Author

Topic: Java Bitcoin Virus ? Trying to guess what this does... (Read 1167 times)

sr. member
Activity: 308
Merit: 250
legendary
Activity: 2058
Merit: 1452
code is obfuscated; no point in doing static analysis. I would recommend running in a VM and attach a debugger.
newbie
Activity: 59
Merit: 0
https://gist.github.com/anonymous/7ba7ad6f13f73dcf68c1

here is all the source code in case someone want check it out much quicker,
newbie
Activity: 59
Merit: 0
hi

this web cryptonewsonline.c0m   (i put a zero so no one enter by mistake)

is simulating the load a live youtube conection,
but its all fake as the pictures are listed in the own web and there is no link to youtube in the source code:
http://cryptonewsonline.com/stream/stylesheets/images/

When you click in the image of the Live connection, it links to: http://cryptonewsonline.c0m/post.htm
and tries to load a .jar file,
and in case you dont have java isntalled, the browser will promp you to install java as a missing connector needed.

thats the code of post.htm :

--------------------

 
  http://galaxypanel.pw/insert.php?&t=traditional&p=http://cryptonewsonline.com/post.htm&b=Opera&o=OS&u=USAR&e=">
 
  https://www.java.net/blog/campbell/archive/images/orangebox.png">

--------------------


the .jar is this one:

http://cryptonewsonline.com/Traditional.jar

I opened the compiled java file with Java Decompiler (a portable application to read the source)
but i can't really find what they are doing all those classes,

maybe someone want take a look?

here is a java decoompiler portable: http://jd.benow.ca

https://i.imgur.com/EIlcoHC.png


Jump to: