threadtear icon indicating copy to clipboard operation
threadtear copied to clipboard

Published 20 hours ago verified publisher icon GraxCode

Paramorphism issue

Open TheFlowDevelopment opened this issue 2 years ago • 0 comments

Describe what's not working İ have a jar file and i think its a malware, it seems to bee using Paramorphism 2.1, but Threadtear ^couldn't deobfustucate the code successfully,

Example code:

`package un/cs.obfuscates;

import javax.crypto.Cipher; import javax.crypto.spec.SecretKeySpec; import javax.xml.bind.DatatypeConverter;

public class qD { public static String a; private static final String[] b;

public static String a(String string) {
    byte[] byArray = null;
    try {
        String[] stringArray = b;
        SecretKeySpec secretKeySpec = new SecretKeySpec(a.getBytes(), stringArray[1]);
        Cipher cipher = Cipher.getInstance(stringArray[2]);
        cipher.init(2, secretKeySpec);
        byArray = cipher.doFinal(DatatypeConverter.parseBase64Binary(string));
    }
    catch (Exception exception) {
        exception.printStackTrace();
    }
    return new String(byArray);
}

/*
 * Unable to fully structure code
 * Lifted jumps to return sites
 */
static {
    block3: {
        var5 = new String[3];
        var3_1 = 0;
        var2_2 = "{;f\n\rv>j\r\bxkxkN{~gXfiXJ*Me4";
        var4_3 = "{;f\n\rv>j\r\bxkxkN{~gXfiXJ*Me4".length();
        var1_4 = 16;
        var0_5 = -1;

lbl7: // 2 sources

        while (true) {
            continue;
            break;
        }

lbl9: // 1 sources

        while (true) {
            var5[var3_1++] = qD.a(76, qD.b(var2_2.substring(v0, v0 + var1_4)));
            if ((var0_5 += var1_4) < var4_3) {
                var1_4 = var2_2.charAt(var0_5);
                ** continue;
            }
            break block3;
            break;
        }
        v0 = ++var0_5;
        ** while (true)
    }
    qD.b = var5;
    qD.a = qD.b[0];
}

private static char[] b(String string) {
    char[] cArray = string.toCharArray();
    if (cArray.length < 2) {
        cArray = cArray;
        cArray[0] = (char)(cArray[0] ^ 0x75);
    }
    return cArray;
}

/*
 * Unable to fully structure code
 * Lifted jumps to return sites
 */
private static String a(int var0, char[] var1_1) {
    v0 = var0;
    v1 = var1_1;
    v2 = var1_1.length;
    var1_2 = 0;
    ** GOTO lbl35

lbl-1000: // 1 sources

    {
        v0 = v0;
        v1 = v1;
        v3 = var1_2;
        switch (var1_2 % 7) {
            case 0: {
                v4 = 117;
                break;
            }
            case 1: {
                v4 = 98;
                break;
            }
            case 2: {
                v4 = 2;
                break;
            }
            case 3: {
                v4 = 104;
                break;
            }
            case 4: {
                v4 = 71;
                break;
            }
            case 5: {
                v4 = 31;
                break;
            }
            default: {
                v4 = 117;
            }
        }
        v1[v3] = (char)(v1[v3] ^ (v0 ^ v4));
        ++var1_2;

lbl35: // 2 sources

        v2 = v2;
        ** while (v2 > var1_2)
    }

lbl37: // 1 sources

    return new String(v1).intern();
}

} `

Please complete the following information:

  • OS:Windows 10
  • Java version: 8 |JDK 1.8.291

TheFlowDevelopment avatar Aug 27 '21 13:08 TheFlowDevelopment