popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Payment_Slip.jar

Antivirus MSOffice File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Dec. 14, 2023, 10:12 a.m. Dec. 14, 2023, 10:14 a.m.
Size 323.9KB
Type Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft Software Update for Web Folders (English) 14, Author: Microsoft Corporation, Keywords: Installer, MSI, Database, Release, Comments: This Installer database contains the logic and data required to install Microsoft Software Update for Web Folders (English) 14., Template: Intel;1033, Revision Number: {D09D1C77-A5D3-48C0-B530-C9C18BAF2545}, Create Time/Date: Tue Mar 30 17:26:02 2010, Last Saved Time/Date: Tue Mar 30 17:26:02 2010, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML (3.0.5419.0), Security: 2
MD5 39396afaa066833586662903487761f2
SHA256 55a7d34967643cac705a6ad2f9e5d7f755bf4c5297cb0f360a8ff3b30bd2fd1d
CRC32 D4AA2A2B
ssdeep 6144:01kCiJBBUnKAFMZMzV2qVJx9Y3kBlBOz1hPkoVsdVhacijUK:06C4AuZMzQqVH9YUB+zLZydV7gZ
Yara
  • Microsoft_Office_File_Zero - Microsoft Office File
  • Antivirus - Contains references to security software

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2540
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 2555904
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002680000
process_handle: 0xffffffffffffffff
1 0 0
FireEye Java.Trojan.GenericGB.29423
ALYac Exploit.AppendedJar.4.Gen
VIPRE Java.Trojan.GenericGB.29423
Avast Java:Malware-gen [Trj]
Kaspersky HEUR:Backdoor.Java.Generic
BitDefender Java.Trojan.GenericGB.29423
NANO-Antivirus Exploit.Zip.Heuristic-java.csrvpr
Emsisoft Java.Trojan.GenericGB.29423 (B)
DrWeb Java.Siggen.525
Varist Java/Agent.R.gen!Eldorado
Microsoft Trojan:Script/Wacatac.B!ml
Arcabit Java.Trojan.GenericGB.D72EF [many]
ZoneAlarm HEUR:Backdoor.Java.Generic
GData Trojan.Generic.33742154
Google Detected
McAfee JAVA/Strrat.b
MAX malware (ai score=88)
Yandex Trojan.Etecer.bZ57dt.18
Fortinet Java/Agent.AZAV!tr
AVG Java:Malware-gen [Trj]
count 2899 name heapspray process java.exe total_mb 724 length 262144 protection PAGE_READWRITE