File name:

Shiginima Launcher SE.v4200.jar

Full analysis: https://app.any.run/tasks/c6cc6816-daef-4374-80a8-ba0fd40f3273
Verdict: No threats detected
Analysis date: September 04, 2019, 21:36:10
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/java-archive
File info: Java archive data (JAR)
MD5:

C70EF67E40600EDAF24067ADF7A4E4E8

SHA1:

8DF2163F316D4C8275FA2A6C2330A215549012FA

SHA256:

754EFB72D082AF276B5C70EF13147667E874551C8F5FB1F15973899E0F0EC974

SSDEEP:

98304:ZAr4Q/WH5DZ8HG6mJuuN8JIBjGRfSbmHCtR6HxjNZaX6R0TvvbU/:ZVQ/WH5Gm6mJciG1qmHCtR6HS6yTvvY/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Creates files in the user directory

      • javaw.exe (PID: 3704)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.spe | SPSS Extension (54)
.jar | Java Archive (26.1)
.zip | ZIP compressed archive (7.2)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0808
ZipCompression: Deflated
ZipModifyDate: 2019:03:16 19:21:13
ZipCRC: 0x00000000
ZipCompressedSize: 2
ZipUncompressedSize: -
ZipFileName: META-INF/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
32
Monitored processes
1
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start javaw.exe

Process information

PID
CMD
Path
Indicators
Parent process
3704"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -jar "C:\Users\admin\AppData\Local\Temp\Shiginima Launcher SE.v4200.jar"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe
explorer.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.920.14
Modules
Images
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
26
Read events
24
Write events
2
Delete events
0

Modification events

(PID) Process:(3704) javaw.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
javaw.exe
Executable files
0
Suspicious files
0
Text files
7
Unknown types
1

Dropped files

PID
Process
Filename
Type
3704javaw.exeC:\Users\admin\AppData\Local\Temp\imageio6527920095281961146.tmp
MD5:
SHA256:
3704javaw.exeC:\Users\admin\AppData\Local\Temp\imageio3192750483428466141.tmp
MD5:
SHA256:
3704javaw.exeC:\Users\admin\AppData\Local\Temp\imageio8829674767948555186.tmp
MD5:
SHA256:
3704javaw.exeC:\Users\admin\AppData\Local\Temp\imageio6314796564251218314.tmp
MD5:
SHA256:
3704javaw.exeC:\Users\admin\AppData\Roaming\.minecraft\launcher_profiles.jsontext
MD5:
SHA256:
3704javaw.exeC:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamptext
MD5:
SHA256:
3704javaw.exeC:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\83aa4cc77f591dfc2374580bbd95f6ba_90059c37-1320-41a4-b58d-2b75a9850d2fdbf
MD5:C8366AE350E7019AEFC9D1E6E6A498C6
SHA256:11E6ACA8E682C046C83B721EEB5C72C5EF03CB5936C60DF6F4993511DDC61238
3704javaw.exeC:\Users\admin\AppData\Roaming\.minecraft\shig.inimatext
MD5:571CC0288E3F5DB4C85AE85DCD1C64CE
SHA256:36ED29282E1D008064F2C06952EDDABDF7C73B58E2BC5215A497AC4541BE6553
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
11
DNS requests
6
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3704
javaw.exe
HEAD
200
198.252.102.62:80
http://teamshiginima.com/version.php
US
whitelisted
3704
javaw.exe
GET
200
198.252.102.62:80
http://teamshiginima.com/version.php
US
text
556 b
whitelisted
3704
javaw.exe
GET
302
66.6.33.149:80
http://mcupdate.tumblr.com/
US
suspicious
3704
javaw.exe
GET
302
66.6.32.21:80
http://shiginima.tumblr.com/
US
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3704
javaw.exe
198.252.102.62:80
teamshiginima.com
SoftLayer Technologies Inc.
US
suspicious
3704
javaw.exe
143.204.212.134:443
launchermeta.mojang.com
US
unknown
3704
javaw.exe
66.6.33.149:80
shiginima.tumblr.com
Yahoo!
US
unknown
3704
javaw.exe
66.6.32.21:80
shiginima.tumblr.com
Yahoo!
US
unknown
3704
javaw.exe
152.199.21.147:443
www.tumblr.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
suspicious

DNS requests

Domain
IP
Reputation
teamshiginima.com
  • 198.252.102.62
whitelisted
launchermeta.mojang.com
  • 143.204.212.134
whitelisted
shiginima.tumblr.com
  • 66.6.32.21
  • 66.6.33.149
  • 66.6.33.21
malicious
mcupdate.tumblr.com
  • 66.6.33.149
  • 66.6.33.21
  • 66.6.32.21
suspicious
www.tumblr.com
  • 152.199.21.147
whitelisted
assets.tumblr.com
  • 152.199.21.147
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Shiginima Launcher SE.v4200.jar