View Single Post
  #3  
Old 09-13-2019, 21:47
Chuck954 Chuck954 is offline
Friend
 
Join Date: Jul 2018
Posts: 51
Rept. Given: 0
Rept. Rcvd 11 Times in 9 Posts
Thanks Given: 27
Thanks Rcvd at 59 Times in 36 Posts
Chuck954 Reputation: 11
Thanks for getting back. I know exactly where the jar is and in IDA I can see where it gets the command line info to launch java and the jar file. I can use a tool like APImonitor to see it load java and what APIs are called.

When I extract the JAR contents it has two folders

META-INF which has maven, a services folder and lib folder.

Second folder starts with VN and has the class files. I've seen it mention VNcrypt a few times.

Uploaded a screenshot of the VN folder with these files.

It has 5 .class.
LoaderNoWait.class
LoaderJfx.class
Loader.class
LoaderB.class
a0.class

Then it has 19 .clasz files

a1.clasz
a2.clasz
a3.clasz
through
a17.clasz
a27.clasz
a36.clasz

In the first folder with the META-INF and VN folder, it has around 35,000 files. I took a screenshot of some of them. All look like that.

https://imgur.com/mjrlApo

https://imgur.com/wutVgq6


I believe I can change the command line that loads java and the jar file if needed. Thanks for your time!
Reply With Quote