How to remove javas.exe
javas.exe
The module javas.exe has been detected as Trojan.CoinMiner
File Details
| Product Name: | NSSM 32-bit |
| MD5: | d9ec6f3a3b2ac7cd5eef07bd86e3efbc |
| Size: | 288 KB |
| First Published: | 2017-05-21 10:03:21 (7 years ago) |
| Latest Published: | 2025-04-02 23:02:34 (a month ago) |
| Status: | Trojan.CoinMiner (on last analysis) | |
| Analysis Date: | 2025-04-02 23:02:34 (a month ago) |
Common Places:
| %appdata% |
| %localappdata%\httpfilter |
| %windir%\fonts |
| %localappdata%\host service |
| %appdata%\system |
| %programfiles%\newext |
| %profile%\ser\application data |
| %sysdrive%\windows |
| %profile%\алина\application data |
| %profile%\дминистратор\application data |
File Names:
| nssm.exe |
| javas.exe |
| winsvchost.exe |
| WinSvchost.exe |
| csrss.exe |
| mscorsvw.exe |
| sweventstoresvc.exe |
| nssm_32.exe |
| java.exe |
| svchost.exe |
| nssm_0396c17a.exe |
| nssm_5ee9da7d_011d697c.exe |
| nssm_5ee9da7d.exe |
| nssm_011d697c.exe |
| nssm_5ee9da7d_0396c17a.exe |
| debug.exe |
| spoolse.exe |
| enplus.exe |
| NSSM.del |
| enplus.exe.vir |
| nssm_111.exe |
| enplus.wqe |
| IEXPL0RE.EXE |
Geography:
| Russia | 46.9% | |
| Ukraine | 30.7% | |
| Belarus | 5.8% | |
| Kazakhstan | 5.6% | |
| United States | 1.7% | |
| Vietnam | 0.8% | |
| Turkey | 0.6% | |
| France | 0.5% | |
| Germany | 0.4% | |
| United Kingdom | 0.4% | |
| Czech Republic | 0.4% | |
| Norway | 0.4% | |
| Poland | 0.3% | |
| Moldova | 0.3% | |
| Armenia | 0.3% | |
| Taiwan | 0.3% | |
| India | 0.3% | |
| China | 0.3% | |
| Romania | 0.3% | |
| Argentina | 0.3% | |
| South Korea | 0.3% | |
| Venezuela | 0.3% | |
| Italy | 0.2% | |
| Algeria | 0.2% | |
| Colombia | 0.2% | |
| Israel | 0.1% | |
| Latvia | 0.1% | |
| Thailand | 0.1% | |
| Sweden | 0.1% | |
| Slovakia | 0.1% | |
| Spain | 0.1% | |
| Saudi Arabia | 0.1% | |
| Switzerland | 0.1% | |
| Croatia | 0.1% | |
| Netherlands | 0.1% | |
| Bulgaria | 0.1% | |
| Brazil | 0.1% | |
| Egypt | 0.1% | |
| Finland | 0.1% | |
| South Africa | 0.1% | |
| Slovenia | 0.1% | |
| Lithuania | 0.1% | |
| Peru | 0.1% | |
| Iran | 0.1% | |
| Indonesia | 0.1% | |
| Philippines | 0.1% | |
| Angola | 0.1% |
OS Version:
| Windows 7 | 65.3% | |
| Windows 10 | 21.7% | |
| Windows 8.1 | 6.5% | |
| Windows Server 2003 | 2.9% | |
| Windows XP | 2.0% | |
| Windows 8 | 1.2% | |
| Windows Server 2008 R2 | 0.2% | |
| Windows Server 2012 R2 | 0.2% | |
| Windows Vista | 0.1% |
Analysis
| Subsystem: | Windows CUI |
| PE Type: | pe |
| OS Bitness: | 32 |
| Image Base: | 0x00400000 |
| Entry Address: | 0x00013e53 |
PE Sections:
| Name | Size of data | MD5 |
| .text | 114176 | b92c191c9f939ce4c12bf8e55319e935 |
| .rdata | 18944 | 0d1cd74dc435d64afcb78a0cd2f923ec |
| .data | 5120 | 4492984c066180a50b40cbb63640632f |
| .rsrc | 155648 | 7568461a77238b48b3b2e7ae76406d4d |
More information:
Download GridinSoft
Anti-Malware - Removal tool for javas.exe
