll.ZIP_ReadEntry
zip.dll.ZIP_GetNextEntry
zip.dll.ZIP_CRC32
java.dll.Canonicalize
java.dll._Java_java_lang_Object_registerNatives@8
java.dll._Java_java_lang_System_registerNatives@8
java.dll._Java_java_lang_Thread_registerNatives@8
java.dll._Java_java_security_AccessController_getStackAccessControlContext@8
java.dll._Java_java_security_AccessController_getInheritedAccessControlContext@8
java.dll._Java_java_lang_Class_registerNatives@8
java.dll._Java_java_lang_ClassLoader_registerNatives@8
java.dll._Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedAction_2@12
java.dll._Java_java_lang_Class_forName0@24
java.dll._Java_java_lang_Throwable_fillInStackTrace@12
java.dll._Java_sun_reflect_Reflection_getCallerClass__@8
java.dll._Java_java_lang_Class_getPrimitiveClass@12
java.dll._Java_java_lang_Float_floatToRawIntBits@12
java.dll._Java_java_lang_Double_doubleToRawLongBits@16
java.dll._Java_java_lang_Double_longBitsToDouble@16
java.dll._Java_sun_misc_VM_initialize@8
jvm.dll.JVM_GetVersionInfo
java.dll._Java_java_lang_System_initProperties@12
shell32.dll.SHGetKnownFolderPath
java.dll.NewStringPlatform
java.dll._Java_java_lang_Runtime_maxMemory@8
java.dll._Java_java_io_FileInputStream_initIDs@8
java.dll._Java_java_io_FileDescriptor_initIDs@8
java.dll._Java_java_io_FileDescriptor_set@12
java.dll._Java_java_io_FileOutputStream_initIDs@8
java.dll._Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedExceptionAction_2@12
java.dll._Java_java_lang_String_intern@8
java.dll._Java_java_lang_System_setIn0@12
java.dll._Java_java_lang_Object_getClass@8
java.dll._Java_sun_reflect_Reflection_getClassAccessFlags@12
java.dll._Java_sun_reflect_NativeConstructorAccessorImpl_newInstance0@16
java.dll._Java_java_util_concurrent_atomic_AtomicLong_VMSupportsCS8@8
java.dll._Java_java_lang_System_setOut0@12
java.dll._Java_java_lang_System_setErr0@12
java.dll._Java_java_io_WinNTFileSystem_initIDs@8
kernel32.dll.GetFinalPathNameByHandleW
java.dll._Java_java_lang_System_mapLibraryName@12
java.dll._Java_java_lang_ClassLoader_findBuiltinLib@12
java.dll._Java_java_io_WinNTFileSystem_getBooleanAttributes@12
java.dll._Java_java_io_WinNTFileSystem_canonicalize0@12
java.dll._Java_java_lang_ClassLoader_00024NativeLibrary_load@16
java.dll._Java_sun_misc_Signal_findSignal@12
java.dll._Java_sun_misc_Signal_handle0@20
java.dll._Java_sun_io_Win32ErrorMode_setErrorMode@16
java.dll._Java_java_lang_Compiler_registerNatives@8
java.dll._Java_java_lang_Class_isAssignableFrom@12
java.dll._Java_java_io_FileInputStream_open0@12
java.dll._Java_java_io_FileInputStream_readBytes@20
java.dll._Java_java_io_FileInputStream_available@8
java.dll._Java_java_lang_reflect_Array_newArray@16
java.dll._Java_java_lang_Runtime_availableProcessors@8
java.dll._Java_java_io_FileInputStream_close0@8
java.dll._Java_java_io_WinNTFileSystem_list@12
java.dll._Java_java_io_WinNTFileSystem_canonicalizeWithPrefix0@16
java.dll._Java_sun_misc_URLClassPath_getLookupCacheURLs@12
java.dll._Java_java_lang_ProcessEnvironment_environmentBlock@8
java.dll._Java_java_io_FileOutputStream_open0@16
java.dll._Java_java_io_FileOutputStream_writeBytes@24
java.dll._Java_java_io_FileOutputStream_close0@8
jvm.dll.JVM_FindClassFromBootLoader
java.dll._Java_java_lang_ClassLoader_00024NativeLibrary_find@12
zip.dll._Java_java_util_zip_ZipFile_initIDs@8
java.dll._Java_java_io_WinNTFileSystem_getLastModifiedTime@12
zip.dll._Java_java_util_zip_ZipFile_open@28
zip.dll._Java_java_util_zip_ZipFile_getTotal@16
zip.dll._Java_java_util_zip_ZipFile_startsWithLOC@16
zip.dll._Java_java_util_zip_ZipFile_getEntry@24
zip.dll._Java_java_util_zip_ZipFile_getEntryFlag@16
zip.dll._Java_java_util_zip_ZipFile_getEntryTime@16
zip.dll._Java_java_util_zip_ZipFile_getEntryCrc@16
zip.dll._Java_java_util_zip_ZipFile_getEntrySize@16
zip.dll._Java_java_util_zip_ZipFile_getEntryCSize@16
zip.dll._Java_java_util_zip_ZipFile_getEntryMethod@16
zip.dll._Java_java_util_zip_ZipFile_getEntryBytes@20
zip.dll._Java_java_util_zip_ZipFile_freeEntry@24
zip.dll._Java_java_util_zip_Inflater_initIDs@8
zip.dll._Java_java_util_zip_Inflater_init@12
zip.dll._Java_java_util_zip_Inflater_inflateBytes@28
zip.dll._Java_java_util_zip_ZipFile_read@44
zip.dll._Java_java_util_zip_Inflater_reset@16
zip.dll._Java_java_util_zip_Inflater_end@16
zip.dll._Java_java_util_zip_ZipFile_close@16
java.dll._Java_java_lang_ClassLoader_findLoadedClass0@12
java.dll._Java_java_lang_ClassLoader_findBootstrapClass@12
java.dll._Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedExceptionAction_2Ljava_security_AccessControlContext_2@16
java.dll._Java_java_lang_Package_getSystemPackage0@12
zip.dll._Java_java_util_jar_JarFile_getMetaInfEntryNames@8
java.dll._Java_java_lang_ClassLoader_defineClass1@32
java.dll._Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedAction_2Ljava_security_AccessControlContext_2@16
zip.dll._Java_java_util_zip_ZipFile_getNextEntry@20
net.dll._JNI_OnLoad@8
net.dll._Java_java_net_InetAddress_init@8
net.dll._Java_java_net_InetAddressImplFactory_isIPv6Supported@8
net.dll._Java_java_net_Inet6AddressImpl_getLocalHostName@8
net.dll._Java_java_net_Inet6AddressImpl_lookupAllHostAddr@12
net.dll._Java_java_net_Inet4Address_init@8
net.dll._Java_java_net_Inet6Address_init@8
java.dll._Java_java_lang_Runtime_totalMemory@8
java.dll._Java_java_lang_Runtime_freeMemory@8
java.dll._Java_java_lang_Class_isInstance@12
java.dll._Java_java_lang_System_identityHashCode@12
java.dll._Java_sun_reflect_NativeMethodAccessorImpl_invoke0@20
java.dll._Java_java_lang_SecurityManager_getClassContext@8
java.dll._Java_java_io_ObjectStreamClass_initNative@8
java.dll._Java_sun_misc_VM_latestUserDefinedLoader@8
java.dll._Java_java_lang_Float_intBitsToFloat@12
java.dll._Java_java_lang_ClassLoader_resolveClass0@12
zip.dll._Java_java_util_zip_CRC32_updateBytes@24
java.dll._Java_java_io_WinNTFileSystem_createDirectory@12
java.dll._Java_java_io_WinNTFileSystem_delete0@12
java.dll._Java_java_io_WinNTFileSystem_createFileExclusively@12
net.dll._Java_java_net_DualStackPlainSocketImpl_initIDs@8
net.dll._Java_java_net_DualStackPlainSocketImpl_socket0@16
net.dll._Java_java_net_DualStackPlainSocketImpl_connect0@20
net.dll._Java_java_net_DualStackPlainSocketImpl_close0@12

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2019-04-19 13:19:21 2019-04-19 13:22:06 165

1 Host(s) detected

IP Address Hostname Reverse DNS
188.166.150.227 United Kingdom

Host(s) by Country

Hosts Country 1
1 United Kingdom United Kingdom

#infosec #automation

TheSystem Itself @ 2019-04-16 10:27:08

Detected family: #Qrat

TheSystem Itself @ 2019-04-19 20:57:02