File: 13cd57eedf85255283649be51ac471cfa7618dae202c422b8da7a97fbccbebf0

Metadata
File name:shipments.jar
File type:Java Jar file data (zip)
File size:259160 bytes
Analysis date:2016-01-07 08:18:44
MD5:b886c431ac95c7adcbfc79d744dfa32b
SHA1:193f274d386088d2250c45760bc44dd3da344589
SHA256:13cd57eedf85255283649be51ac471cfa7618dae202c422b8da7a97fbccbebf0
SHA512:bb670041b4b0ca9db7a9d0a7800eef5ecb418c59d1816b131c11a4e6f4e57661f1a0a5b4917c3ffde2edc98148b6b0e7cc77fc6e2361b4e0b3a322325328e4fd
SSDEEP:6144:2bp5jBgxXGELQo8oj5jawK5XmaUggp0Uibp5jBgx6:2b/96Co8oj5TuXmnpfib/966
IMPHASH:N/A
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with 13cd57eedf85255283649be51ac471cfa7618dae202c422b8da7a97fbccbebf0.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
85.195.203.3
HTTP Requests
HTTP requests the malware sample makes.
AV Detections
AV detection names associated with the malware sample.
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
MicrosoftTrojan:Java/Adwind.P
Qihoo-360virus.java.adwind.2
VIPRELooksLike.Java.ObfuscatorAllatori.a (v) (not malicious)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32\PlacesBar
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\SOFTWARE\Microsoft\Cryptography\Providers\Type 001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
ActiveComputerName
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Environment
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Volatile Environment
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Cryptography\UserKeys\J2SE
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsCache\Parameters
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSClient
HKEY_LOCAL_MACHINE\Software\Microsoft\Direct3D
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Video\{4517F971-80B9-4F31-93FF-496D8420E9A1}\0000
HKEY_LOCAL_MACHINE\Software\Microsoft\DirectDraw\GammaCalibrator
HKEY_LOCAL_MACHINE\Software\Microsoft\Direct3D\Drivers
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
HKEY_LOCAL_MACHINE\Software\Classes
\REGISTRY\USER
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\TreatAs
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServerX86
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer32
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandler32
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandlerX86
\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
HKEY_CLASSES_ROOT\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\TreatAs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient
CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\TreatAs
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocServer32
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocServerX86
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalServer32
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandler32
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandlerX86
\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalServer
\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
HKEY_CLASSES_ROOT\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}
HKEY_CLASSES_ROOT\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32
CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServer32
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServerX86
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\LocalServer32
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler32
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandlerX86
\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
HKEY_CLASSES_ROOT\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
HKEY_CLASSES_ROOT\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
HKEY_CLASSES_ROOT\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServerX86
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer32
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandlerX86
\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_CLASSES_ROOT\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_CLASSES_ROOT\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_CLASSES_ROOT\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServerX86
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer32
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandlerX86
\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_CLASSES_ROOT\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_CLASSES_ROOT\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_CLASSES_ROOT\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_CLASSES_ROOT\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
CLSID\{4590F812-1D3A-11D0-891F-00AA004B2E24}
CLSID\{4590F812-1D3A-11D0-891F-00AA004B2E24}\TreatAs
\CLSID\{4590F812-1D3A-11D0-891F-00AA004B2E24}
\CLSID\{4590F812-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
\CLSID\{4590F812-1D3A-11D0-891F-00AA004B2E24}\InprocServerX86
\CLSID\{4590F812-1D3A-11D0-891F-00AA004B2E24}\LocalServer32
\CLSID\{4590F812-1D3A-11D0-891F-00AA004B2E24}\InprocHandler32
\CLSID\{4590F812-1D3A-11D0-891F-00AA004B2E24}\InprocHandlerX86
\CLSID\{4590F812-1D3A-11D0-891F-00AA004B2E24}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{4590F812-1D3A-11D0-891F-00AA004B2E24}
HKEY_CLASSES_ROOT\CLSID\{4590F812-1D3A-11D0-891F-00AA004B2E24}\TreatAs
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SOFTWARE\\Microsoft\\Wbem\\WMIC
CLSID\{6DAF9757-2E37-11D2-AEC9-00C04FB68820}
CLSID\{6DAF9757-2E37-11D2-AEC9-00C04FB68820}\TreatAs
\CLSID\{6DAF9757-2E37-11D2-AEC9-00C04FB68820}
\CLSID\{6DAF9757-2E37-11D2-AEC9-00C04FB68820}\InprocServer32
\CLSID\{6DAF9757-2E37-11D2-AEC9-00C04FB68820}\InprocServerX86
\CLSID\{6DAF9757-2E37-11D2-AEC9-00C04FB68820}\LocalServer32
\CLSID\{6DAF9757-2E37-11D2-AEC9-00C04FB68820}\InprocHandler32
\CLSID\{6DAF9757-2E37-11D2-AEC9-00C04FB68820}\InprocHandlerX86
\CLSID\{6DAF9757-2E37-11D2-AEC9-00C04FB68820}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{6DAF9757-2E37-11D2-AEC9-00C04FB68820}
HKEY_CLASSES_ROOT\CLSID\{6DAF9757-2E37-11D2-AEC9-00C04FB68820}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM
CLSID\{F6D90F12-9C73-11D3-B32E-00C04F990BB4}
CLSID\{F6D90F12-9C73-11D3-B32E-00C04F990BB4}\TreatAs
\CLSID\{F6D90F12-9C73-11D3-B32E-00C04F990BB4}
\CLSID\{F6D90F12-9C73-11D3-B32E-00C04F990BB4}\InprocServer32
\CLSID\{F6D90F12-9C73-11D3-B32E-00C04F990BB4}\InprocServerX86
\CLSID\{F6D90F12-9C73-11D3-B32E-00C04F990BB4}\LocalServer32
\CLSID\{F6D90F12-9C73-11D3-B32E-00C04F990BB4}\InprocHandler32
\CLSID\{F6D90F12-9C73-11D3-B32E-00C04F990BB4}\InprocHandlerX86
\CLSID\{F6D90F12-9C73-11D3-B32E-00C04F990BB4}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{F6D90F12-9C73-11D3-B32E-00C04F990BB4}
HKEY_CLASSES_ROOT\CLSID\{F6D90F12-9C73-11D3-B32E-00C04F990BB4}\TreatAs
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\file\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FILEPROTOCOL_NOFINDFIRST_KB947853
HKEY_CLASSES_ROOT\.xml
HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml
CLSID\{807563E5-5146-11D5-A672-00B0D022E945}
CLSID\{807563E5-5146-11D5-A672-00B0D022E945}\TreatAs
\CLSID\{807563E5-5146-11D5-A672-00B0D022E945}
\CLSID\{807563E5-5146-11D5-A672-00B0D022E945}\InprocServer32
\CLSID\{807563E5-5146-11D5-A672-00B0D022E945}\InprocServerX86
\CLSID\{807563E5-5146-11D5-A672-00B0D022E945}\LocalServer32
\CLSID\{807563E5-5146-11D5-A672-00B0D022E945}\InprocHandler32
\CLSID\{807563E5-5146-11D5-A672-00B0D022E945}\InprocHandlerX86
\CLSID\{807563E5-5146-11D5-A672-00B0D022E945}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3
HKEY_CLASSES_ROOT\CLSID\{807563E5-5146-11D5-A672-00B0D022E945}
HKEY_CLASSES_ROOT\CLSID\{807563E5-5146-11D5-A672-00B0D022E945}\TreatAs
HKEY_CLASSES_ROOT\Interface\{79EAC9E4-BAF9-11CE-8C82-00AA004BA90B}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer
ActiveComputerName\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
ActiveComputerName\Environment
ActiveComputerName\Volatile Environment
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\firefox.exe\shell\open\command
Comments
User comments about 13cd57eedf85255283649be51ac471cfa7618dae202c422b8da7a97fbccbebf0.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.