File: 140419df6a8f0838d7732de1bbddaf5af8a34582270fd22bafd6d1331523ee6a

Metadata
File name:140419df6a8f0838d7732de1bbddaf5af8a34582270fd22bafd6d1331523ee6a.jar
File type:Java Jar file data (zip)
File size:116943 bytes
Analysis date:2016-02-10 07:33:52
MD5:49ff9ffb57dea03f43fe1a56f3e9d93f
SHA1:50c5015c7496d41fef6c7778646c23ca47a99d6d
SHA256:140419df6a8f0838d7732de1bbddaf5af8a34582270fd22bafd6d1331523ee6a
SHA512:d41cf9262b5debcb00d73d9a219683c5dd8100156b27ddf63ef0a763671b6220a602bc4c3d97b2217e7b186d1884082311df41d772062ae82f2dd6d4c313d832
SSDEEP:1536:hL7xE1vQRmavp33LLoujSdojS9XBMAtQmoNR3nYFFNrDP3QHbV1B5eJFg0c2pQRa:hL9KQRvRLLlOXXpQrnSHr24FU7RGUK
IMPHASH:N/A
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with 140419df6a8f0838d7732de1bbddaf5af8a34582270fd22bafd6d1331523ee6a.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
AV Detections
AV detection names associated with the malware sample.
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
AVGExploit.Java_c.SBO
AegisLabBackdoor.Java.Adwind!c
AvastJava:Malware-gen [Trj]
AviraJAVA/Adwind.YH
ComodoUnclassifiedMalware
CyrenJava/Adwind.AD
DrWebJava.Adwind.66
ESET-NOD32Java/Adwind.OH
F-ProtJava/Adwind.AD
FortinetPossibleThreat.P1
GDataJava.Trojan.Agent.B1AZSU
IkarusTrojan.Java.Adwind
JiangminTrojan.Trojan.b
KasperskyBackdoor.Java.Adwind.ac
McAfeeAdwind.b!jar
McAfee-GW-EditionAdwind.b!jar
MicrosoftTrojan:Java/Adwind.P
NANO-AntivirusExploit.Zip.Heuristic-java.csrvpr
SophosTroj/Java-AAW
SymantecBackdoor.Adwind!g1
TencentJava.Backdoor.Adwind.Pgxj
TrendMicroJAVA_ADWIND.CX
TrendMicro-HouseCallJAVA_ADWIND.CX
VIPRELooksLike.Java.ObfuscatorAllatori.a (v) (not malicious)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32\PlacesBar
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\SOFTWARE\Microsoft\Cryptography\Providers\Type 001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
ActiveComputerName
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Environment
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Volatile Environment
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Cryptography\UserKeys\J2SE
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsCache\Parameters
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSClient
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Comments
User comments about 140419df6a8f0838d7732de1bbddaf5af8a34582270fd22bafd6d1331523ee6a.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.