Hi,

something i recently got and what seems to be not recognized by any Antivirus Software. Obviously made in Russia

Have fun while playing with it

Dunno, what it is, maybe a virus or a Trojan. A binary is hidden in a *.ini file. So jar i don't see how the hidden binary is started.

Regards,
OHPen

ATTENTION MALWARE ATTACHTED !!!!!
PASSWORD: JaVA_ViRUS

The secret is inside that 1.ini file but you cant strip it without executing the jar file.
Any chances? maybe using eclipse debugging tools?

If you have WinRAR, right-click on the file, select "Extract to Anonim_sms.jar" and you're done. The ini it's just a normal, unpacked PE with .ini extension. Fun thing is, NOD32 didn't detect any threat in the file, but detected J2ME/TrojanSMS.Small.E.Trojan in the main Java class file.

I just had a few minutes and disassembled the class files contained in the jar file. What i find interessting is that i didn't find anything which is related to executed the hidden exe file. Maybe the exefile is not executed at all, but if it is there must be a very interesting way.

The only think I saw was, that the class try to load something from a properties file, which is missing.

I don't have an environment where i can execute the virus to see whether the exe file is executed or not.

Maybe some of you guys have a system to play with.

Regards,
OHPen