My First Malware Analysis!
Welcome. Yesterday I've done my first Malware Analysis! Just so you know we didn't get any interesting stuff, but I learnt a lot in the way.
the Reason
First, let's dive into the reason I've conducted a malware analysis in the first place. The place I work shared a JAR file with the students, and I just wanted to check the authenticity of the file by checking its hash value. Well, it was not the same hash as the original file.
steps Taken
Well just in case I've used Remnux, an Ubuntu based Linux distribution designed for Malware Analysis (In this case for an isolated environment). And I've used JD-GUI (A Java Decompiler) to decompile the .jar file and see what's inside. These are the steps taken:
- Open JD-GUI
- Check the source code
- Get the hash values of each file
- Compare the original files' hash values with the suspected ones'
Note: At first I checked the codes and tried to spot a suspicious line, which I was not able to find. Then I realised it makes more sense to compare the hashes in the first place.
So as a result of checking the differences between their hashes, I've seen that the difference was coming from the TIMESTAMP values on .METAINF files. And I learnt that when you re-compile a .jar file, it basically rewrites the timestamps, which actually makes sense.
So yeah, there was no malware. I've just done a Malware Analysis. It was fun.