presentation.jar

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx May 6, 2021, 10:36 a.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory May 6, 2021, 10:36 a.m.	process_identifier: 7388 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 2555904 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002400000 process_handle: 0xffffffffffffffff	1	0	0

Communicates with host for which no DNS query was performed (1 event)

host	172.217.25.14

File has been identified by 21 AntiVirus engines on VirusTotal as malicious (21 events)

MicroWorld-eScan	Trojan.GenericKD.46216341
FireEye	Trojan.GenericKD.46216341
Alibaba	Trojan:JAVA/Adwind.b58f8943
Arcabit	Trojan.Generic.D2C13495
Avast	Java:Malware-gen [Trj]
Kaspersky	HEUR:Trojan.Java.Alien.gen
BitDefender	Trojan.GenericKD.46216341
Ad-Aware	Trojan.GenericKD.46216341
Comodo	Malware@#2ly1thav7uzk1
McAfee-GW-Edition	Artemis!Trojan
Emsisoft	Trojan.GenericKD.46216341 (B)
Avira	EXP/JAVA.Download.AMAA.Gen
MAX	malware (ai score=89)
Gridinsoft	Trojan.U.Downloader.oa
Microsoft	Trojan:Java/Adwind.RA!MTB
AegisLab	Trojan.Java.Alien.4!c
GData	Trojan.GenericKD.46216341
Cynet	Malicious (score: 99)
Tencent	Java.Trojan.Alien.Syho
Ikarus	Exploit.JAVA.Download
AVG	Java:Malware-gen [Trj]

A potential heapspray has been detected. 892 megabytes was sprayed onto the heap of the java.exe process (1 event)

count

3569

name

heapspray

process

java.exe

total_mb

892

length

262144

protection

PAGE_READWRITE