Windows Analysis Report Quotation.jar

Overview

General Information

Sample Name:	Quotation.jar
Analysis ID:	492179
MD5:	8eab8f1a928fa55303b7558536079a2a
SHA1:	491e913225a8c8d144c538fe27cf62f5a8465b38
SHA256:	20351665df8b2d441524a21163e0aa95ea3d3805a873032eb6f55fa1001f3941
Tags:	jarSTRRAT
Infos:
Most interesting Screenshot:

Detection

STRRAT

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected STRRAT

Multi AV Scanner detection for submitted file

Yara detected AllatoriJARObfuscator

Sample execution stops while process was sleeping (likely an evasion)

Found inlined nop instructions (likely shell or obfuscated code)

Uses cacls to modify the permissions of files

Uses code obfuscation techniques (call, push, ret)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Classification

Signatures

AV Detection:

Multi AV Scanner detection for submitted file

Source: Quotation.jar	Virustotal: Detection: 26%			Perma Link
Source: Quotation.jar	ReversingLabs: Detection: 22%

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Software Vulnerabilities:

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe

Code function: 4x nop then cmp eax, dword ptr [ecx+04h]

4_2_030CB916

Source: java.exe, 00000004.00000002.624973788.000000000A79C000.00000004.00000001.sdmp	String found in binary or memory: http://bugreport.sun.com/bugreport/
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: java.exe, 00000004.00000002.624997944.000000000A7A7000.00000004.00000001.sdmp	String found in binary or memory: http://java.oracle.com/
Source: java.exe, 00000004.00000002.623439808.00000000053F0000.00000004.00000001.sdmp	String found in binary or memory: http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
Source: java.exe, 00000004.00000002.625109003.000000000A841000.00000004.00000001.sdmp, java.exe, 00000004.00000002.626580678.000000001576E000.00000004.00000001.sdmp	String found in binary or memory: http://null.oracle.com/
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://policy.camerfirma.com
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://policy.camerfirma.com0
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://repository.swisssign.com/
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://repository.swisssign.com/0
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
Source: java.exe, 00000004.00000002.624987172.000000000A7A5000.00000004.00000001.sdmp, cmdlinestart.log.4.dr	String found in binary or memory: http://www.allatori.com
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class2.crl
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3P.crl
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp	String found in binary or memory: http://www.chambersign.org
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://www.chambersign.org1
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp	String found in binary or memory: http://www.quovadis.bm
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://www.quovadis.bm0
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: java.exe, 00000004.00000002.623439808.00000000053F0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/kristian/system-hook/releases/download/3.5/system-hook-3.5.jar
Source: java.exe, 00000004.00000002.625352111.000000000A925000.00000004.00000001.sdmp, java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com
Source: java.exe, 00000004.00000002.624601757.00000000056CF000.00000004.00000001.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: java.exe, 00000004.00000002.623439808.00000000053F0000.00000004.00000001.sdmp	String found in binary or memory: https://repo1.maven.org/maven2/net/java/dev/jna/jna-platform/5.5.0/jna-platform-5.5.0.jar
Source: java.exe, 00000004.00000002.623439808.00000000053F0000.00000004.00000001.sdmp	String found in binary or memory: https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.5.0/jna-5.5.0.jar
Source: java.exe, 00000004.00000002.623439808.00000000053F0000.00000004.00000001.sdmp	String found in binary or memory: https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.14.2.1/sqlite-jdbc-3.14.2.1.jar

System Summary:

Detected potential crypto function

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe

Code function: 4_2_030CC241

4_2_030CC241

Source: Quotation.jar	Virustotal: Detection: 26%
Source: Quotation.jar	ReversingLabs: Detection: 22%

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe

File created: C:\Users\user\AppData\Local\Temp\hsperfdata_user

Jump to behavior

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe

Section loaded: C:\Program Files (x86)\Java\jre1.8.0_211\bin\client\jvm.dll

Jump to behavior

Source: C:\Windows\System32\7za.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: classification engine

Classification label: mal60.troj.evad.winJAR@10/67@0/0

Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c 7za.exe x -y -oC:\jar 'C:\Users\user\Desktop\Quotation.jar'
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\7za.exe 7za.exe x -y -oC:\jar 'C:\Users\user\Desktop\Quotation.jar'
Source: unknown	Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c java.exe -jar 'C:\Users\user\Desktop\Quotation.jar' carLambo.FirstRun >> C:\cmdlinestart.log 2>&1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe java.exe -jar 'C:\Users\user\Desktop\Quotation.jar' carLambo.FirstRun
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M
Source: C:\Windows\SysWOW64\icacls.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\7za.exe 7za.exe x -y -oC:\jar 'C:\Users\user\Desktop\Quotation.jar'	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe java.exe -jar 'C:\Users\user\Desktop\Quotation.jar' carLambo.FirstRun	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5292:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:972:120:WilError_01

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Data Obfuscation:

Yara detected AllatoriJARObfuscator

Source: Yara match	File source: 00000004.00000002.624987172.000000000A7A5000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.624888196.000000000A76A000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: java.exe PID: 5672, type: MEMORYSTR
Source: Yara match	File source: C:\cmdlinestart.log, type: DROPPED

Uses code obfuscation techniques (call, push, ret)

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Code function: 4_2_0302BB27 push 00000000h; mov dword ptr [esp], esp	4_2_0302BB4D
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Code function: 4_2_0302B377 push 00000000h; mov dword ptr [esp], esp	4_2_0302B39D
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Code function: 4_2_0302B907 push 00000000h; mov dword ptr [esp], esp	4_2_0302B92D
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Code function: 4_2_0302A1CA push ecx; ret	4_2_0302A1DA
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Code function: 4_2_0302A1DB push ecx; ret	4_2_0302A1E5
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Code function: 4_2_03032D44 push eax; retf	4_2_03032D45
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Code function: 4_2_0302C437 push 00000000h; mov dword ptr [esp], esp	4_2_0302C45D
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Code function: 4_2_030C7FD1 push cs; retf	4_2_030C7FF1
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Code function: 4_2_030D1EEC push es; retn 0001h	4_2_030D1FFF

Hooking and other Techniques for Hiding and Protection:

Uses cacls to modify the permissions of files

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe

Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M

Malware Analysis System Evasion:

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: java.exe, 00000004.00000002.621877991.0000000002E25000.00000004.00000001.sdmp	Binary or memory string: ,java/lang/VirtualMachineError
Source: java.exe, 00000004.00000002.621877991.0000000002E25000.00000004.00000001.sdmp	Binary or memory string: \|[Ljava/lang/VirtualMachineError;

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe

Memory protected: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\7za.exe 7za.exe x -y -oC:\jar 'C:\Users\user\Desktop\Quotation.jar'	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe java.exe -jar 'C:\Users\user\Desktop\Quotation.jar' carLambo.FirstRun	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M	Jump to behavior

Source: java.exe, 00000004.00000002.621719652.0000000001810000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: java.exe, 00000004.00000002.621719652.0000000001810000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: java.exe, 00000004.00000002.621719652.0000000001810000.00000002.00020000.sdmp	Binary or memory string: &Program Manager
Source: java.exe, 00000004.00000002.621719652.0000000001810000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

Contains functionality to query CPU information (cpuid)

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe

Code function: 4_2_03020380 cpuid

4_2_03020380

Stealing of Sensitive Information:

Yara detected STRRAT

Source: Yara match	File source: 00000004.00000002.623439808.00000000053F0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: java.exe PID: 5672, type: MEMORYSTR

Remote Access Functionality:

Yara detected STRRAT

Source: Yara match	File source: 00000004.00000002.623439808.00000000053F0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: java.exe PID: 5672, type: MEMORYSTR

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No contacted IP infos

ID:	492179
Product:	CloudBasic
Start time:	13:03:19
Start date:	28.09.2021
Sample:	Quotation.jar
Cookbook:	defaultwindowsfilecookbook.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	8eab8f1a928fa55303b7558536079a2a
SHA1:	491e913225a8c8d144c538fe27cf62f5a8465b38
SHA256:	20351665df8b2d441524a21163e0aa95ea3d3805a873032eb6f55fa1001f3941
Filetype:	Java Archive (13504/1) 62.80%

Name	Type	MD5	SHA1	SHA256
C:\ProgramData\Oracle\Java\.oracle_jre_usage\cce3fe3b0d8d83e2.timestamp	ASCII text, with CRLF line terminators	0F266CF7193A3BBCCE1BEDE248FF59CF	B42AF964B6ED1EDBE05AC33DE2842545C901FF36	69756F90CC0C79595BB98298BE8ED694CC96ED0D928A0BAA0ED6488117769DCC
C:\cmdlinestart.log	ASCII text, with CRLF, LF line terminators	37B52246CF0EBFBFF8EF7A9658D7B51F	BFA1DFB7173AE2613F43D0D1D66AB6747B3DB48B	814D9E3C403422E46F0D863C10DD960586C833458D5F684B55A122CA52167041
C:\jar\META-INF\MANIFEST.MF	ASCII text, with CRLF line terminators	49D087BDC8ACB4DF60649D704C94D2D6	6B32187725F254332B6A67E947E8CAFACA45A0EA	DB87F882E09217C84F7B9DB915CB4D28CFB17F99C0B4647BF9772D5916053460
C:\jar\carLambo\AaISogscfReXxeZKUWBlO.class	compiled Java class data, version 49.0 (Java 1.5)	92F2EEE881D637E2817FFF032A9B051E	8A6B9B6C82A101A99080FEED3C36BEB3CC30378A	C307E87F4B59ED4EB19787DD7E4D8B047D6DB172CE88E9FC7A8AF9942F74E5BF
C:\jar\carLambo\BvHpAJlEksWthemKshuQp.class	compiled Java class data, version 49.0 (Java 1.5)	96F4089E48A470DEAD9A5424637F038A	358FDFE44DC2695C3181D831F27EA66BF8682D1A	1DB9F2F59FB52D35E778EF0B76000F5EB95760349070468BA498592529516378
C:\jar\carLambo\CSvxxbhsMkFgzwSLJPuno.class	compiled Java class data, version 49.0 (Java 1.5)	9C9C57F70B17F8C47ACF123A1E2AA23C	DCEBACD6FC1F8DF8527817C38241A3D1431C0EA0	F40CEBAB91ED9B83815256D4EA8A6BC43513EB856AAE15E88E03008532954BA6
C:\jar\carLambo\DaHdKpqpmbwOJzFdSfJTr.class	compiled Java class data, version 49.0 (Java 1.5)	93AF80DA1D7C25F5CDDCCB5519BEC8CD	C34CE2905E2CF5A829298D5856D0C0955EED3E59	CB4F3570BAF63EDFD8DDD4717D5FA0070851E366CF9B4B60E07BF8BA41701394
C:\jar\carLambo\FirstRun.class	compiled Java class data, version 49.0 (Java 1.5)	6B03CA9942FCAC3DF1B650382EDB9961	46A809D952AD0C02C81F581B797AD542CC1DC2F8	62515AFF86C3E5B6BDA71C2E45FB1C69B9A534B40E2D3FE9CB545B52F403648E
C:\jar\carLambo\GDI32.class	compiled Java class data, version 49.0 (Java 1.5)	D751B938C1F33787EFCF737E4F7F1F76	F2429206AB8AA53CF704170DE324A931E186DC62	06B611DD1DA1055F66A2B13097118AF7302BAEAE0B16F60CF063436D1FD0E752
C:\jar\carLambo\HBrowserNativeApis.class	compiled Java class data, version 49.0 (Java 1.5)	854D76A936DC8C4A0D1D32499C801207	DCB4433E38B2FE2DAC839C0373B43248AC79D423	50403441B0B5BBADA6BCA90C0DA0D74302EAA9609E5BE51E955E30FEAEE74F97
C:\jar\carLambo\HhGNtKoTftxMhSSBMJnzt.class	compiled Java class data, version 49.0 (Java 1.5)	4ABF2B3B209572768141F175D3B9B578	B88B614DB594D23EAC572F0707704781D99EB0DD	87DBEA61653D0DCE7F92580A0198B939AEC1761D1E3703840BE4802B9A788B1B
C:\jar\carLambo\IXoamLVdxZHhnOCKEypnx.class	compiled Java class data, version 49.0 (Java 1.5)	AC2FC30A63592A1CAEE3195BDB018C2C	E44D5E20250DD50AD9C512BD1F7BF8A73D410715	D529488A95042436BDFB6EC7DC716A763FF097B462DE6EE0C1B24224E3A8B15F
C:\jar\carLambo\IjxLOzQLUDkaXnjBGOAoG.class	compiled Java class data, version 49.0 (Java 1.5)	1F23400846ACCAD55499541F7F4ECFDC	FAD20DC616C465B016F6AF11C34B7DA75347A22A	0FC63AD17488FD0B3720B0FE1AE9367455378128A138781AE5A772C7C1B2B5B9
C:\jar\carLambo\IsPDtEuhSpLxTtNBFQXAi.class	compiled Java class data, version 49.0 (Java 1.5)	5AE35DE6803F6F4577828999E11DD4A4	3C79A1B3715577F535216BA1CF6E530528546077	A112DAC393A1E367F81B79F3AAD7C8D94DF9DB635446B7F1E92E1C349F0A27FF
C:\jar\carLambo\JJNChPaoaJuTageKFIyUf.class	compiled Java class data, version 49.0 (Java 1.5)	6DCB92C214D224344358FC325273488E	08854EE1E23B891BF4F51E4096FB456BCD1FA282	E974BCB1491DE6A6AA353E2C979672F0AB6A31CBC713ED3D6D9DF6AAE869CD2A
C:\jar\carLambo\JXeuHETDDBNayfsmagXfz.class	compiled Java class data, version 49.0 (Java 1.5)	68FE8F1583E1AC4D64E975617E5FD423	037C5D976D6427F77C52F3D86954300FE5E58CC7	CF3D717F53BA2670858E96378F3F7B16C54CC917747C33D8188BCAA91A16B452
C:\jar\carLambo\JZxxYGNZPNJezbPxNUZCd.class	compiled Java class data, version 49.0 (Java 1.5)	09CB47A644292E90EF256BF5FDA1A02C	CE5287D01FE1EF91398E5FD7D82E72CD0434BB43	05729A8E66761033B2FD5093E124A5D413886C445CCD3747AD70017476AF977A
C:\jar\carLambo\KFplBMCKgMdHvcMkaAGZa.class	compiled Java class data, version 49.0 (Java 1.5)	5DB1F62D21EF9B20D4EE81F992FE4C65	AFDC830C8756BA9D98AFA15B1751A2216151CC79	2DF33F6B640CE3D7CF701BEDEEBD8C80DE9FD0E547CE535232AA20773ADC882C
C:\jar\carLambo\Kernel32.class	compiled Java class data, version 49.0 (Java 1.5)	EA93BAE3D1D40BD5C124D732766A5C43	1F349335D92DA0BA658498DD4F50B57B41CBA7DC	B6EE166AB0AD29523562952A0AEC58BD95B07263F19261D5AB6F39E890EF4ACD
C:\jar\carLambo\KosQXPANrWiAsLTBDYIav.class	compiled Java class data, version 49.0 (Java 1.5)	BC5B8A816819E0F7A236F34FD4FE3CD8	C1D74A1604C6ADD6BB35568A0CD51DD172C004DD	9369D1269623FAF524E957CA247F45BD32AE10F4DA298EC2D9EE4680D99BFA5F
C:\jar\carLambo\LTsbSrnXqNHTzSCadLztL.class	compiled Java class data, version 49.0 (Java 1.5)	059572B6047AC1B4F5D99BD59EB8E26C	7C125DF71B9043F687D06876080918FF5C12FD83	3131ECEF2318202F2AE54B3202EFD816978A5274F9459B583C2563286E3F3E76
C:\jar\carLambo\ONjFQMbZKhXUIvJECkqdG.class	compiled Java class data, version 49.0 (Java 1.5)	49B6B6238AD7E786906C55998274FC58	0E43376474F440732D0CF20F5A7FB86A8E2959F0	442C5EF4EC01354464ABE8B8C1C2FAC819F589309F8B8DB7F93A7A12F31F0D16
C:\jar\carLambo\RdldwsORcdxmkhJVwhbLi.class	compiled Java class data, version 49.0 (Java 1.5)	0ADC099832F3748A1397EC738F01562D	A7A11EB37FD282FA9D0FF5F3A3C3E6C269BAAB3F	DE4DAB7AA1245D892F5BA00E4C8B675774E13D2B0FAABD9DA890120AEDEA0974
C:\jar\carLambo\SLINEyhIcNChZpywErVgS.class	compiled Java class data, version 49.0 (Java 1.5)	CC3FEB972007A22E9696137A57E34ACE	1F056D624C76C9FAF28DC92ECDAEA269611AFB20	9D81CF0D87A2F2E438BFD4727DCBDD5E7F9581D4A2F98B3867939E080777E22B
C:\jar\carLambo\TlNoUrOpQFTDEOhhEkJkV.class	compiled Java class data, version 49.0 (Java 1.5)	AC75388D5FEB3BFBABB194F36F20D67F	E263DF230C9DD84F2D992970D4CD8280400D5481	4CB070AA0C1B4CBD3B571729334847EB54536EEE042D90264816D6797820F44B
C:\jar\carLambo\TwJpMYXWnMJHKsRderDDT.class	compiled Java class data, version 49.0 (Java 1.5)	CACB446F3041873AD360C09BD5B06241	271915B5BB16DEC1981264DCFD561DABCF40A2BF	C9630D9D5CEB5CD6C933B6ECCA54B4B91710EFBB50DB381C9DD8500B374932ED
C:\jar\carLambo\UWPKqDtrtuRkfgJqVaIfH.class	compiled Java class data, version 49.0 (Java 1.5)	2D007F99D1B43E5CCACFF38529111EB5	C090E0D3A84BA0D6C2324B52AB11B35211F2E459	7420CE5CE15C9D335D315458D1AC1CBDBAA2DF1FB86A25E9350245726E965957
C:\jar\carLambo\User32.class	compiled Java class data, version 49.0 (Java 1.5)	74E3267A0A8A18C211B6A36A40D8D9C9	EA99375E085467B362EC1E3A2DA3854241BC37D5	10D41BB5B9F1036663687723237F595050A98433AA129544490AF45E29150A70
C:\jar\carLambo\WinGDI.class	compiled Java class data, version 49.0 (Java 1.5)	7E7159FABF64B2A99614D43805EDD16C	8EEAC5BF0D2DC109B6F48164ED20A6470636E5CA	D07BAA1E2E821904345458D0F8D4813FC079B73B101419EB2544C952D7C7BCC2
C:\jar\carLambo\XmcgWVirDwLliVZTBfoxa.class	compiled Java class data, version 49.0 (Java 1.5)	2E17A65DE7CD8AE3E87D88A44108565D	88CDC413E8192B611AA7D3EC74B8AA00CE7ACBC8	6763B877ADE04CFBEFC5CC86F761C8A95CBFBFDE73CC2E6C6541937FEB77405A
C:\jar\carLambo\XtGDgqPPFsffwvuGLMVrE.class	compiled Java class data, version 49.0 (Java 1.5)	04AA6EB570DC8409062392BD472C4FAE	082C2EC47347B2BD67DB0B9A506E36CCDB65971D	ECB1F3F1F96727FD18AA24DA085DD7965559012D0CA718598F42DCE424072568
C:\jar\carLambo\YAscrrsjSCEINprDrLpVw.class	compiled Java class data, version 49.0 (Java 1.5)	07C18201EB1AABFCBE43C296A6846E65	0F40916D129B8B7D89E42060AD46683437BD4429	572253C0BC952549049392DB810F27B87E3D39837590F7B5B60618CE4B6334AC
C:\jar\carLambo\ZYEcYXbRzHYFyZblHqtZQ.class	compiled Java class data, version 49.0 (Java 1.5)	DBBCC18CB226544342340B4DDA2D69CB	596AB417E4823DBEFBE5F2B861B66C5CEC5F69B0	2E242793BAEBCD16B2AD3AC494D69716B3907F2169B6808965C4F527C3D1D692
C:\jar\carLambo\bblLjaykILRsJuIgHpxpV.class	compiled Java class data, version 49.0 (Java 1.5)	010C23B999F0FD48BC42AA86157977EB	F6CB4D95A92B5100E3F8F69ECB1FA26A3B659A0C	2CFD4910F1AE48BBC8BE5C820BD2432083819CD26423151F48DAF326318B7FAB
C:\jar\carLambo\bmfvovJGUyUbPgySKkkcq.class	compiled Java class data, version 49.0 (Java 1.5)	FCD751CB662065B181D5834CD2A93FD9	D3B37A2BE97EE520B4CAB59054E0E7C8F821314E	AB3A876015F1657778D26FE6292E1445C33D23DE9609D50417FF0DAC6A38BE1D
C:\jar\carLambo\bzlBSuuREhLCmheoxRLoe.class	compiled Java class data, version 49.0 (Java 1.5)	000832A1C14E57C5AAEE5A350F0723D0	8C6941CA2FB56632739083B0A99F68CBAB195821	C4E40E8A53CC96BA2EF2CD91855789FA3073FEAC74320EE153C12FF36B50B6ED
C:\jar\carLambo\cNhfmljIASGhxQnqNJuWx.class	compiled Java class data, version 49.0 (Java 1.5)	800510F826E5E863BA64BFD594C8686F	54B91C2A6F9CF7F43F4C7B65A1615958CDFCF1D6	C2FEEC9238C5334F9AA2FA5EEF13A2AC2A029759F52C62E561F661EB31A903C7
C:\jar\carLambo\dYjHcUTAJpBUzZmyvwxcg.class	compiled Java class data, version 49.0 (Java 1.5)	FA9F03930520048815883C5B57D574F6	DCD9191AFC3DEDA3FA9A0AB641C3DC3CE7607ECD	359DCACA4566CAA721921CC36BA3E10C8F671EF59B5FDC9EB7A00D4C2786935C
C:\jar\carLambo\eauxCIrdjXbTstchfeoOk.class	compiled Java class data, version 49.0 (Java 1.5)	87B46B7381B4B39BF21BB7AEC5F089C1	903E12E553E2786E41EBDA5D7693AF447370A2EA	769D41B75E885CA68F0C60A356F0EE381B9FBB4067AFC6B47EB99CE1E18DB7CA
C:\jar\carLambo\hBkzOcczVKCAHBldijzvK.class	compiled Java class data, version 49.0 (Java 1.5)	6075EB85A73E8B1B8D862E81E47F873C	CF08C6C91B5C93FD32FF321DFEB212D9DE94C2D9	BFF28245611B43BB62A1A23DF4F8C59CD33BF74D6E3CADB0214C40352FDCE6F9
C:\jar\carLambo\hWdmIbubOgKXDUyGkTEEB.class	compiled Java class data, version 49.0 (Java 1.5)	26B28B12032D16A20EBDA610A90FF216	9EDCC3EB36264C9E279D584A9E24E75B003F48FE	63465AF4C804B2E8EAF0C6FE033E304103D686E3711956165C65ACD97FC7C797
C:\jar\carLambo\hYsqcGfbELOwxudanKXov.class	compiled Java class data, version 49.0 (Java 1.5)	4D82201B1A061BD2DFA7B2A5694A8116	78A64EF593997D3D2CC370A97ABAFD5F58176BC1	33F877545131ECEEE824A8C37C1A7EA358922342D5B8534DD9C823DA9B7AB910
C:\jar\carLambo\hccNzYOZzwIxSugKtwNFq.class	compiled Java class data, version 49.0 (Java 1.5)	A7F7C47D0F75E833E7FA864D13B18B30	468C954ED241DEFE017B7762C28FB624690CD394	720D2E0D3BA7113E73FA47843374DEA8361E2CD03EF1C983AD9B2BC681883FF7
C:\jar\carLambo\iUmCoRfIFAQoefdxTBoVc.class	compiled Java class data, version 49.0 (Java 1.5)	9AD95C77E0906C9DF398280D74198BD4	53E24BA15CEAF438B823044660463912A0D2ADD0	2FA211FA453147066FC917548B5D24D045538C13A8536F88C4862D5018FC1F96
C:\jar\carLambo\jsGSSBxDsfgZgmNRCCRge.class	compiled Java class data, version 49.0 (Java 1.5)	296F17D521783C2BC011A8A7FA1254C5	A87157E156C9F9401E02DD8018D52B3EC9B4DEC0	50F47E6143BBE0F3386811ECDD2B36280A977271BCBE14207EAF05D770A48311
C:\jar\carLambo\kKDEXLppEHnYcckGnnxxg.class	compiled Java class data, version 49.0 (Java 1.5)	97DB65F6CC29CEBE9BEEA98EEE562B13	0A3CFA4B59B4EF676953CAC12AE24488546EDA01	C052DA15C914025D055DB903CE9866F0720FAC314609204EEBD1145E3CF97BAF
C:\jar\carLambo\kqfTtOdPWqoSaOdKfHjPr.class	compiled Java class data, version 49.0 (Java 1.5)	12044C0549AC97D208F50CA1A995A5D2	91AD034B827143B4FF1E15F72CB42FE46871CEF0	ED291CE034B8719205055EB9B253AD31E8CE095414253A0E233E8996E1C2641F
C:\jar\carLambo\ktqJfqRpauSAGkfJbNchr.class	compiled Java class data, version 49.0 (Java 1.5)	0645B28A1CE1EB255ADAD83007542DEA	097DF1A2CBFECA86F949EDBBE8759CE89374F425	A68F0AB709DBAD57103CC22FC4550298F011C296FA8C3031ABEB95510FF7F143
C:\jar\carLambo\lXiQWxbivgQpkaqCCfVKY.class	compiled Java class data, version 49.0 (Java 1.5)	1132FC8AD53D49B5C0FE9835A5CB066F	825025812BA0904D12C0E97E0770A9B688899884	334DFAEB4D74B7186B29BD285B1BDAD2089C4D33E0D3EF8805FF0BEA33063335
C:\jar\carLambo\mdNVabGLtSgHprawsRQOv.class	compiled Java class data, version 49.0 (Java 1.5)	4667D8E8E4F012052ED04A13757EF57B	0E6619CAE40478C90048B2F14B9B26EFA8F129D0	1BFBDD2DBDFF374858499E849A7B7F24DD0D4AD1EFBE845155F4D06C90367BCC
C:\jar\carLambo\nYKUJiPDMFquwRpKFElAD.class	compiled Java class data, version 49.0 (Java 1.5)	337F4F463C43C04D8C9C235CAA510E28	9D000638D33F99345FA378E5CC364CB7EDC90622	ED1BF3B5A170C7EE10B1AE31991A3C25D5E19701E37938F4137F8972C5FA2CA5
C:\jar\carLambo\oGMqziBzYYxWXtOgENcol.class	compiled Java class data, version 49.0 (Java 1.5)	99DA428A55CF5A29ADB83D9AA6133972	2BDD085D4FF68B56A6B25AA1C099353FB2058866	3DDE4347F17A5872F3D79E9CED6236F6A237EFFD7EF20C9D929BA877E79E8C69
C:\jar\carLambo\qAnFfCeztBRNXnxmfAymy.class	compiled Java class data, version 49.0 (Java 1.5)	0045D734B12753B9C694549D60F961C7	31C1FD9D72FF402A69AF74AE4A459B1685216BA9	D50024CDBB909AFF135B94E283D21C0FB2F06780BCB41DD45176DFCB1220D4D2
C:\jar\carLambo\qNjCcZeKvVwoJRxKdiCbn.class	compiled Java class data, version 49.0 (Java 1.5)	16AC1AC669BA20460253BFE1BC755616	3DC2FA06477F5A408F90C7A2AC3AADC5F14C27BF	36B27903F1C753DBDF5257208AFE4B848CD45C1978E363261B14160C66993A0C
C:\jar\carLambo\qSvSnaYHzthBBeWOIMBaB.class	compiled Java class data, version 49.0 (Java 1.5)	338F19D0F1DDB9676B6CCAC29B206644	1146DCDB229802C7478983489AEB6DE38FC7B7EC	814201981E47EFF2EF8C481ECA242A07AA6F8C0C7E448BF31ACEB94A8854E797
C:\jar\carLambo\qcwPdWnKTLcdPxDSEKqai.class	compiled Java class data, version 49.0 (Java 1.5)	D1EED31271486EF64577CDCFA4D25334	E00C65D29899CAF59900F6A59F925ECBEECF81E2	A05521D4416C71F61C01C39569BDD03021078363D51120C83B411979C9CC1C55
C:\jar\carLambo\resources\config.txt	ASCII text, with no line terminators	53A8DDAB5B788AC16393C94687E0DA3C	BA9913773A9B3E556A072C6BD935369C45DB66C8	5E308F29E6B598F63911FC0D6B23DEFCF0DD889F0116C3619A2DCBEA591B6E98
C:\jar\carLambo\sbsQDGLLzqONvAeirLUFR.class	compiled Java class data, version 49.0 (Java 1.5)	20B1BE0F34F5AA57FCEE0DB6309E2C3F	E405B4A4618EDEFE37CC1FB78992571131526CA3	1329562D999971A5EC6CF76E8128748FD1B5334ACE914ED9833778CFDE6D2677
C:\jar\carLambo\sdQKOtlJzWCBporuolMyN.class	compiled Java class data, version 49.0 (Java 1.5)	063948920926B55E075E97B43726E507	B72667F9A14C5D92DB62572E1AE752C493926929	13D19559126C049FAD76CD546EBCE04077F6340352D56D4A764950CA7A6B4D83
C:\jar\carLambo\susnFxnUwlidMWpefYbJj.class	compiled Java class data, version 49.0 (Java 1.5)	50ACA9B8E36F29521BB71CCD5E131274	2799138ED5FAAE3028A8BFE70F6EA24AFC77FED3	C2F9DF8BDF4463888DFC6D4ECD92D483A931B2548BF8CE54C805E7C9A3DD4665
C:\jar\carLambo\tSrrFgcYOfUSarEmZIkay.class	compiled Java class data, version 49.0 (Java 1.5)	FDEE2DA98DD25AFA2F8D42E09F7E3185	68182D35A13F910AD159B72AFEA0D795500C0107	4CEB9897B0EDFA586DB39F9D643820389454679B85D4A0D923AFC077BC3E15B9
C:\jar\carLambo\uinODIkCilGXJDaSnyVJx.class	compiled Java class data, version 49.0 (Java 1.5)	972EF445D939C719B2C5592A0AEB7516	1D6FC872B5CEC0C5F70B764901578C9517697B55	35426BD8D2DA9319189B6361AC4FE9589EB5A637124D9BCC50B4F8AC5A88D068
C:\jar\carLambo\unFpTnLKGCoDhhTwCythd.class	compiled Java class data, version 49.0 (Java 1.5)	9C2D663D3347D84DF5DE1BD058E32058	D2B82C62AF366AAA6FE117F2017F20CC05EBAAD9	66CC85EF64862B456F720146C8CF3D285C67F974A3C8CEFE0422E528C1259E8B
C:\jar\carLambo\vISXLMxulVKJDJdBSbyBW.class	compiled Java class data, version 49.0 (Java 1.5)	D24EFB2AFBA6849E895A9B83344DB3BA	FFCFDCBB88C18E35CEF04CF1DFBE1DA03C898FCF	8206FE2FF1AC6ACF8DBF293EC0B266DA2F5810C8D12BCEB9CFE936F917847BB6
C:\jar\carLambo\vPGWlacnCrelHWkRFSJnJ.class	compiled Java class data, version 49.0 (Java 1.5)	B90B8782E5637E450EA46EAE489B26B6	A9806BACDB4C711D4AC5E5E98B44373FB6569060	BC90C44FF21CC99691F0B9FACD89AAC9F744488A2DB7AF763661316FC2307CBD
C:\jar\carLambo\wparXSrkmxMhKOZjMNKKu.class	compiled Java class data, version 49.0 (Java 1.5)	68BE706DDB652BACD10CB11438221C06	4748571F87F7B7B665711EA6B15ADD82C5634E04	D0A990635873FDAE4252529C3CB52B0EA13A907844906AFDE7F6459F04D6B2ED
C:\jar\carLambo\yLBVjlynSgWMgvIJTRRcy.class	compiled Java class data, version 49.0 (Java 1.5)	FE606169E6457AF51AF4F785E0D563E6	A6F2A42EF084B44184080F578CD269B775F4157D	DC9D365B44481CE8045468EBAD9C3CDD26AB9582F4003F1AECC7EA85A4659E77

Windows Analysis Report Quotation.jar

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Compliance:

Software Vulnerabilities:

Networking:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Screenshots

Behavior Graph

Network Map