Results 1 to 4 of 4

Thread: Java Host Virus

  1. #1
    ::[ Reverse Engineer ]:: OHPen's Avatar
    Join Date
    Nov 2002
    Location
    .text
    Posts
    399
    Blog Entries
    5

    Java Host Virus

    Hi,

    something i recently got and what seems to be not recognized by any Antivirus Software. Obviously made in Russia

    Have fun while playing with it

    Dunno, what it is, maybe a virus or a Trojan. A binary is hidden in a *.ini file. So jar i don't see how the hidden binary is started.

    Regards,
    OHPen

    ATTENTION MALWARE ATTACHTED !!!!!
    PASSWORD: JaVA_ViRUS
    Attached Files Attached Files
    Last edited by OHPen; October 12th, 2009 at 06:35.
    - Reverse Enginnering can be everything, but sometimes it's more than nothing. Really rare moments but then they appear to last ages... -

  2. #2
    The secret is inside that 1.ini file but you cant strip it without executing the jar file.
    Any chances? maybe using eclipse debugging tools?

  3. #3
    If you have WinRAR, right-click on the file, select "Extract to Anonim_sms.jar" and you're done. The ini it's just a normal, unpacked PE with .ini extension. Fun thing is, NOD32 didn't detect any threat in the file, but detected J2ME/TrojanSMS.Small.E.Trojan in the main Java class file.

  4. #4
    ::[ Reverse Engineer ]:: OHPen's Avatar
    Join Date
    Nov 2002
    Location
    .text
    Posts
    399
    Blog Entries
    5
    I just had a few minutes and disassembled the class files contained in the jar file. What i find interessting is that i didn't find anything which is related to executed the hidden exe file. Maybe the exefile is not executed at all, but if it is there must be a very interesting way.

    The only think I saw was, that the class try to load something from a properties file, which is missing.

    I don't have an environment where i can execute the virus to see whether the exe file is executed or not.

    Maybe some of you guys have a system to play with.

    Regards,
    OHPen
    - Reverse Enginnering can be everything, but sometimes it's more than nothing. Really rare moments but then they appear to last ages... -

Similar Threads

  1. Attacking the Host via Remote Kernel Debugger (Virtual Machines)
    By j00ru vx tech blog in forum Blogs Forum
    Replies: 0
    Last Post: July 10th, 2010, 22:48
  2. Replies: 0
    Last Post: January 12th, 2008, 00:08
  3. Olly 1.10 Virus
    By tureynulal in forum OllyDbg Support Forums
    Replies: 6
    Last Post: July 11th, 2007, 08:51
  4. Good Virus--Bad Virus
    By WaxfordSqueers in forum Off Topic
    Replies: 8
    Last Post: June 27th, 2004, 20:30
  5. MYDOOM Virus
    By Polaris in forum Off Topic
    Replies: 13
    Last Post: February 27th, 2004, 02:55

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •