ThreatExpert Report: Java.CVE, Trojan.Maljava, Exploit-CVE2011-3521

Submission Summary:

Submission details:

Submission received: 3 August 2012, 08:39:32
Processing time: 8 min 53 sec
Submitted sample:

File MD5: 0x77FF50B68AF8AE7A698FE9CDA4FB9E1A
File SHA-1: 0x024191BE63FC4586EAF75DA2D1F1ACC49B6491D8
Filesize: 48,575 bytes
Alias: Java.CVE [Ikarus]

Summary of the findings:

What's been found	Severity Level
Contains characteristics of an identified security risk.

Technical Details:

Possible Security Risk

Attention! The following threat category was identified:

Threat Category	Description
	A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%Temp%\ac\kt$1.class	504 bytes	MD5: 0x4DC7F6135C48AC80EDE8D9598611415F SHA-1: 0x1A9D5C1600DAC402C4169A7A225E6E5C4583D81A	(not available)
2	%Temp%\ac\kt.class	1,449 bytes	MD5: 0x0671BE84B3BBB2AF10D965EC7590AF90 SHA-1: 0x0EA2D2B9063EFA0D2CD58340D9F523C616A381A9	Trojan.Maljava [Symantec] Exploit-CVE2011-3521 [McAfee] Java.CVE [Ikarus]
3	%Temp%\ax\ase.class	407 bytes	MD5: 0xAA3F3D791E2250D7EC1ADF61E05E24E6 SHA-1: 0x50DFEDFDA1E1C2515E44619CE7358780BADD2495	(not available)
4	%Temp%\ax\C.class	256 bytes	MD5: 0xBB75528862EBF8AC0C3056D7F3F8B849 SHA-1: 0x4813AAC1F8356F8B3FC019B16A2C618AB48B601B	(not available)
5	%Temp%\ax\os.class	2,054 bytes	MD5: 0x8D1425D7196A368D96B97EFD5AED8104 SHA-1: 0x4A4DF5E483517758638D1D17A6BBE9BEAADD8837	(not available)
6	%Temp%\ax\os2.class	498 bytes	MD5: 0x4C1483566B749E846C28CBDCE1F3810A SHA-1: 0x11BA75AD3CA2FAEC248D15270794130717EC04F7	(not available)
7	%Temp%\ax\Zs.class	297 bytes	MD5: 0x3615A5514CC231FA159B95E2FBF672F1 SHA-1: 0xC6ED7CD8BBEB929E1EBFCE02850DD7AD63554B64	(not available)
8	%Temp%\CUIOLOKT	116,224 bytes	MD5: 0x8A3D62001CE2414FFABF0F394CEAEDEA SHA-1: 0x949E338C303BCB200DEDBF468AFD7BAD4CE0EC7F	(not available)
9	%Temp%\META-INF\MANIFEST.MF	71 bytes	MD5: 0x4086345EF1CBA0F7AC42B3C35C616935 SHA-1: 0xBA2930A2AD8B1BBD3D71AD0B1188B5ECC85E7FFB	(not available)
10	%Temp%\pl\pl.class	1,856 bytes	MD5: 0x03529E7510698D88D13197BE7D6B5F51 SHA-1: 0x8513C3FD54BF2DFD73103350559D6DF952FF2083	(not available)
11	[file and pathname of the sample #1]	48,575 bytes	MD5: 0x77FF50B68AF8AE7A698FE9CDA4FB9E1A SHA-1: 0x024191BE63FC4586EAF75DA2D1F1ACC49B6491D8	Java.CVE [Ikarus]

Note:

%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

The following directories were created:

%Temp%\ac
%Temp%\ax
%Temp%\META-INF
%Temp%\pl

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.