[+] Target:
C:\Users\Purpl3\Downloads\1.16.5.jar
[*] Detection Mode:
All (Comprehensive analysis of all patterns)
>>> Initializing scan...
[*] [00:00:08] ████████████████████████████████████████ 49783/49783 (100%) Processing: Finished processing 49783 files (1639 skipped, 48144 analyzed)
╔══════════════════════════════════════════════════════════════════════════════╗
║ SCAN SUMMARY ║
╚══════════════════════════════════════════════════════════════════════════════╝
[#] Total Findings: 717 | Files with Findings: 621 | Risk Level: HIGH RISK (8/10)
[*] Scan Time: 9.07s | Total Files Scanned: 621 | Processing Rate: 68.5 files/sec
[?] Findings Breakdown:
▣ Native Library (78)
• Embedded binary payload header (ELF) in META-INF/native/libnetty_transport_native_epoll_x86_64.so
• Embedded binary payload header (ELF) in com/sun/jna/linux-aarch64/libjnidispatch.so
• Embedded binary payload header (ELF) in com/sun/jna/linux-arm/libjnidispatch.so
• Embedded binary payload header (ELF) in com/sun/jna/linux-armel/libjnidispatch.so
• Embedded binary payload header (ELF) in com/sun/jna/linux-ppc/libjnidispatch.so
• Embedded binary payload header (ELF) in com/sun/jna/linux-ppc64le/libjnidispatch.so
• Embedded binary payload header (ELF) in com/sun/jna/linux-x86-64/libjnidispatch.so
• Embedded binary payload header (ELF) in com/sun/jna/linux-x86/libjnidispatch.so
• Embedded binary payload header (ELF) in com/sun/jna/sunos-x86-64/libjnidispatch.so
• Embedded binary payload header (ELF) in io/imgui/java/native-bin/libimgui-java64.so
• Embedded binary payload header (ELF) in linux-aarch64/lib/libcatboost4j-prediction.so
• Embedded binary payload header (ELF) in linux-x86-64/libdiscord-rpc.so
• Embedded binary payload header (ELF) in linux-x86_64/lib/libcatboost4j-prediction.so
• Embedded binary payload header (Mach-O) in META-INF/native/libnetty_transport_native_kqueue_x86_64.jnilib
• Embedded binary payload header (Mach-O) in darwin/libdiscord-rpc.dylib
• Embedded binary payload header (Mach-O) in io/imgui/java/native-bin/libimgui-java64.dylib
• Embedded binary payload header (PE) in OpenAL.dll
• Embedded binary payload header (PE) in OpenAL32.dll
• Embedded binary payload header (PE) in SAPIWrapper_x64.dll
• Embedded binary payload header (PE) in SAPIWrapper_x86.dll
• Embedded binary payload header (PE) in com/sun/jna/win32-x86-64/jnidispatch.dll
• Embedded binary payload header (PE) in com/sun/jna/win32-x86/jnidispatch.dll
• Embedded binary payload header (PE) in glfw.dll
• Embedded binary payload header (PE) in glfw32.dll
• Embedded binary payload header (PE) in io/imgui/java/native-bin/imgui-java64.dll
• Embedded binary payload header (PE) in jemalloc.dll
• Embedded binary payload header (PE) in jemalloc32.dll
• Embedded binary payload header (PE) in lwjgl.dll
• Embedded binary payload header (PE) in lwjgl32.dll
• Embedded binary payload header (PE) in lwjgl_opengl.dll
• Embedded binary payload header (PE) in lwjgl_opengl32.dll
• Embedded binary payload header (PE) in lwjgl_stb.dll
• Embedded binary payload header (PE) in lwjgl_stb32.dll
• Embedded binary payload header (PE) in lwjgl_tinyfd.dll
• Embedded binary payload header (PE) in lwjgl_tinyfd32.dll
• Embedded binary payload header (PE) in win32-x86-64/discord-rpc.dll
• Embedded binary payload header (PE) in win32-x86/discord-rpc.dll
• Embedded binary payload header (PE) in win32-x86_64/lib/catboost4j-prediction.dll
• Embedded native library: META-INF/native/libnetty_transport_native_epoll_x86_64.so
• Embedded native library: META-INF/native/libnetty_transport_native_kqueue_x86_64.jnilib
• Embedded native library: OpenAL.dll
• Embedded native library: OpenAL32.dll
• Embedded native library: SAPIWrapper_x64.dll
• Embedded native library: SAPIWrapper_x86.dll
• Embedded native library: com/sun/jna/darwin/libjnidispatch.jnilib
• Embedded native library: com/sun/jna/linux-aarch64/libjnidispatch.so
• Embedded native library: com/sun/jna/linux-arm/libjnidispatch.so
• Embedded native library: com/sun/jna/linux-armel/libjnidispatch.so
• Embedded native library: com/sun/jna/linux-ppc/libjnidispatch.so
• Embedded native library: com/sun/jna/linux-ppc64le/libjnidispatch.so
• Embedded native library: com/sun/jna/linux-x86-64/libjnidispatch.so
• Embedded native library: com/sun/jna/linux-x86/libjnidispatch.so
• Embedded native library: com/sun/jna/sunos-x86-64/libjnidispatch.so
• Embedded native library: com/sun/jna/win32-x86-64/jnidispatch.dll
• Embedded native library: com/sun/jna/win32-x86/jnidispatch.dll
• Embedded native library: darwin-universal2/lib/libcatboost4j-prediction.dylib
• Embedded native library: darwin/libdiscord-rpc.dylib
• Embedded native library: glfw.dll
• Embedded native library: glfw32.dll
• Embedded native library: io/imgui/java/native-bin/imgui-java64.dll
• Embedded native library: io/imgui/java/native-bin/libimgui-java64.dylib
• Embedded native library: io/imgui/java/native-bin/libimgui-java64.so
• Embedded native library: jemalloc.dll
• Embedded native library: jemalloc32.dll
• Embedded native library: linux-aarch64/lib/libcatboost4j-prediction.so
• Embedded native library: linux-x86-64/libdiscord-rpc.so
• Embedded native library: linux-x86_64/lib/libcatboost4j-prediction.so
• Embedded native library: lwjgl.dll
• Embedded native library: lwjgl32.dll
• Embedded native library: lwjgl_opengl.dll
• Embedded native library: lwjgl_opengl32.dll
• Embedded native library: lwjgl_stb.dll
• Embedded native library: lwjgl_stb32.dll
• Embedded native library: lwjgl_tinyfd.dll
• Embedded native library: lwjgl_tinyfd32.dll
• Embedded native library: win32-x86-64/discord-rpc.dll
• Embedded native library: win32-x86/discord-rpc.dll
• Embedded native library: win32-x86_64/lib/catboost4j-prediction.dll
⬢ Suspicious Java API (6)
• Dynamic class loading or definition
• Java agent instrumentation
• Native bridge or Unsafe API usage
• Process execution API usage
• Reflection-based access
• Script engine execution
◈ Encoded Payload (1)
• High-entropy Base64-like blob (160 chars)
▦ Suspicious Archive Entry (3)
• Embedded binary payload header (PE) in lombok/installer/WindowsDriveInfo-i386.binary
• Embedded binary payload header (PE) in lombok/installer/WindowsDriveInfo-x86_64.binary
• Manifest requests instrumentation or elevated permissions (Premain-Class, Can-Redefine-Classes) in META-INF/MANIFEST.MF
◌ Obfuscation (Unicode Name) (1)
• Obfuscated string truncated: #version 120
uniform vec2 location, size;
uniform sample...
◆ IPv4 Address (3)
• 1.3.6.1
• 4.8.1.2
• 8.1.2.3
◇ URL (35)
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
• playfabapi.com/Client/LoginWithXbox
● Suspicious Keyword (2)
• 'cmd.exe' in "cmd.exe /C start "Open file" "%s""
• 'cmd.exe' in "cmd.exe"
