popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

shipment-delivery.jar

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 March 9, 2021, 11:24 a.m. March 9, 2021, 11:27 a.m.
Size 1.5MB
Type Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: REPLACE, Author: REPLACE, Keywords: Installer, Comments: This installer database contains the logic and data required to install REPLACE., Template: Intel;1033, Revision Number: {00000000-0000-0000-0000-000000000000}, Number of Pages: 200, Number of Words: 0, Security: 4, Create Time/Date: Wed Nov 23 16:25:04 2016, Last Saved Time/Date: Wed Nov 23 16:25:04 2016, Name of Creating Application: Windows Installer XML v2.0.3719.0 (candle/light)
MD5 ed6b1dbcfe666b77c4d19fbed8ec4aed
SHA256 9e6dc7c103792282dfb4f1dbc2b9357033756eda1ffb99554f397d4042e70dcc
CRC32 E7EE088F
ssdeep 49152:rwHnjis3z6pKtbvAF3Nn7BxwutAgpbC7ALN:rwHmQGFdn7BxwuzpbC7AJ
Yara
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_files_operation - Affect private profile
  • Str_Win32_Internet_API - Match Windows Inet API call
  • Str_Win32_Http_API - Match Windows Http API call
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • Microsoft_Office_Document_Zero - Microsoft Office Document Signature Zero

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
172.217.25.14 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 2555904
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002570000
process_handle: 0xffffffffffffffff
1 0 0
host 172.217.25.14
McAfee Artemis!ED6B1DBCFE66
Sangfor Trojan.Java.Ratty.a
Cyren Java/Ratty.B.gen!Eldorado
Symantec Trojan.Appjar!gen1
Avast Java:Malware-gen [Trj]
Kaspersky Trojan.Java.Ratty.a
NANO-Antivirus Trojan.Java.Ratty.effhmh
F-Secure Malware.JAVA/SMSSend.ctchk
McAfee-GW-Edition Artemis!Trojan
Avira JAVA/SMSSend.ctchk
AegisLab Trojan.Java.Ratty.4!c
ZoneAlarm Trojan.Java.Ratty.a
GData Generic.Trojan.Ratty.D
Cynet Malicious (score: 85)
Fortinet Java/Ratty.A!tr
AVG Java:Malware-gen [Trj]
Qihoo-360 Generic/Backdoor.Ratty.HnoASQQA
count 4278 name heapspray process java.exe total_mb 1069 length 262144 protection PAGE_READWRITE