Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
EQUIPTMENT_ORDER.jar
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
initial sample
|
 |
|
|
C:\ProgramData\Oracle\Java\.oracle_jre_usage\b5820291038aa69c.timestamp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\hsperfdata_user\5552
|
data
|
dropped
|
||
|
C:\jar\META-INF\MANIFEST.MF
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\jar\carLambo\A.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\B.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\C.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\D.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\E.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\F.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\FirstRun.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\G.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\GDI32.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\H.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\HBrowserNativeApis.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\I.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\J.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\K.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\Kernel32.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\L.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\M.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\N.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\O.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\P.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\Q.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\R.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\S.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\T.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\U.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\User32.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\V.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\W.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\WinGDI.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\X.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\Y.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\Z.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\aa.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\ab.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\ac.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\ad.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\ae.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\af.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\ag.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\ah.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\ai.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\aj.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\ak.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\al.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\am.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\an.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\ao.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\ap.class
|
compiled Java class data, version 50.0 (Java 1.6)
|
dropped
|
||
|
C:\jar\carLambo\resources\config.txt
|
ASCII text, with no line terminators
|
dropped
|
There are 43 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe
|
java.exe -jar "C:\Users\user\Desktop\EQUIPTMENT_ORDER.jar" carLambo.FirstRun
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\7za.exe
|
7za.exe x -y -oC:\jar "C:\Users\user\Desktop\EQUIPTMENT_ORDER.jar"
|
||
|
C:\Windows\SysWOW64\icacls.exe
|
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
|
unknown
|
|
|
|
http://null.oracle.com/k
|
unknown
|
||
|
http://java.oracle.com/
|
unknown
|
||
|
http://null.oracle.com/
|
unknown
|
||
|
https://repo1.maven.org/maven2/net/java/dev/jna/jna-platform/5.5.0/jna-platform-5.5.0.jar
|
unknown
|
||
|
https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.5.0/jna-5.5.0.jar
|
unknown
|
||
|
https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.5.0/jna-5.5.0.jark
|
unknown
|
||
|
http://www.allatori.com
|
unknown
|
||
|
https://github.com/kristian/system-hook/releases/download/3.5/system-hook-3.5.jarc
|
unknown
|
||
|
https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.14.2.1/sqlite-jdbc-3.14.2.1.jar
|
unknown
|
||
|
http://bugreport.sun.com/bugreport/
|
unknown
|
||
|
https://github.com/kristian/system-hook/releases/download/3.5/system-hook-3.5.jar
|
unknown
|
There are 2 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4DCB000
|
trusted library allocation
|
page read and write
|
|
|
|
9F92000
|
trusted library allocation
|
page read and write
|
|
|
|
9F67000
|
trusted library allocation
|
page read and write
|
|
|
|
9F61000
|
trusted library allocation
|
page read and write
|
|
|
|
15BC0000
|
heap
|
page read and write
|
||
|
A0E000
|
stack
|
page read and write
|
||
|
F99000
|
heap
|
page read and write
|
||
|
161CC000
|
heap
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
153EE000
|
unkown
|
page read and write
|
||
|
1621D000
|
heap
|
page read and write
|
||
|
A0D2000
|
trusted library allocation
|
page read and write
|
||
|
10B0000
|
trusted library allocation
|
page read and write
|
||
|
15D48000
|
unkown
|
page read and write
|
||
|
A000000
|
trusted library allocation
|
page read and write
|
||
|
15040000
|
heap
|
page read and write
|
||
|
1622B000
|
heap
|
page read and write
|
||
|
16610000
|
trusted library allocation
|
page read and write
|
||
|
161F4000
|
heap
|
page read and write
|
||
|
290A000
|
trusted library allocation
|
page execute and read and write
|
||
|
291B000
|
trusted library allocation
|
page execute and read and write
|
||
|
276D000
|
stack
|
page read and write
|
||
|
49EE000
|
stack
|
page read and write
|
||
|
93C000
|
stack
|
page read and write
|
||
|
4B63000
|
trusted library allocation
|
page read and write
|
||
|
2B0E000
|
stack
|
page read and write
|
||
|
4DBD000
|
trusted library allocation
|
page read and write
|
||
|
272D000
|
stack
|
page read and write
|
||
|
9FF7000
|
trusted library allocation
|
page read and write
|
||
|
A0A8000
|
trusted library allocation
|
page read and write
|
||
|
FD7000
|
heap
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
26E5000
|
heap
|
page read and write
|
||
|
4F44000
|
trusted library allocation
|
page read and write
|
||
|
95D000
|
stack
|
page read and write
|
||
|
A0ED000
|
trusted library allocation
|
page read and write
|
||
|
26E0000
|
heap
|
page read and write
|
||
|
15BC4000
|
heap
|
page read and write
|
||
|
A02D000
|
trusted library allocation
|
page read and write
|
||
|
28D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
EC0000
|
unkown
|
page read and write
|
||
|
1500E000
|
unkown
|
page read and write
|
||
|
4F37000
|
trusted library allocation
|
page read and write
|
||
|
A0AF000
|
trusted library allocation
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
263F000
|
stack
|
page read and write
|
||
|
27F0000
|
trusted library allocation
|
page read and write
|
||
|
D9F000
|
stack
|
page read and write
|
||
|
4BB9000
|
trusted library allocation
|
page read and write
|
||
|
14F7E000
|
unkown
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
15ADE000
|
unkown
|
page read and write
|
||
|
1660F000
|
stack
|
page read and write
|
||
|
A102000
|
trusted library allocation
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
15BB0000
|
heap
|
page read and write
|
||
|
158C0000
|
trusted library allocation
|
page read and write
|
||
|
BA8000
|
heap
|
page read and write
|
||
|
27E0000
|
heap
|
page read and write
|
||
|
16C90000
|
trusted library allocation
|
page read and write
|
||
|
499D000
|
stack
|
page read and write
|
||
|
14E9D000
|
stack
|
page read and write
|
||
|
A00E000
|
trusted library allocation
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
2912000
|
trusted library allocation
|
page execute and read and write
|
||
|
2974000
|
trusted library allocation
|
page execute and read and write
|
||
|
2966000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E4D000
|
trusted library allocation
|
page read and write
|
||
|
2923000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BDF000
|
stack
|
page read and write
|
||
|
A0DA000
|
trusted library allocation
|
page read and write
|
||
|
A0F3000
|
trusted library allocation
|
page read and write
|
||
|
1557F000
|
heap
|
page read and write
|
||
|
EEB000
|
heap
|
page read and write
|
||
|
150B8000
|
heap
|
page read and write
|
||
|
4ECC000
|
trusted library allocation
|
page read and write
|
||
|
A108000
|
trusted library allocation
|
page read and write
|
||
|
15920000
|
trusted library allocation
|
page read and write
|
||
|
15480000
|
heap
|
page read and write
|
||
|
15A8D000
|
stack
|
page read and write
|
||
|
4B59000
|
trusted library allocation
|
page read and write
|
||
|
1567D000
|
heap
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
26F0000
|
heap
|
page read and write
|
||
|
A0FC000
|
trusted library allocation
|
page read and write
|
||
|
1028000
|
unkown
|
page read and write
|
||
|
159FD000
|
stack
|
page read and write
|
||
|
150AA000
|
heap
|
page read and write
|
||
|
F95000
|
heap
|
page read and write
|
||
|
1535D000
|
unkown
|
page read and write
|
||
|
9F50000
|
trusted library allocation
|
page read and write
|
||
|
2CD8000
|
heap
|
page read and write
|
||
|
1127000
|
heap
|
page read and write
|
||
|
1542D000
|
stack
|
page read and write
|
||
|
A007000
|
trusted library allocation
|
page read and write
|
||
|
CE5000
|
heap
|
page read and write
|
||
|
E9C000
|
stack
|
page read and write
|
||
|
296D000
|
trusted library allocation
|
page execute and read and write
|
||
|
156B1000
|
trusted library allocation
|
page read and write
|
||
|
16224000
|
heap
|
page read and write
|
||
|
14E63000
|
heap
|
page read and write
|
||
|
4F29000
|
trusted library allocation
|
page read and write
|
||
|
1527D000
|
stack
|
page read and write
|
||
|
2B4F000
|
stack
|
page read and write
|
||
|
14EEE000
|
unkown
|
page read and write
|
||
|
4E30000
|
trusted library allocation
|
page read and write
|
||
|
4BBB000
|
trusted library allocation
|
page read and write
|
||
|
A6E000
|
stack
|
page read and write
|
||
|
1539D000
|
stack
|
page read and write
|
||
|
15668000
|
heap
|
page read and write
|
||
|
15D50000
|
trusted library allocation
|
page read and write
|
||
|
1674E000
|
stack
|
page read and write
|
||
|
B60000
|
trusted library allocation
|
page read and write
|
||
|
9F98000
|
trusted library allocation
|
page read and write
|
||
|
1670E000
|
trusted library allocation
|
page read and write
|
||
|
14A00000
|
trusted library allocation
|
page read and write
|
||
|
1679F000
|
stack
|
page read and write
|
||
|
15BAE000
|
stack
|
page read and write
|
||
|
155A7000
|
heap
|
page read and write
|
||
|
4F33000
|
trusted library allocation
|
page read and write
|
||
|
15508000
|
heap
|
page read and write
|
||
|
4EA7000
|
trusted library allocation
|
page read and write
|
||
|
16215000
|
heap
|
page read and write
|
||
|
27D0000
|
heap
|
page read and write
|
||
|
4A90000
|
trusted library allocation
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
A0CE000
|
trusted library allocation
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
2B9E000
|
stack
|
page read and write
|
||
|
15CFC000
|
stack
|
page read and write
|
||
|
15A4F000
|
unkown
|
page read and write
|
||
|
16211000
|
heap
|
page read and write
|
||
|
152CE000
|
unkown
|
page read and write
|
||
|
15680000
|
trusted library allocation
|
page read and write
|
||
|
16220000
|
heap
|
page read and write
|
||
|
1547E000
|
stack
|
page read and write
|
||
|
161D9000
|
heap
|
page read and write
|
||
|
14FBD000
|
stack
|
page read and write
|
||
|
290E000
|
trusted library allocation
|
page execute and read and write
|
||
|
161C0000
|
heap
|
page read and write
|
||
|
4EB5000
|
trusted library allocation
|
page read and write
|
||
|
14F2D000
|
stack
|
page read and write
|
||
|
EFA000
|
heap
|
page read and write
|
||
|
1566A000
|
heap
|
page read and write
|
||
|
2CE9000
|
heap
|
page read and write
|
||
|
4F4A000
|
trusted library allocation
|
page read and write
|
||
|
1513A000
|
heap
|
page read and write
|
||
|
1030000
|
trusted library allocation
|
page read and write
|
||
|
112B000
|
heap
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
98C000
|
stack
|
page read and write
|
||
|
15020000
|
heap
|
page read and write
|
||
|
15B69000
|
unkown
|
page read and write
|
||
|
1530D000
|
stack
|
page read and write
|
||
|
15B17000
|
stack
|
page read and write
|
||
|
85C000
|
stack
|
page read and write
|
||
|
4A73000
|
trusted library allocation
|
page read and write
|
||
|
28D2000
|
trusted library allocation
|
page execute and read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
161FE000
|
heap
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
4A00000
|
trusted library allocation
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
There are 155 hidden memdumps, click here to show them.