Skip to main content

Posts

Showing posts from June, 2014

Bitcoin Facebook Virus Complete Analysis

As discussed in previous post now we will employ traditional malware analysis technique in order to dissect this new virus. Figure 2 show LOL zip virus message. Initially we have following information about this malware: ·This message is sent from victim’s computer without his knowledge to all his Facebook friends and ·Victims also reported sluggish performance of system after the infection.


Fig. 2. Facebook Message containing Malware
We will safely download this file on our virtual controlled environment to carry the further analysis. After unzipping it we found a JAR (Java Archived File) in it.

Fig. 3. JAR file inside Zipped folder
 Using online available java decompiler we have converted the byte code (JAR file) to source code file.

Fig. 4. Decompiled Jar File Decompilation and comprehension of JAR File Source of JAR file is obfuscated so it is needed to decompile such a file. We will use simple print instruction to find out the meaning of all the functions. After analyzing each functi…