PDC Malware Reverse Team

Fake Java Update – Malware analysis

File hosted on: h**p://www.packagegiftnow.com/

As you already know, some websites have implemented a script that tells you that you have an old version of Java and gives you the ability to update.
Of course this is a fake update and what you will install on your computer will be a modified file.
This can be a virus, trojan, adware, etc. The idea is that 100% will change something in your computer and you will become the victim. What it means to be a victim can be found in the previous articles.

Total Virus says there would be some detections.

Virus Total Report

I will open this “update” to analyze it.

It has a nice message that tells you something is not going on, but in the background things have already started to work…

Executable connects to:

ec2-54-77-123-135.eu-west-1.compute.amazonaws.com

..and after a few searches, I discovered that several domains were hosted at this address:

info.dinenowe.com
info.dlapplicationscontent.com
info.funworldsoftware.com
info.quickcleardl.com
info.townstocksign.com
info.universebestworld.com

All with reports for spam, malware, ddos, etc

Access your computer in many folders, even if it does not work …

Unfortunately, I do not have time for a more complex analysis today, but the basic idea is that this Java Update is not beneficial.
So be careful what you download and from who!

Prodefence.org

 

Have fun & Stay safe!

Alex Anghelus

SC Prodefence SRL CEO - Cyber Security, Pentesting & Ethical Hacking - Malware Analyst

One thought on “Fake Java Update – Malware analysis

  • Thaks for sharing this!

Leave a Reply