About contagio exchange

CONTAGIO EXCHANGE Contagio exchange was created to absorb malware samples shared by readers of Contagio. This is meant to be a community driven malware collection.
Edit Aug 2013 - The community is busy and Mila too so this was not a very active site (my fault probably) so I will be just dumping malware strings here - it often helps in malware identification and googling is the best way.
With just strings, not exactly a fun blog to read but might become s useful resource over time.
I will not be posting samples here, just md5. You can find the corresponding samples on contagio or ping me if you can't find
M
P.S. Robot pictures delivered by Robohash.com (generated from file hashes)

Monday, November 17, 2014

AlienSpy classes strings (from MD5: ABE6EF71E44D2E145033800D0DCCEA57.jar)

File: Server.class
MD5:  3d9ffbe03567067ae0d68124b5b7b748
Size: 520



Ascii Strings:
---------------------------------------------------------------------------
config
Ljava/util/Properties;
socket
Ljava/net/Socket;
Ljava/io/ObjectOutputStream;
Ljava/io/ObjectInputStream;
<init>
Code
LineNumberTable
LocalVariableTable
this
Lplugins/Server;
onLine
OnOffLine
offLine
getId
()Ljava/lang/String;
SourceFile
Server.java
plugins/Server
java/lang/Object

Unicode Strings:
---------------------------------------------------------------------------

File: Main.class
MD5:  b2b1fedd6aafab0f0666897e81d42a4c
Size: 12800

Ascii Strings:
---------------------------------------------------------------------------
Ljava/util/Properties;
Ljava/io/ByteArrayOutputStream;
Ljava/util/HashMap;
Signature
)Ljava/util/HashMap<Ljava/lang/String;[B>;
Ljava/lang/String;
ConstantValue
main
([Ljava/lang/String;)V
Code
LineNumberTable
LocalVariableTable
[Ljava/lang/String;
LMain;
<init>
Ljava/io/InputStreamReader;
Ljava/io/BufferedReader;
Exceptions
Ljava/io/BufferedInputStream;
8(Ljava/util/jar/JarInputStream;)Ljava/util/jar/JarEntry;
Ljava/util/jar/JarInputStream;
Ljava/util/jar/JarEntry;
(Ljava/util/jar/JarEntry;)Z
,(Ljava/util/jar/JarEntry;)Ljava/lang/String;
Ljava/lang/Class;
"Ljava/lang/ClassNotFoundException;
!Ljava/lang/NoSuchMethodException;
Ljava/lang/SecurityException;
"Ljava/lang/IllegalAccessException;
$Ljava/lang/IllegalArgumentException;
-Ljava/lang/reflect/InvocationTargetException;
Ljava/io/IOException;
([BLjava/lang/String;)[B
findClass
%(Ljava/lang/String;)Ljava/lang/Class;
getResourceAsStream
)(Ljava/lang/String;)Ljava/io/InputStream;
SourceFile
Main
java/lang/Thread
java/util/Properties
java/io/ByteArrayOutputStream
java/util/HashMap
.class
java/io/InputStreamReader
java/io/BufferedReader
java/io/BufferedInputStream
java/util/jar/JarInputStream
java/io/ByteArrayInputStream
java/lang/String
java/lang/Class
java/lang/Object
 java/lang/ClassNotFoundException
java/lang/NoSuchMethodException
java/lang/SecurityException
 java/lang/IllegalAccessException
"java/lang/IllegalArgumentException
+java/lang/reflect/InvocationTargetException
java/io/IOException
java/lang/StringBuilder
java/lang/ClassLoader
java/lang/Runnable
java/util/jar/JarEntry
(Ljava/lang/Runnable;)V
start
getClassLoader
()Ljava/lang/ClassLoader;
(Ljava/lang/ClassLoader;)V
getClass
()Ljava/lang/Class;
(Ljava/io/InputStream;)V
(Ljava/io/Reader;)V
readLine
()Ljava/lang/String;
setProperty
8(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/Object;
close
read
([BII)I
write
([BII)V
([B)I
toByteArray
()[B
getProperty
&(Ljava/lang/String;)Ljava/lang/String;
getNextJarEntry
()Ljava/util/jar/JarEntry;
([B)V
(Ljava/lang/String;)V
java/lang/System
Ljava/io/PrintStream;
java/io/PrintStream
println
8(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;
closeEntry
isDirectory
getName
replace
D(Ljava/lang/CharSequence;Ljava/lang/CharSequence;)Ljava/lang/String;
loadClass
getMethod
@(Ljava/lang/String;[Ljava/lang/Class;)Ljava/lang/reflect/Method;
java/lang/reflect/Method
invoke
9(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;
java/util/logging/Logger
getLogger
.(Ljava/lang/String;)Ljava/util/logging/Logger;
java/util/logging/Level
SEVERE
Ljava/util/logging/Level;
C(Ljava/util/logging/Level;Ljava/lang/String;Ljava/lang/Throwable;)V
append
-(Ljava/lang/String;)Ljava/lang/StringBuilder;
toString
length
charAt
(I)C
findSystemClass
&(Ljava/lang/Object;)Ljava/lang/Object;
defineClass
)(Ljava/lang/String;[BII)Ljava/lang/Class;
java/lang/StringBuffer
java/lang/Exception
getStackTrace
 ()[Ljava/lang/StackTraceElement;
getClassName
java/lang/StackTraceElement
getMethodName
,(Ljava/lang/String;)Ljava/lang/StringBuffer;
([C)V
insert
.(ILjava/lang/String;)Ljava/lang/StringBuilder;
ALLATORIxDEMOxONUSeveralssd
iiIiIiIIiI
iiIIIIiIii
iIiiIiiiII
IiIiIiIIii
iiiIiiIiIi
IIiiIiiIii
iIIIiIIiii
IiIIiIiIIi
iIiIIIIiii
iIIiIIiiii
IIiiiIiiIi
iIIIIiiiiI
IIiiiIiiII
W-T?P#u
#(#H!
L%S%O%
*Vdf L*w
B-V;L%S#Rku]
 [0Wv
XjF L*W']-
/O&#H
o*h K
T?P#U(
O1R?
V1I%
xNxYo
C:Y:R9F.
m%P>UdC
.[0L'
m5_<
*Y\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
)+*Y\\\\
5*Y\\\\
@*Y\
*+*Y\
+*Y[*
*Y\\\\\\\\\\\\\\\\\
YXY6
YXY6
YXY6
YXp6
YXY6
YXY6
YYX`
YXp6
YXp6
YXp.
YXY:
YZ\\
ZYXT
ZYXT
ZYXT
ZYXT
ZYXT
ZYXT
YZYX
0+*Y\\\\\
@+*Y[*Y\\\\\\
d[<N6
W_Y=6
*Y\\\\\\\\\\\\\\\
W*YZ\\\
*Y\\\\\
\\\\\\\\\\\\\\\\\+*[*Y\\\\\
c*YZ\\
"+*Y[,*Y
n*Y\
*Y[*
*YXY
*YXY
*YXY
*YXY
3L*YZ\\\\\+*[*YZ\\\
*YZ\\\\\\\\\\\\\\\\\\\\\\,*[*YZ\\\\\\\\\\
*YXY
*YZ\
ZW*YZ\\\\\\\\\\\\,*[*Y\
8+*Y
x+*Z[*YZ\\\\\
*Y\\\\\\\\\\\\\\\\\\\
=+*Z[*YZ\\\\\\\\\
M+*Y[*YZ\\\\

Unicode Strings:
---------------------------------------------------------------------------
<*?uB

File: ID
MD5:  cd77a0d19c53cd854f22acdece0c979b
Size: 8

Ascii Strings:
---------------------------------------------------------------------------
r3xM8QBH

Unicode Strings:
---------------------------------------------------------------------------

File: MANIFEST.MF
MD5:  0d092342e55395e96ea383ec0956003c
Size: 43687

Ascii Strings:
---------------------------------------------------------------------------
1ap5#AV(
)R@(
;yC(
EoSJ
GI_\
jlvr
2)Zu
?DXxL
5.Q8|
U(|1|?Vp
1'=)W&
,wAu4
0ekC4
=V7Y
S(l@M
! L1
yC{R
"^?4v
]/nE
 PSJ
[p}_
.@p+eH%
C36U
0Kx|
r3n!
Y{8\
UnDm!l
(j+Yr
^!Pq
J8^&<
Upx(
m6Jxx*
%}v%6
\V#@
mD ~zb
W;1;~w
kq:+d
=fn3
8w?2F
)!0U
`MbJ
jTsD
Q(H3
?mvw/
c!GH
7$P*
\sOe
gI}f
2vtS
 D8*h
o,!2
\L2uq
to[a
o(E)
3Y:8O
i Mk
$?>Z
qBW;
`v45g}
3Ccow
2E]G`
4<G${Y"P
 7FG]
C,>=F
T&7Lj
T`PT
;v+i
h{/7
#}Ua
E6zp
E:pH
Frg5
D~I75{
n8SY
#0HL
:4Qu
.u=W
39Kg
3!qQ
Q#tj
%H'x
Zl23
l'w:
.\c~w#
+dgr
TXNz
k4Ow
,?!Hxk
iFUP
XiJ=
$5&3b(N/
ite4
4K}g
z36$
N1nm
o$*e
T)1H,0
^V#v)P
6Ci,
Cm=
p+OR
S2~l
I_Q/
56vi
~B/Wc
qwmD
O"P:
`_3:
3&?a;
KLt-
k)~L
^\doi
W>AH
>}"|
^1BQ
DH#b
A85_V
,*;[
M1!s
3Yb=
G'mN2;
1f(=@^n
xm^(L6
])!N;l\!
BBd3e4_Q
 !6!d
SD#A#
-U23
`+tId
$i"(p
I Cp
Lq =
H,1E
8niN
8V/<
Utzw
/4/j
q NR
ff#?
Q.ZT
?p+VZC
.e<v
F<Zw]
m#L)D}
<Na_
_G|F
b8!,
) q\
Bth=
mEal
:OS7
cXbO
KZUQ
-)Q<|2aN
,|ME
:qbn
r~kG
B]Eo
hR2i
]Uy|
koTQ5
RmDn
l898
Ty+.
F=7CF(
-}?KeV1
iDAv
Frow
^yC3v
@*BlrA1
G~\{
'fiF
\Se%]j
K'o":+
-!L~
zLb:{
tVZ]
<F&f
gRk%
[-m0
6,7u
]jv!
_~db
U?BX
CI0v
8;W\
NIDh?
4l]~
mo"E
81/8
Gn{g
xw}/
KnKF
d\n3@
TncM
[p:#a
sa#v
9Sx8
(+Qu&`
+) )
L3}|
MTou
6)*
!G^Hf./Ed
WTJ<]
;wChCQ
)U:T
3?K=X
[h>FDIQ
iXIi<
ZxS$
eNjI
G4./
0;\|n)
vfS9p
=!UB
 fIw
rsma
]x<&Y.
v0"c;
K&}k
rio6f
=;j(
sDRM
Maj8
zs[#RL
6~R0S
8\wQF
AF*>m
2_c4D
QY@"
l>Z,*i
/wY?}
<Cwu
m@XFz|
yoD1
rk(If
ld2x[DWq
x'b,
AY6X
/I0W
k-:?X
}3%z
e^ET"Q
wBhH
O9p2
N`Pk*T
*Y:?
zDBxE
~yH2~
h2yH
Rl.}u
m14O
GR@h
(p7&Y
\~gR
v=]s
a1<4
g/x)
|#Pp+
}x)k
(]-@y
)OO\
>&7p
:h-QE
95o|
D;e^
T].r
0Q0>P
w9)6
V~if
%J{+
^U=j
VnLOX
?@Aa?
<!Gn
%J-X
\}@.
peO#
^m<Xir
+,q@
#(c,
-.5X@_[
_X|a
:Eo,
A#5x&
y^5<
nzaj
;BiS]5
[)176O
"'fM
x&V]h
Q'X1
P9P25D
L/co
BUiE
oKJ.l
'8;q
[2/qj
6'p9Q
d[F/
'e)8
v|l}v2
_Aqe
I,T&z5
D{s@
?1[m
cWSn
.6BC
v@^,
#\>,
3ym,
m%_i-
k3 k]
<N"A=
F?+'p
lR1(K
W \&x
JFSmN
A;cJ
&kj7
2+.m
:}&6
`,g_
lt|w
*>/v
51*@
7g-6
f H!W
KO:h
!!TB
|tiU
d+.c{
u3f:
?2w}
v`EA
eu-q
1paB
3{];/
|>Ji7
A&I9-Vt
ff^?
BPQr
+xz^
&WjS
iWN+&
# VG
MszC
y/'y/
#vbt
B;Rb
Wpbj
+_,uxv
]@Y;e
K:eKJ
x*wv
`TQq
`Kb^
jKcM
{8Cs
F3j}7
%Mmf
Rn$F!
>a~k
aTvW7VHN
?j|c
1h10m
vQ {
;Ki(
.Ay9
7/fBg|
SU!Z
\qnz
-W<c;f@~q]
.Jd-R
Z].jx
m9(a
r,IIu
R2F_
lUd8
an8r
N{#)2c
"I^M}
'2/"
21a!^
%r &
0zs]
S'"C
$'xS*U
*8_M
w*FB
E9GL
aq^)X
4?CPH5
ifpP
'tmP
erU|"
AJ`)&
EzK|
y.U0
[!ii
GC+2
Zm}0
\pMZ
PJ{-
X,[(
XEqS
^Kk&
JXsg<
,D_+
 ,oPh
BBWE
G(Cl
[n3K
LQyr
km2rMpB4
r:NDt-uO]
mXvw
\C0j
`&rtY
oF)n
B@z9yAac
V)Kc_
!N*:
H6$*+l
-1Fc.*
tbQuE^
UCc&
GB:nw
$Qr?
Fs[=
R%P7
pgsO'
,M=3=#dQ
UW^V
&7u<
e}Q:
E~+H&
8[QF
TccP
}u]Q2
"`b|
c1(:
iB}~
GH|$
KK9EY
&kvPa#[m,
i*rS
`Ra<
6&@a
g*N/I
 Lzff>7vz
{;`3.&
P#.XRg
nt@U
7UN|s
v/i9
>3{7
}Dqu
YwVpX
lQc(U
%+#!
xrXO<]
Mt?$
&1}?
UE"z
jv>P
>CPWiY
:N-<
$qJY
Z4tJx
nc;I
:']|
|wGp
vzByC"
h:?#`GcTh
!CkR
zcq%g
ivC:
(Th5
I(5G
Vjh"(v
S2'r)
@}3B
s.?|
~7/t
$|A-PPp!-
Sf3ib
9iuT
_HDl
6N{4y
WoTrA
^5%.N)
F#'Q
RR&`
k#32l
'p1)
OG'1
4y'p
Dm2F
i`y*O
5ii<
|2Zm
=Qa5
GVn8
omm7
}1e^t
q?qI
7wk9J
CAno
L~wF
?G*oyp
0=B&
X)um\
BTFYAt
f5+#
f PF|^h
hB9H
$0;\,
(`Fm
8R6-
w'')
3Wz0
r>?R
cr$o
Rzy#;wRn
9}#=
b {FK
@OSqn
d?N?
Orz$
]o'6
b2A`
/n4H
5m\*
)"g<
tF'Yc

Unicode Strings:
---------------------------------------------------------------------------
Labels: