Open TheFlowDevelopment opened 2 years ago
Describe what's not working İ have a jar file and i think its a malware, it seems to bee using Paramorphism 2.1, but Threadtear ^couldn't deobfustucate the code successfully,
Example code:
`package un/cs.obfuscates;
import javax.crypto.Cipher; import javax.crypto.spec.SecretKeySpec; import javax.xml.bind.DatatypeConverter;
public class qD { public static String a; private static final String[] b;
public static String a(String string) { byte[] byArray = null; try { String[] stringArray = b; SecretKeySpec secretKeySpec = new SecretKeySpec(a.getBytes(), stringArray[1]); Cipher cipher = Cipher.getInstance(stringArray[2]); cipher.init(2, secretKeySpec); byArray = cipher.doFinal(DatatypeConverter.parseBase64Binary(string)); } catch (Exception exception) { exception.printStackTrace(); } return new String(byArray); } /* * Unable to fully structure code * Lifted jumps to return sites */ static { block3: { var5 = new String[3]; var3_1 = 0; var2_2 = "{;f\n\rv>j\r\bxkxkN{~gXfiXJ*Me4"; var4_3 = "{;f\n\rv>j\r\bxkxkN{~gXfiXJ*Me4".length(); var1_4 = 16; var0_5 = -1;
lbl7: // 2 sources
while (true) { continue; break; }
lbl9: // 1 sources
while (true) { var5[var3_1++] = qD.a(76, qD.b(var2_2.substring(v0, v0 + var1_4))); if ((var0_5 += var1_4) < var4_3) { var1_4 = var2_2.charAt(var0_5); ** continue; } break block3; break; } v0 = ++var0_5; ** while (true) } qD.b = var5; qD.a = qD.b[0]; } private static char[] b(String string) { char[] cArray = string.toCharArray(); if (cArray.length < 2) { cArray = cArray; cArray[0] = (char)(cArray[0] ^ 0x75); } return cArray; } /* * Unable to fully structure code * Lifted jumps to return sites */ private static String a(int var0, char[] var1_1) { v0 = var0; v1 = var1_1; v2 = var1_1.length; var1_2 = 0; ** GOTO lbl35
lbl-1000: // 1 sources
{ v0 = v0; v1 = v1; v3 = var1_2; switch (var1_2 % 7) { case 0: { v4 = 117; break; } case 1: { v4 = 98; break; } case 2: { v4 = 2; break; } case 3: { v4 = 104; break; } case 4: { v4 = 71; break; } case 5: { v4 = 31; break; } default: { v4 = 117; } } v1[v3] = (char)(v1[v3] ^ (v0 ^ v4)); ++var1_2;
lbl35: // 2 sources
v2 = v2; ** while (v2 > var1_2) }
lbl37: // 1 sources
return new String(v1).intern(); }
} `
Please complete the following information:
Describe what's not working İ have a jar file and i think its a malware, it seems to bee using Paramorphism 2.1, but Threadtear ^couldn't deobfustucate the code successfully,
Example code:
`package un/cs.obfuscates;
import javax.crypto.Cipher; import javax.crypto.spec.SecretKeySpec; import javax.xml.bind.DatatypeConverter;
public class qD { public static String a; private static final String[] b;
lbl7: // 2 sources
lbl9: // 1 sources
lbl-1000: // 1 sources
lbl35: // 2 sources
lbl37: // 1 sources
} `
Please complete the following information: