From ea6cacf0c1f78a0c34f88ac9936e13f76133f353 Mon Sep 17 00:00:00 2001 From: Konloch Date: Sat, 3 Jul 2021 12:29:50 -0700 Subject: [PATCH] Malware Scanner Cleanup --- .../malwarescanner/CodeScanner.java | 18 ++++++++++++++++++ .../malwarescanner/MalwareCodeScanner.java | 18 ++++++++++++++++++ .../malwarescanner/MalwareScan.java | 18 ++++++++++++++++++ .../malwarescanner/MalwareScanModule.java | 18 ++++++++++++++++++ .../malwarescanner/impl/AWTRobotScanner.java | 18 ++++++++++++++++++ .../malwarescanner/impl/JavaIOScanner.java | 18 ++++++++++++++++++ .../malwarescanner/impl/JavaNetScanner.java | 18 ++++++++++++++++++ .../impl/JavaRuntimeScanner.java | 18 ++++++++++++++++++ .../impl/NullSecurityManagerScanner.java | 18 ++++++++++++++++++ .../malwarescanner/impl/ReflectionScanner.java | 18 ++++++++++++++++++ .../malwarescanner/impl/URLScanner.java | 18 ++++++++++++++++++ .../util/MaliciousCodeOptions.java | 18 ++++++++++++++++++ .../malwarescanner/util/SearchableString.java | 18 ++++++++++++++++++ 13 files changed, 234 insertions(+) diff --git a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/CodeScanner.java b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/CodeScanner.java index 5a3b2654..893b160d 100644 --- a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/CodeScanner.java +++ b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/CodeScanner.java @@ -4,6 +4,24 @@ import org.objectweb.asm.tree.ClassNode; import org.objectweb.asm.tree.FieldNode; import org.objectweb.asm.tree.MethodNode; +/*************************************************************************** + * Bytecode Viewer (BCV) - Java & Android Reverse Engineering Suite * + * Copyright (C) 2014 Kalen 'Konloch' Kinloch - http://bytecodeviewer.com * + * * + * This program is free software: you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation, either version 3 of the License, or * + * (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program. If not, see . * + ***************************************************************************/ + /** * @author Konloch * @since 6/27/2021 diff --git a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/MalwareCodeScanner.java b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/MalwareCodeScanner.java index f1e4d957..4f066198 100644 --- a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/MalwareCodeScanner.java +++ b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/MalwareCodeScanner.java @@ -5,6 +5,24 @@ import the.bytecode.club.bytecodeviewer.BytecodeViewer; import the.bytecode.club.bytecodeviewer.decompilers.bytecode.InstructionPrinter; import the.bytecode.club.bytecodeviewer.malwarescanner.util.SearchableString; +/*************************************************************************** + * Bytecode Viewer (BCV) - Java & Android Reverse Engineering Suite * + * Copyright (C) 2014 Kalen 'Konloch' Kinloch - http://bytecodeviewer.com * + * * + * This program is free software: you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation, either version 3 of the License, or * + * (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program. If not, see . * + ***************************************************************************/ + /** * The base class for the malware code scanners * diff --git a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/MalwareScan.java b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/MalwareScan.java index 4e18980e..fcc12d43 100644 --- a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/MalwareScan.java +++ b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/MalwareScan.java @@ -5,6 +5,24 @@ import org.objectweb.asm.tree.ClassNode; import java.util.ArrayList; import java.util.HashSet; +/*************************************************************************** + * Bytecode Viewer (BCV) - Java & Android Reverse Engineering Suite * + * Copyright (C) 2014 Kalen 'Konloch' Kinloch - http://bytecodeviewer.com * + * * + * This program is free software: you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation, either version 3 of the License, or * + * (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program. If not, see . * + ***************************************************************************/ + /** * A new malware scan object is created any time the MalicousCodeScanner plugin is ran * diff --git a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/MalwareScanModule.java b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/MalwareScanModule.java index fa5bc9d2..6adadcd3 100644 --- a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/MalwareScanModule.java +++ b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/MalwareScanModule.java @@ -4,6 +4,24 @@ import org.apache.commons.text.WordUtils; import org.objectweb.asm.tree.ClassNode; import the.bytecode.club.bytecodeviewer.malwarescanner.impl.*; +/*************************************************************************** + * Bytecode Viewer (BCV) - Java & Android Reverse Engineering Suite * + * Copyright (C) 2014 Kalen 'Konloch' Kinloch - http://bytecodeviewer.com * + * * + * This program is free software: you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation, either version 3 of the License, or * + * (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program. If not, see . * + ***************************************************************************/ + /** * All of the installed malware scan modules * diff --git a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/AWTRobotScanner.java b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/AWTRobotScanner.java index 1385d03e..e46c563b 100644 --- a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/AWTRobotScanner.java +++ b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/AWTRobotScanner.java @@ -7,6 +7,24 @@ import the.bytecode.club.bytecodeviewer.malwarescanner.util.SearchableString; import static the.bytecode.club.bytecodeviewer.Constants.nl; +/*************************************************************************** + * Bytecode Viewer (BCV) - Java & Android Reverse Engineering Suite * + * Copyright (C) 2014 Kalen 'Konloch' Kinloch - http://bytecodeviewer.com * + * * + * This program is free software: you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation, either version 3 of the License, or * + * (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program. If not, see . * + ***************************************************************************/ + /** * Scans for any trace of java/awt/Robot inside of method instructions and strings * diff --git a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaIOScanner.java b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaIOScanner.java index 792751fe..f1106d49 100644 --- a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaIOScanner.java +++ b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaIOScanner.java @@ -7,6 +7,24 @@ import the.bytecode.club.bytecodeviewer.malwarescanner.util.SearchableString; import static the.bytecode.club.bytecodeviewer.Constants.nl; +/*************************************************************************** + * Bytecode Viewer (BCV) - Java & Android Reverse Engineering Suite * + * Copyright (C) 2014 Kalen 'Konloch' Kinloch - http://bytecodeviewer.com * + * * + * This program is free software: you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation, either version 3 of the License, or * + * (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program. If not, see . * + ***************************************************************************/ + /** * @author Konloch * @since 6/27/2021 diff --git a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaNetScanner.java b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaNetScanner.java index 7a194ef7..f2ddca68 100644 --- a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaNetScanner.java +++ b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaNetScanner.java @@ -7,6 +7,24 @@ import the.bytecode.club.bytecodeviewer.malwarescanner.util.SearchableString; import static the.bytecode.club.bytecodeviewer.Constants.nl; +/*************************************************************************** + * Bytecode Viewer (BCV) - Java & Android Reverse Engineering Suite * + * Copyright (C) 2014 Kalen 'Konloch' Kinloch - http://bytecodeviewer.com * + * * + * This program is free software: you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation, either version 3 of the License, or * + * (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program. If not, see . * + ***************************************************************************/ + /** * @author Konloch * @author WaterWolf diff --git a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaRuntimeScanner.java b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaRuntimeScanner.java index 18f9b427..2fad7cf4 100644 --- a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaRuntimeScanner.java +++ b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/JavaRuntimeScanner.java @@ -7,6 +7,24 @@ import the.bytecode.club.bytecodeviewer.malwarescanner.util.SearchableString; import static the.bytecode.club.bytecodeviewer.Constants.nl; +/*************************************************************************** + * Bytecode Viewer (BCV) - Java & Android Reverse Engineering Suite * + * Copyright (C) 2014 Kalen 'Konloch' Kinloch - http://bytecodeviewer.com * + * * + * This program is free software: you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation, either version 3 of the License, or * + * (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program. If not, see . * + ***************************************************************************/ + /** * Scans for any trace of java/lang/Runtime inside of method instructions and strings * diff --git a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/NullSecurityManagerScanner.java b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/NullSecurityManagerScanner.java index 3e1eae26..96becaf4 100644 --- a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/NullSecurityManagerScanner.java +++ b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/NullSecurityManagerScanner.java @@ -9,6 +9,24 @@ import the.bytecode.club.bytecodeviewer.malwarescanner.util.SearchableString; import static the.bytecode.club.bytecodeviewer.Constants.nl; +/*************************************************************************** + * Bytecode Viewer (BCV) - Java & Android Reverse Engineering Suite * + * Copyright (C) 2014 Kalen 'Konloch' Kinloch - http://bytecodeviewer.com * + * * + * This program is free software: you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation, either version 3 of the License, or * + * (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program. If not, see . * + ***************************************************************************/ + /** * Checks for the security manager getting set to null * diff --git a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/ReflectionScanner.java b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/ReflectionScanner.java index e7cfe14b..fad22fae 100644 --- a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/ReflectionScanner.java +++ b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/ReflectionScanner.java @@ -7,6 +7,24 @@ import the.bytecode.club.bytecodeviewer.malwarescanner.util.SearchableString; import static the.bytecode.club.bytecodeviewer.Constants.nl; +/*************************************************************************** + * Bytecode Viewer (BCV) - Java & Android Reverse Engineering Suite * + * Copyright (C) 2014 Kalen 'Konloch' Kinloch - http://bytecodeviewer.com * + * * + * This program is free software: you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation, either version 3 of the License, or * + * (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program. If not, see . * + ***************************************************************************/ + /** * Scans for method instructions containing java/lang/reflect * diff --git a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/URLScanner.java b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/URLScanner.java index 9c4ed170..a4c6c346 100644 --- a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/URLScanner.java +++ b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/impl/URLScanner.java @@ -9,6 +9,24 @@ import java.util.regex.Pattern; import static the.bytecode.club.bytecodeviewer.Constants.nl; +/*************************************************************************** + * Bytecode Viewer (BCV) - Java & Android Reverse Engineering Suite * + * Copyright (C) 2014 Kalen 'Konloch' Kinloch - http://bytecodeviewer.com * + * * + * This program is free software: you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation, either version 3 of the License, or * + * (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program. If not, see . * + ***************************************************************************/ + /** * Scans strings for common URL patterns: * Any string containing www diff --git a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/util/MaliciousCodeOptions.java b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/util/MaliciousCodeOptions.java index 6bcaaecf..eec2e5ca 100644 --- a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/util/MaliciousCodeOptions.java +++ b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/util/MaliciousCodeOptions.java @@ -4,6 +4,24 @@ import the.bytecode.club.bytecodeviewer.malwarescanner.MalwareScanModule; import javax.swing.*; +/*************************************************************************** + * Bytecode Viewer (BCV) - Java & Android Reverse Engineering Suite * + * Copyright (C) 2014 Kalen 'Konloch' Kinloch - http://bytecodeviewer.com * + * * + * This program is free software: you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation, either version 3 of the License, or * + * (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program. If not, see . * + ***************************************************************************/ + /** * @author Konloch * @since 6/27/2021 diff --git a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/util/SearchableString.java b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/util/SearchableString.java index ef09a7db..014dafb1 100644 --- a/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/util/SearchableString.java +++ b/src/main/java/the/bytecode/club/bytecodeviewer/malwarescanner/util/SearchableString.java @@ -1,5 +1,23 @@ package the.bytecode.club.bytecodeviewer.malwarescanner.util; +/*************************************************************************** + * Bytecode Viewer (BCV) - Java & Android Reverse Engineering Suite * + * Copyright (C) 2014 Kalen 'Konloch' Kinloch - http://bytecodeviewer.com * + * * + * This program is free software: you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation, either version 3 of the License, or * + * (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program. If not, see . * + ***************************************************************************/ + /** * @author Konloch * @since 6/27/2021