Fake Java Update – Malware analysis

File hosted on: h**p://www.packagegiftnow.com/

As you already know, some websites have implemented a script that tells you that you have an old version of Java and gives you the ability to update.
Of course this is a fake update and what you will install on your computer will be a modified file.
This can be a virus, trojan, adware, etc. The idea is that 100% will change something in your computer and you will become the victim. What it means to be a victim can be found in the previous articles.

Total Virus says there would be some detections.

Virus Total Report

I will open this “update” to analyze it.

It has a nice message that tells you something is not going on, but in the background things have already started to work…

Executable connects to:


..and after a few searches, I discovered that several domains were hosted at this address:


All with reports for spam, malware, ddos, etc

Access your computer in many folders, even if it does not work …

Unfortunately, I do not have time for a more complex analysis today, but the basic idea is that this Java Update is not beneficial.
So be careful what you download and from who!



Have fun & Stay safe!

Alex Anghelus

SC Prodefence SRL CEO - Cyber Security, Pentesting & Ethical Hacking - Malware Analyst

One thought on “Fake Java Update – Malware analysis

  • 10/12/2017 at 1:40 PM

    Thaks for sharing this!

Leave a Reply

SC ProDefence SRL - Cyber Security Services