Remittance%20E-MAIL%20Layout%20-%2011_.jar

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx May 11, 2021, 10:42 a.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory May 11, 2021, 10:42 a.m.	process_identifier: 1836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 2555904 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000024d0000 process_handle: 0xffffffffffffffff	1	0	0

Communicates with host for which no DNS query was performed (1 event)

host	172.217.25.14

File has been identified by 20 AntiVirus engines on VirusTotal as malicious (20 events)

DrWeb	Java.Siggen.491
MicroWorld-eScan	Trojan.Java.Agent.BPX
FireEye	Trojan.Java.Agent.BPX
AegisLab	Trojan.Script.Generic.4!c
Alibaba	TrojanSpy:JAVA/Generic.2bf3b32b
Cyren	Java/Kryptik.L.gen!Eldorado
Symantec	Trojan.Gen.NPE
ESET-NOD32	a variant of Java/Spy.Agent.S
Avast	Java:Malware-gen [Trj]
Kaspersky	HEUR:Trojan.Java.Agent.gen
BitDefender	Trojan.Java.Agent.BPX
Ad-Aware	Trojan.Java.Agent.BPX
Emsisoft	Trojan.Java.Agent.BPX (B)
Avira	JAVA/Spy.Agent.ilyda
MAX	malware (ai score=81)
GData	Trojan.Java.Agent.BPX
Cynet	Malicious (score: 99)
Ikarus	Trojan.Java.Spy
Fortinet	Java/Agent.S!tr.spy
AVG	Java:Malware-gen [Trj]

A potential heapspray has been detected. 855 megabytes was sprayed onto the heap of the java.exe process (1 event)

count

3421

name

heapspray

process

java.exe

total_mb

855

length

262144

protection

PAGE_READWRITE