IOC Report
MVO4879773357878.jar

loading gif

Files

File Path
Type
Category
Malicious
MVO4879773357878.jar
Zip archive data, at least v2.0 to extract, compression method=deflate
initial sample
 malicious
C:\ProgramData\Oracle\Java\.oracle_jre_usage\b5820291038aa69c.timestamp
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\hsperfdata_user\1800
data
dropped
C:\jar\META-INF\MANIFEST.MF
ASCII text, with CRLF line terminators
dropped
C:\jar\carLambo\AILeJFODIHNyHULMHPDMqXVIZVnaVD.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\ANLvCFyChcJzVnLHSqeekHx.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\AimdQBqtwmRlTmfOwmvjwNywPJZsM.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\BAvsXDspdJYXQBvXhSPZNfejgtqGP.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\CHHXGzeSpzwiJOAtZoSZBJ.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\CHHXGzeSpzwiJOAtZoSZBJOdYDRcQU.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\CMGnAzOSNTsjXgAokPsrvtqOAexQi.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\CVahPcpwAqEGgjZCgeRHqvzav.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\DPSFZBMQYgMSdqRKnSjeeHqvknUN.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\DZQmNBgOWWDUGcQCKUlPSbuRpohqT.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\ETIKYbEhuMLgDjIJSHDmGnlmeMsm.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\FirstRun.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\GDI32.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\GYDTPVEwzYqRTvxmvHtRLJG.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\GeLuFwhdbiiEVoEeoUbtXxPX.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\HBrowserNativeApis.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\HRvrZvbQXOxdQCpuCvMoA.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\INziJWwhFRZYUTzXNlVz.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\ISyzDWggemUZimyTYMwRRfQ.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\JMrXOwDACcclgsrbfAOpFrHXlamCDQ.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\Kernel32.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\LZFZUTettLTuEIERFOckFPlpH.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\LbNkQuXbxAPhtiNOmAjuW.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\MMpWpSYgqriSzVphTpNfhnTglQdmfQ.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\OeziLNfIzXyeUUtuiOSPKlGvibRk.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\PWjvaMJuUYJDdBdFIQec.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\QsNkSlGCqFomtjHlHdgKKJlOETn.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\RGguaORgBxwLQFguOTfsyvWLb.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\RestoreWindow.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\SjomlJrGISDYNqiAAulMONOv.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\TQaTMIBufeXwulTTDuvpxBTBfNW.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\TgBoQLFFtKbHGgBZrVBiDrm.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\User32.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\VRdaqkGKmButMUdsZLfSOLnpgVk.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\WinGDI.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\WzOHQjRyKNNQtPOMcLqvxzsvisZhr.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\XfrcwHiEekkBljrjyatNOjRICOGWh.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\YEJPIdRNPZsBIbCpFLfaCVN.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\YlqtqHSDDFgBzCqfJBUfI.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\a.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\akllnBiTjwPmAwfMbajsTFm.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\b.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\bQOGTazZDTmWsQIjxomKkpLaxswAl.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\cUFMRzrqZzmkSJziceHSMVGQ.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\eQJCBbLIHBNfWZJLmUQdjvxUQzC.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\fnSeRWCjpCYtFrMVMUvfGdMUp.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\gQEuyVcYntwPXTysEtfquh.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\gcLmiwpDoXkEofFgIgnkAFbECjBM.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\ghKDbwZCNsgFCyEcTHODu.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\gjWVByXBXFzoJIWyWKFqdDDX.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\hSQNXYaWyFQzecPOHvVddvqXyqC.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\iWGSWxRnUlPNEVGNllqlF.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\iytiDwrcScnkWxsldKZwufPjSLiFk.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\lUtzYRoVxoBKRpnyWYynzJxpJ.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\lXFRxTmUHAVtXyFTZbpbiXx.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\mHewsQjItURiLCXNkzji.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\nPpeMSRGcCgSgfpfzdBoEfHy.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\niHBeoQPoWsSpEBovnMizhbIfpQUU.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\nnHRYoAONroTDXAkGOnAtRE.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\nnHRYoAONroTDXAkGOnAtREs.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\oarPtnuBJYDryklAVpYvVplj.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\pOkXJMhVItPChYeMRCPBQRAUzLx.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\pXEQYpIAvPbarbDZMRoR.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\pjLIIQVgvuPOInKOREwLQrvvgxeCAr.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\qQnenommQRmzAInlnTAeg.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\qvNsplybcQmnatGjnQTThBZ.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\rCYbIngZMxCXvVYABulZ.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\rEgmEOZGPmyKjwgxifrjbDi.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\rOfTrNtEMcqMLhfoFhtTPXmOS.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\resources\config.txt
ASCII text, with no line terminators
dropped
C:\jar\carLambo\tXuEElkzfqlTWetjTVgwULpwLk.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\tjBwnLxfgUZInqAXXJorajaLymNWI.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\toANhLheFpVIBJATjkPJUTCvbMu.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\uBLIKHEHpAoUHpElmhtbDhNa.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\vDWajJBFzMIEOyWGpkkOlvNI.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\vGKYEHoGOVkVVIDgxIUt.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\wvGnyIgrUOTdXfGRPmvbIDXjmea.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
C:\jar\carLambo\xjzwOiTLTjfoGTzdLznhC.class
compiled Java class data, version 52.0 (Java 1.8)
dropped
There are 72 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe
java.exe -jar "C:\Users\user\Desktop\MVO4879773357878.jar" carLambo.FirstRun
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 malicious
C:\Windows\System32\7za.exe
7za.exe x -y -oC:\jar "C:\Users\user\Desktop\MVO4879773357878.jar"
C:\Windows\SysWOW64\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

URLs

Name
IP
Malicious
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
unknown
 malicious
http://java.oracle.com/
unknown
http://null.oracle.com/
unknown
https://repo1.maven.org/maven2/net/java/dev/jna/jna-platform/5.5.0/jna-platform-5.5.0.jar
unknown
https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.14.2.1/sqlite-jdbc-3.14.2.1.jarl
unknown
https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.5.0/jna-5.5.0.jar
unknown
https://repo1.maven.org/maven2/net/java/dev/jna/jna-platform/5.5.0/jna-platform-5.5.0.jarXs
unknown
http://wshsoft.company/multrdp.jpg
unknown
https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.14.2.1/sqlite-jdbc-3.14.2.1.jar
unknown
http://bugreport.sun.com/bugreport/
unknown
https://github.com/kristian/system-hook/releases/download/3.5/system-hook-3.5.jar
unknown
There are 1 hidden URLs, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
9D69000
trusted library allocation
page read and write
 malicious
4B90000
trusted library allocation
page read and write
 malicious
16DFD000
heap
page read and write
16D1F000
heap
page read and write
17AF000
stack
page read and write
3210000
trusted library allocation
page read and write
16D4F000
heap
page read and write
17199000
unkown
page read and write
31AF000
stack
page read and write
3070000
heap
page read and write
16B4B000
heap
page read and write
2674000
trusted library allocation
page execute and read and write
2610000
unkown
page read and write
16B85000
heap
page read and write
7DC000
stack
page read and write
16D66000
heap
page read and write
16DF5000
heap
page read and write
16DD3000
heap
page read and write
141E000
stack
page read and write
17147000
stack
page read and write
16D8F000
heap
page read and write
26C1000
trusted library allocation
page execute and read and write
4CC1000
trusted library allocation
page read and write
16D7E000
heap
page read and write
2622000
trusted library allocation
page execute and read and write
3089000
heap
page read and write
16DEF000
heap
page read and write
15B8000
heap
page read and write
1710E000
unkown
page read and write
4CA7000
trusted library allocation
page read and write
17284000
heap
page read and write
16E10000
heap
page read and write
16DC2000
heap
page read and write
9D99000
trusted library allocation
page read and write
2CD0000
heap
page read and write
16BB5000
heap
page read and write
16BEA000
heap
page read and write
16C02000
heap
page read and write
16BF2000
heap
page read and write
16B5A000
heap
page read and write
16DFD000
heap
page read and write
16B7E000
heap
page read and write
9F17000
trusted library allocation
page read and write
16D37000
heap
page read and write
9E04000
trusted library allocation
page read and write
16DCB000
heap
page read and write
16B20000
heap
page read and write
16CB0000
heap
page read and write
16E03000
heap
page read and write
16DF7000
heap
page read and write
15400000
trusted library allocation
page read and write
171B0000
heap
page read and write
3100000
heap
page read and write
C0D000
stack
page read and write
2DEF000
stack
page read and write
9EFF000
trusted library allocation
page read and write
4620000
trusted library allocation
page read and write
1740F000
stack
page read and write
497B000
trusted library allocation
page read and write
16D2E000
heap
page read and write
2607000
unkown
page read and write
123C000
stack
page read and write
16B85000
heap
page read and write
265A000
trusted library allocation
page execute and read and write
16CD2000
heap
page read and write
AA0000
heap
page read and write
2DF0000
heap
page read and write
16DF7000
heap
page read and write
169AD000
stack
page read and write
16BE3000
heap
page read and write
16D7E000
heap
page read and write
1674E000
unkown
page read and write
1678D000
stack
page read and write
303E000
stack
page read and write
16DB5000
heap
page read and write
16B66000
heap
page read and write
16C5D000
stack
page read and write
14800000
trusted library allocation
page read and write
CB7000
heap
page read and write
16BD3000
heap
page read and write
9D50000
trusted library allocation
page read and write
D66000
heap
page read and write
9E0B000
trusted library allocation
page read and write
16D7E000
heap
page read and write
16440000
trusted library allocation
page read and write
F20000
heap
page read and write
16DF7000
heap
page read and write
16BAE000
heap
page read and write
16DCB000
heap
page read and write
D5F000
heap
page read and write
9D94000
trusted library allocation
page read and write
166BE000
stack
page read and write
16D8F000
heap
page read and write
1691D000
stack
page read and write
490E000
trusted library allocation
page read and write
9DFA000
trusted library allocation
page read and write
15B0000
heap
page read and write
1707E000
unkown
page read and write
16B73000
heap
page read and write
3078000
heap
page read and write
C70000
heap
page read and write
16E03000
heap
page read and write
16B1E000
unkown
page read and write
16DC2000
heap
page read and write
A40000
heap
page read and write
3105000
heap
page read and write
16D7E000
heap
page read and write
16B73000
heap
page read and write
2660000
trusted library allocation
page execute and read and write
480E000
trusted library allocation
page read and write
16DD3000
heap
page read and write
3110000
heap
page read and write
16E10000
heap
page read and write
16DEF000
heap
page read and write
1530000
trusted library allocation
page read and write
4979000
trusted library allocation
page read and write
16A3D000
stack
page read and write
9EEE000
trusted library allocation
page read and write
16B29000
heap
page read and write
2C80000
heap
page read and write
16DE8000
heap
page read and write
13DE000
stack
page read and write
16DB5000
heap
page read and write
16DFD000
heap
page read and write
17280000
heap
page read and write
4800000
trusted library allocation
page read and write
2CCE000
stack
page read and write
16E10000
heap
page read and write
16A8D000
unkown
page read and write
16D5F000
heap
page read and write
BCD000
stack
page read and write
C7B000
heap
page read and write
16DF7000
heap
page read and write
D49000
heap
page read and write
16DFD000
heap
page read and write
1440000
heap
page read and write
16DE8000
heap
page read and write
4B82000
trusted library allocation
page read and write
16B30000
heap
page read and write
481B000
trusted library allocation
page read and write
16E03000
heap
page read and write
16D3E000
heap
page read and write
16B76000
heap
page read and write
1644A000
trusted library allocation
page read and write
2665000
trusted library allocation
page execute and read and write
C8A000
heap
page read and write
16000000
trusted library allocation
page read and write
16D0B000
heap
page read and write
9F0C000
trusted library allocation
page read and write
16DD6000
heap
page read and write
171FE000
stack
page read and write
26BD000
trusted library allocation
page execute and read and write
16DF5000
heap
page read and write
266C000
trusted library allocation
page execute and read and write
16DC2000
heap
page read and write
9EBC000
trusted library allocation
page read and write
16DEF000
heap
page read and write
170BD000
stack
page read and write
9EF5000
trusted library allocation
page read and write
9F05000
trusted library allocation
page read and write
1520000
heap
page read and write
17909000
unkown
page read and write
169FE000
unkown
page read and write
4BDE000
trusted library allocation
page read and write
F60000
heap
page read and write
4831000
trusted library allocation
page read and write
4917000
trusted library allocation
page read and write
16491000
trusted library allocation
page read and write
167DE000
unkown
page read and write
16DCB000
heap
page read and write
16B5A000
heap
page read and write
16BDA000
heap
page read and write
9EAF000
trusted library allocation
page read and write
31F0000
heap
page read and write
D51000
heap
page read and write
D40000
heap
page read and write
9D63000
trusted library allocation
page read and write
16DB5000
heap
page read and write
16DF5000
heap
page read and write
16DE8000
heap
page read and write
16DCB000
heap
page read and write
178BB000
stack
page read and write
16D8F000
heap
page read and write
16B73000
heap
page read and write
16C02000
heap
page read and write
9E9E000
trusted library allocation
page read and write
16DD3000
heap
page read and write
1550000
trusted library allocation
page read and write
133D000
stack
page read and write
1675B000
heap
page read and write
18AE000
stack
page read and write
1724F000
stack
page read and write
16B43000
heap
page read and write
25BB000
stack
page read and write
173BE000
stack
page read and write
4C9F000
trusted library allocation
page read and write
2620000
trusted library allocation
page execute and read and write
16C0A000
heap
page read and write
16E10000
heap
page read and write
16DC2000
heap
page read and write
16DD6000
heap
page read and write
16DE8000
heap
page read and write
1696E000
unkown
page read and write
16DB5000
heap
page read and write
F67000
heap
page read and write
9E11000
trusted library allocation
page read and write
47CD000
stack
page read and write
A90000
heap
page read and write
16B66000
heap
page read and write
16BFB000
heap
page read and write
17260000
heap
page read and write
16DF5000
heap
page read and write
4D49000
trusted library allocation
page read and write
26B6000
trusted library allocation
page execute and read and write
78C000
stack
page read and write
9E22000
trusted library allocation
page read and write
16DD6000
heap
page read and write
4D4D000
trusted library allocation
page read and write
1702D000
stack
page read and write
16CAE000
stack
page read and write
16E03000
heap
page read and write
16B85000
heap
page read and write
16DEF000
heap
page read and write
D4A000
heap
page read and write
16B8D000
heap
page read and write
16B66000
heap
page read and write
166FD000
stack
page read and write
AA5000
heap
page read and write
CB3000
heap
page read and write
16210000
trusted library allocation
page read and write
1390000
heap
page read and write
1420000
heap
page read and write
4730000
trusted library allocation
page read and write
9ECF000
trusted library allocation
page read and write
16DD3000
heap
page read and write
16ACD000
stack
page read and write
16B2A000
heap
page read and write
16D56000
heap
page read and write
16DD6000
heap
page read and write
16D8F000
heap
page read and write
There are 230 hidden memdumps, click here to show them.