Invoice PDF.jar

Status: finished

Submission Time: 2021-04-19 23:31:57 +02:00

Malicious

Trojan

Spyware

Exploiter

Evader

ADWIND

Comments

Details

Analysis ID:
392877
API (Web) ID:
687858
Analysis Started:

2021-04-19 23:31:59 +02:00
Analysis Finished:

2021-04-19 23:47:40 +02:00
MD5:
903b63e35bf8738809eab0f187027daf
SHA1:
257ff2ca9d7848e7c411790c3fa88a0aea479079
SHA256:
bdfe705deebedf2b4edd1fee5bb225f3a14718f0a1007553fec5050db0f7fe08
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 7/60

Open Full Report

malicious

Score: 27/36

malicious

Score: 23/31

malicious

IPs

IP	Country	Detection
107.175.101.209	United States

URLs

Name	Detection
https://jrat.io
http://javax.xml.XMLConstants/property/accessExternalDTD3
http://java.sun.com/xml/dom/properties/ancestor-check
Click to see the 97 hidden entries
http://apache.org/xml/properties/security-manager
http://xml.org/sax/properties/c
http://apache.org/xml/properties/s/dom/iD
http://xml.org/sax/properties/e
http://apache.org/xml/properties/internal/datatype-validator-factorys
http://apache.org/xml/properties/internal/error-reporterSE
http://java.sun.com/dtd/properties.dtdk
http://javax.xml.XMLConstants/property/accessExternalDTD;
http://apache.org/xml/properties/internal/namespace-binder
http://crl.securetrust.com/STCA.crl
http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
http://apache.org/xml/features/standard-uri-conformantZ
http://java.sun.com/xml/stream/properties/reader-in-defined-stateodeIter
http://apache.org/xml/features/validation/balance-syntax-treesS
http://www.certplus.com/CRL/class3P.crl
http://cps.chambersign.org/cps/chambersroot.html
http://xml.org/sax/features/allow-dtd-events-after-endDTD
http://apache.org/xml/features/generate-synthetic-annotations
http://apache.org/xml/features/
http://xml.org/sax/features/namespace-prefixesnt(
http://java.oracle.com/
http://java.sun.com/xml/dom/properties/c
http://bugreport.sun.com/bugreport/
http://gG2DwoT3pJewMEBGx6.com
http://apache.org/xml/properties/internal/validator/dtd:
http://java.sun.com/xml/stream/properties/reader-in-defined-state
http://javax.xml.XMLConstants/property/s3
http://javax.xml.XMLConstants/property/accessExternalSchemaD
http://apache.org/xml/properties/internal/grammar-pool
http://apache.org/xml/properties/input-buffer-sizes
http://java.sun.com/xml/stream/properties/3p
http://ops.com.pa/jre7.zip
http://java.sun.com/xml/dom/properties/ancestor-check3C
http://java.sun.com/xml/dom/properties/ancestor-checkurr
http://javax.xml.XMLConstants/property/
http://www.certplus.com/CRL/class2.crl
http://apache.org/xml/features/validation/schema-full-checking
http://apache.org/xml/properties/internal/xinclude-handler9
http://apache.org/xml/features/xinclude
http://ops.com.pa/jre7.zipW
http://apache.org/xml/features/validation/warn-on-undeclared-elemdefk
http://apache.org/xml/features/create-cdata-nodes:
http://apache.org/xml/features/allow-java-encodingserRej9
http://apache.org/xml/features/validation/warn-on-undeclared-elemdefs
http://apache.org/xml/features/create-cdata-nodes3
http://apache.org/xml/features/namespace-growthS
http://apache.org/xml/features/validation/balance-syntax-trees1
http://repository.swisssign.com/0
http://xml.org/sax/features/0co
http://apache.org/xml/properties/dom/current-element-node#
http://apache.org/xml/properties/internal/stax-entity-resolver
http://java.sun.com/xml/dom/properties/
http://xml.org/sax/features//dom
http://apache.org/xml/features/dom/include-ignorable-whitespace
http://apache.org/xml/properties/internal/dtd-scannerl.o8
http://apache.org/xml/features/internal/parser-settings
http://apache.org/xml/properties/internal/symbol-tableQ
http://www.oracle.com/feature/use-service-mechanism/w3c/
http://apache.org/xml/properties/internal/entity-manager
http://apache.org/xml/properties/schema/external-schemaLocation(
http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-onlye/
http://apache.org/xml/properties/internal/document-scanner/apach7
http://apache.org/xml/features/standard-uri-conformant2
http://www.chambersign.org1
http://apache.org/xml/features/validation/balance-syntax-trees#
http://apache.org/xml/properties/input-buffer-size
http://maven.apache.org/POM/4.0.0
http://apache.org/xml/properties/internal/entity-resolvers
http://apache.org/xml/features/validation/schemaK~
http://apache.org/xml/features/validation/schema/augment-psvi
http://apache.org/xml/properties/internal/entity-resolvert
http://javax.xml.XMLConstants/property/accessExternalDTDS
http://apache.org/xml/properties/internal/document-scannerKS
http://apache.org/xml/properties/internal/document-scanner
http://apache.org/xml/features/standard-uri-conformant
http://apache.org/xml/features/continue-after-fatal-error
http://java.sun.com/xml/stream/properties/ignore-external-dtd
http://apache.org/xml/features/validation/schema/normalized-valueB
http://policy.camerfirma.com0
http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace0
http://apache.org/xml/properties/dom/current-element-node9
http://apache.org/xml/features/warn-on-duplicate-entitydef-node-
http://apache.org/xml/features/scanner/notify-char-refs
http://apache.org/xml/features/include-comments
http://java.sun.com/xml/dom/properties/;
http://apache.org/xml/properties/internal/validator/schema#8
http://xml.org/sax/properties/(
http://apache.org/xml/features/validation/warn-on-duplicate-attdefttp://D
http://apache.org/xml/properties/security-managerk
http://apache.org/xml/features/internal/tolerate-duplicatesKR
http://apache.org/xml/properties/internal/error-reporter
http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation
http://apache.org/xml/features/xinclude/fixup-base-uris
http://www.oracle.com/feature/use-service-mechanismrg/ap
http://apache.org/xml/features/3
https://jrat.ioS
http://apache.org/xml/features/nonvalidating/load-external-dtdnt:

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\Retrive4117647702204724132.vbs	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Retrive7530640457785674935.vbs	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Retrive7965693575833183651.vbs	ASCII text, with CRLF line terminators	#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Temp\Retrive9101275134933643330.vbs	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Windows278170804881636675.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\Windows9046764930049020633.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\ebgeaegdbdecaedfebace.reg	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Roaming\Oracle\bin\dtplugin\npdeployJava1.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\client\jvm.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\concrt140.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\dcpr.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\decora_sse.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\deploy.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\dt_shmem.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\dt_socket.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\dtplugin\deployJava1.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-utility-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\eula.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\fontmanager.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\client\classes.jsa	data	#
C:\Users\user\AppData\Roaming\Oracle\bin\client\Xusage.txt	ASCII text	#
C:\Users\user\AppData\Roaming\Oracle\bin\bci.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\awt.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\gstreamer-lite.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-time-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-string-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-stdio-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-runtime-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-process-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-private-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-multibyte-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\java.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\jdwp.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\jawt.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\javaws.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\javafx_iio.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\javafx_font_t2k.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\javafx_font.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\javacpl.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\javacpl.cpl	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\java_crw_demo.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\java.exe	PE32 executable (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\fxplugins.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\java-rmi.exe	PE32 executable (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\jabswitch.exe	PE32 executable (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\jaas_nt.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\j2pkcs11.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\j2pcsc.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\instrument.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\hprof.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-filesystem-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\glib-lite.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\glass.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\Welcome.html	HTML document, ASCII text	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-handle-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-file-l2-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-file-l1-2-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-file-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-errorhandling-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-debug-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-datetime-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-console-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\WindowsAccessBridge-32.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\JavaAccessBridge-32.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\JAWTAccessBridge-32.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-heap-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME.txt	UTF-8 Unicode text	#
C:\Users\user\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME-JAVAFX.txt	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Roaming\Oracle\README.txt	ASCII text	#
C:\Users\user\AppData\Roaming\Oracle\LICENSE	ASCII text	#
C:\Users\user\AppData\Roaming\Oracle\COPYRIGHT	ISO-8859 text	#
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\83aa4cc77f591dfc2374580bbd95f6ba_d06ed635-68f6-4e9a-955c-4899f5f57b9a	data	#
C:\Users\user\AppData\Local\Temp\sqlite-3.8.11.2-42eaffe0-b8ea-4880-ab72-6ea9a41a3e14-sqlitejdbc.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\Temp\_0.5473048333189129536838706564981496.class	Java archive data (JAR)	#
C:\Users\user\AppData\Local\Temp\GYcBDbnJPA3276512531836276281.reg	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Config5175199137087621866.sqlite	SQLite 3.x database, last written using SQLite version 3032001	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-string-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-locale-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-heap-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\ProgramData\Oracle\Java\.oracle_jre_usage\cce3fe3b0d8d83e2.timestamp	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-environment-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-convert-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-conio-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-util-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-timezone-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-sysinfo-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-synch-l1-2-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-synch-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-math-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-rtlsupport-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-profile-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-processthreads-l1-1-1.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-processthreads-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-processenvironment-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-namedpipe-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-memory-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-localization-l1-2-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-libraryloader-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-interlocked-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#

Invoice PDF.jar

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

Invoice PDF.jar Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

Search started

Invoice PDF.jar