Submission Summary:

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %Temp%\b5n3.class 935 bytes MD5: 0x0A1EBBBDE717BC93887316535DFCF42C
SHA-1: 0xCAAE6A045BEE830B808244122B52D5CFB6D91856
(not available)
2 %Temp%\g5z6.class 1,423 bytes MD5: 0x7C3A7D3CEACFB1EF3558BEB1F44BA374
SHA-1: 0x52F666C618C87C03C00691B1295D1EC41A1FBD9E
Exploit.Java.CVE-2010-0094.s [Kaspersky Lab]
3 %Temp%\g6k1.class 2,762 bytes MD5: 0x095E1C205666D3250488ABE083C9DBE2
SHA-1: 0xB985BD0CE31F2A51D7D18AFC71088621ED562B54
Exploit.Java.CVE-2010-0094.s [Kaspersky Lab]
4 %Temp%\h6l4.class 10,235 bytes MD5: 0xC57D285C2A6AF1290E8E75032E8381B2
SHA-1: 0x2865D085FD130C4E838EC1C250396EF5CBBB1ED1
Trojan.ByteVerify [PCTools]
Trojan-Downloader.Java.OpenConnection.bw [Kaspersky Lab]
Exploit-CVE2010-0094 [McAfee]
Trojan.Java.Rowindal [Ikarus]
5 %Temp%\main.class 7,882 bytes MD5: 0xBAC76D8F0787DA716C68EC1FB87DD739
SHA-1: 0xD36FD100964118F162F5A21FE745B1AF2FB6DB21
Exploit-CVE2010-0094 [McAfee]
Exploit.Java.CVE [Ikarus]
6 %Temp%\META-INF\MANIFEST.MF 43 bytes MD5: 0xAEC2581F7B8DF736F8468D2CBBBF57D7
SHA-1: 0xBCFEAF4D34359294B628CB9C1CC740C044D244CA
(not available)
7 %Temp%\q3p0.class 2,292 bytes MD5: 0xBE70948002632ACF88744EE592601A48
SHA-1: 0x0B3931E8C09B8BBDA90F8E476EB16335C945EF07
Exploit.Java.CVE-2010-0094.s [Kaspersky Lab]
8 %Temp%\Tuvvoaerffb.class 4,855 bytes MD5: 0x4E3461F9176DCA6077154B375B075C2B
SHA-1: 0xC772DD8823B8C5335B51EDFCEB42412C72E7C772
Exploit.Java.CVE-2010-0094.s [Kaspersky Lab]
Java.Trojan-Downloader.OpenConnection [Ikarus]
9 %Temp%\y6u7.class 9,907 bytes MD5: 0x528776611484D9C1C209C63CA3FEA05A
SHA-1: 0x2FF41421B825AA09FAFED1C067E4106C582307DC
Exploit.Java.CVE-2010-0094.s [Kaspersky Lab]
Exploit.Java.CVE-2010 [Ikarus]
10 [file and pathname of the sample #1] 24,140 bytes MD5: 0x0D266E649C1AD96B3D06C728D5C0AB2F
SHA-1: 0xA1A6A736C492FDC1534A5D165E77A7EDFBBDE356
Exploit.Java.CVE-2010-0094.s, Trojan-Downloader.Java.OpenConnection.bw [Kaspersky Lab]
Trojan.Java.Rowindal [Ikarus]

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.