Return Styles: Pseud0ch, Terminal, Valhalla, NES, Geocities, Blue Moon. Entire thread

JAVA Malicious Code Analysis Request

Name: Anonymous 2013-05-21 17:28

So, i entered in contact with a probably malicious file, i was able to find the .jar file, and could decompile it with JD GUI, here's the source code i got :

http://pastebin.com/1f453jSE

Does anyone know EXACTLY what is it doing?
It seems to be copying, editing windows registry files, what can be done with them?

Infinite Thanks if someone help :)

Name: Anonymous 2013-05-21 17:31

if it's malicious, just ignore it... no need to autistically determine for certain

stop downloading chinese cartoon porn games you queerbutt

Name: Anonymous 2013-05-21 17:35

i want to know what it did to fix my computer o.O

Name: Anonymous 2013-05-21 17:43

>>3
Install Solaris.

Name: Anonymous 2013-05-22 1:17

It attempts to delete all of your registry roots effectively killing your computer.  This will only cause damage if you run it as an admin or else it won't have the access it needs.

Name: Anonymous 2013-05-22 1:27

>>1
Use MacOSX - it has no viruses or registry. Windows is obsolete.

Name: Anonymous 2013-05-22 1:31

>>5
You're a fucktard! You should have tricked him into running the virus, i.e. advising running it with java -jar Install.jar uninstall from admin account

Name: Anonymous 2013-05-22 1:46

>>6
But it likely has spyware. And it's closed-source so it's infeasible to check.

Use Linux/BSD/Losethos.

Name: Anonymous 2013-05-22 1:53

>>8
Losethos/SparrowOS/TempleOS/whatever the fuck it's called nowadays has no networking support.

Name: Anonymous 2013-05-22 1:55

>>8
Go suck a Stallman.

Name: Anonymous 2013-05-22 1:58

>>10
Go suck a Jobs.

Name: Anonymous 2013-05-22 2:01

>>11
Go suck a penis.

Name: Anonymous 2013-05-22 2:04

>>12
As long as I have open access to its sexual history.

Name: Anonymous 2013-05-22 4:14

>>9
And? It's meant to be a Recreational Programming operating system.

I'll fucking gut you go back to /g/.

Name: Cudder !MhMRSATORI!fR8duoqGZdD/iE5 2013-05-22 5:27

All you've found is a (rather bloaty) wrapper for the registry calls. It can do a number of things, depending on what its caller does. Nothing of real interest here.

Name: Anonymous 2013-05-22 7:05

Or just install BaremetalOS and write your OS on top of it.

Name: Anonymous 2013-05-22 8:00

Upload the jar. Can't tell anything without looking at the big picture.

Name: Anonymous 2013-05-22 8:22

dlrow olleh

Name: Anonymous 2013-05-22 10:59

OP here

http://i44.tinypic.com/984t4o.png

i got all the files, and the .jar, this screen shows what i got decompiling it, i can upload the jar file if u guys want, brb in a sec

Name: Anonymous 2013-05-22 11:04

the jar:

http://www.4shared.com/file/cp5HoTJD/Install.html

the stuff i got decompiling it:

http://www.4shared.com/zip/-KzIu1dF/sourcecode.html

Name: Anonymous 2013-05-22 11:06

>>19
2013
Not using Total Commander

Name: Anonymous 2013-05-22 11:06

http://tinypic.com/r/ev6x5k/5

image link was not working

Name: Anonymous 2013-05-22 11:34

>>21
Who the fuck are you quoting, /g/ shitstain?

Name: Anonymous 2013-05-22 21:14

he he, java

Name: Anonymous 2013-05-22 21:46

>>19
gib src plz
huehuehuehuehuehue

Name: Anonymous 2013-05-22 22:55

I've done this because I can. OP, this is the source of the program, minus JNA, decompiled, deobfuscated, and made slightly more readable.

http://www.4shared.com/zip/NCfgc2RQ/prog-thing-src.html

You can probably tell, it's installing browser addons and shoving itself into the 'run' key in the registry.

Also, I did the same for the browser extensions it bundles.

Name: Anonymous 2013-05-22 23:09

>>26
And what is your opinion on the jewish der shudderspace trying to pass it off as completely safe? What would you say this says about the jews?

Name: Anonymous 2013-05-23 0:21

>>26
OP here, well done bro, i just read everything, maybe it's not working anymore, probably it could not install the extension on chrome( which is the one i use), cuz it's suposed to install the extension for chrome version 16?

anyway, thanks for the help :)

Name: Anonymous 2013-05-23 8:29

>>28
Looking at how it does it you'd probably have to give it admin access for it to install chrome's plugin. It does download "java_u.jar" and can download things on the owner's request though, so be careful of that.
Newer Posts
Don't change these.
Name: Email:
Entire Thread Thread List
All trademarks and copyrights on this site are owned by their respective parties. All comments and posts are the responsibility of their own posters.
- Tinychan + 2ch Mode -