× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5083590a30bf069e947dce8968221af21b39836fe013b111de70d6107b577cd3
File name: jre-8u131-windows-x64.exe
Detection ratio: 0 / 61
Analysis date: 2017-04-18 20:35:01 UTC ( 7 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20170418
AegisLab 20170418
AhnLab-V3 20170418
Alibaba 20170418
ALYac 20170418
Antiy-AVL 20170418
Arcabit 20170418
Avast 20170418
AVG 20170418
Avira (no cloud) 20170418
AVware 20170418
Baidu 20170418
BitDefender 20170418
Bkav 20170418
CAT-QuickHeal 20170418
ClamAV 20170418
CMC 20170418
Comodo 20170418
CrowdStrike Falcon (ML) 20170130
Cyren 20170418
DrWeb 20170418
Emsisoft 20170418
Endgame 20170413
ESET-NOD32 20170418
F-Prot 20170418
F-Secure 20170418
Fortinet 20170418
GData 20170418
Ikarus 20170418
Sophos ML 20170413
Jiangmin 20170418
K7AntiVirus 20170418
K7GW 20170418
Kaspersky 20170418
Kingsoft 20170418
Malwarebytes 20170418
McAfee 20170418
McAfee-GW-Edition 20170418
Microsoft 20170418
eScan 20170418
NANO-Antivirus 20170418
nProtect 20170418
Palo Alto Networks (Known Signatures) 20170418
Panda 20170418
Qihoo-360 20170418
Rising 20170418
SentinelOne (Static ML) 20170330
Sophos AV 20170418
SUPERAntiSpyware 20170418
Symantec 20170418
Symantec Mobile Insight 20170414
Tencent 20170418
TheHacker 20170416
TrendMicro 20170418
TrendMicro-HouseCall 20170418
Trustlook 20170418
VBA32 20170418
VIPRE 20170418
ViRobot 20170418
Webroot 20170418
WhiteArmor 20170409
Yandex 20170418
Zillya 20170418
ZoneAlarm by Check Point 20170418
Zoner 20170418
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2017

Product Java Platform SE 8 U131
Original name jre-8u131-fcs-bin-b11-windows-amd64-15_mar_2017.exe
Internal name Setup Launcher
File version 8.0.1310.11
Description Java Platform SE binary
Signature verification Signed file, verified signature
Signing date 10:38 AM 3/15/2017
Signers
[+] Oracle America, Inc.
Status Valid
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 1:00 AM 4/14/2015
Valid to 12:59 AM 4/14/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 3B75816D15A6D8F4598E9CF5603F1839EE84D73D
Serial number 12 F0 27 7E 0F 23 3B 39 F9 41 9B 06 E8 CD E3 52
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine x64
Compilation timestamp 2017-03-15 09:38:49
Entry Point 0x000121E4
Number of sections 6
PE sections
Overlays
MD5 670c53ada50478aa044aa2b2624e97bf
File type data
Offset 65653760
Size 6208
Entropy 7.33
PE imports
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetStdHandle
GetFileAttributesA
WaitForSingleObject
EncodePointer
FlsGetValue
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetTempPathA
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
GetExitCodeProcess
InitializeCriticalSection
LoadResource
FindClose
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlsSetValue
GetModuleFileNameA
HeapSetInformation
EnumSystemLocalesA
RtlVirtualUnwind
UnhandledExceptionFilter
MultiByteToWideChar
SetFilePointer
SetUnhandledExceptionFilter
SetDllDirectoryA
GetSystemDirectoryA
DecodePointer
TerminateProcess
GetVersion
GetModuleHandleExW
SetEndOfFile
GetCurrentThreadId
GetProcAddress
GetModuleHandleExA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
RtlPcToFileHeader
MoveFileExA
CreateDirectoryA
DeleteFileA
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
FindFirstFileA
RtlLookupFunctionEntry
FindNextFileA
IsValidLocale
RtlUnwindEx
CreateFileW
GetFileType
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
RemoveDirectoryA
SizeofResource
GetCurrentProcessId
LockResource
GetCPInfo
HeapSize
FlsAlloc
GetCommandLineA
FlsFree
RaiseException
GetModuleHandleA
ReadFile
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
CreateProcessA
IsValidCodePage
HeapCreate
Sleep
FindResourceA
Number of PE resources by type
RT_ICON 12
RT_MANIFEST 1
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 16
PE resources
ExifTool file metadata
SubsystemVersion
5.2

FileDescription
Java Platform SE binary

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.0.1310.11

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FullVersion
1.8.0_131-b11

CharacterSet
Unicode

InitializedDataSize
65503744

EntryPoint
0x121e4

OriginalFileName
jre-8u131-fcs-bin-b11-windows-amd64-15_mar_2017.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017

FileVersion
8.0.1310.11

TimeStamp
2017:03:15 10:38:49+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
Setup Launcher

ProductVersion
8.0.1310.11

UninitializedDataSize
0

OSVersion
5.2

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
AMD AMD64

CompanyName
Oracle Corporation

CodeSize
159744

ProductName
Java Platform SE 8 U131

ProductVersionNumber
8.0.1310.11

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Compressed bundles
File identification
MD5 b09f73662a8852b1c89d48ca710992c7
SHA1 a3a75ebdab5079aac1b3c2f2a4666296214f0417
SHA256 5083590a30bf069e947dce8968221af21b39836fe013b111de70d6107b577cd3
ssdeep
1572864:xy2NTUYcB7BekDRciuZPW9G+LPDNyXUdVgkwIq6Sb:nNhO7BekDRclZPWY+LbpdVpwnF

authentihash 67d2b3460c9398108da281d0ab664e136764c0358ddff9de49d27c37afc016f4
imphash 3fbaba048990a0400aa374957894606b
File size 62.6 MB ( 65659968 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID InstallShield setup (46.2%)
Win32 EXE PECompact compressed (generic) (44.6%)
Win32 Executable (generic) (4.8%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
64bits peexe assembly signed overlay

VirusTotal metadata
First submission 2017-04-18 15:12:58 UTC ( 7 months, 1 week ago )
Last submission 2017-11-22 12:29:43 UTC ( 2 days, 5 hours ago )
File names Java64OfflineInstaller.exe
java 8.131 64.exe
JAVA - jre-8u131-windows-x64.exe
target.exe
old.exe.exe
target.exe
target.exe
target.exe
jre-8u131-windows-x64.exe
jre-8u131-windows-x64.exe
target.exe
java8 64bit&32bit.exe
JAVA 8.exe
64位元_jre-8u131-windows-x64.exe
jre-8u131-windows-x64.exe
target.exe
5083590A30BF069E947DCE8968221AF21B39836FE013B111DE70D6107B577CD3.exe
Java Runtime Environment 8 Update 131 x64.exe
jre-8u131-windows-x64.exe
jrex64(64bits).exe
Java_Runtime_Environment_(64bit)_v8_Update_131 (1).exe
JAVA.exe
Java 8 Update 131 64 Bit.exe
jre-8u131-windows-x64.exe
jre-8u131-fcs-bin-b11-windows-amd64-15_mar_2017.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!