{"id":7631,"date":"2017-08-31T22:55:11","date_gmt":"2017-08-31T22:55:11","guid":{"rendered":"http:\/\/blog.nsfocusglobal.com\/?p=799"},"modified":"2017-08-31T22:55:11","modified_gmt":"2017-08-31T22:55:11","slug":"joao-malware-analysis","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/joao-malware-analysis\/","title":{"rendered":"Joao Malware Analysis"},"content":{"rendered":"<h2>Overview<\/h2>\n<p>Security researchers from the security firm ESET spotted a piece of malware dubbed Joao targeting gamers. This malware is found inside an Aeria game installation pack provided by a third party. Upon the start of a game, this malware runs in the background, sending the victim&#8217;s machine information to the attacker, including the operating system, user name, and privilege information of this user. Additionally, this malware will install other forms of malware on the machine of the affected user.<\/p>\n<p>Related information can be found at the following link:<\/p>\n<p><a href=\"http:\/\/www.hackread.com\/dangerous-new-malware-joao-hits-gamers-worldwide\/\"><strong>http:\/\/www.hackread.com\/dangerous-new-malware-joao-hits-gamers-worldwide\/<\/strong><\/a><\/p>\n<h2><span style=\"font-size: 18.0pt; line-height: 150%;\">Aeria Games<\/span><\/h2>\n<p>Aeria Games, formerly known as Aeria Games and Entertainment, is an online game publisher headquartered in Berlin, Germany with other locations in .<\/p>\n<p>Aeria Games, a subsidiary of ProSiebenSat.1 Media, operates an Internet gaming portal for massive multiplayer online games. It focuses on online games in multiple formats to include client, browser, and mobile games. It publishes for North America, South America, and Europe.<\/p>\n<h2>Propagation and Infection<\/h2>\n<p>The malware Joao propagates via hacked Aeria games offered on unofficial websites for users to download.<\/p>\n<h2>Sample Analysis<\/h2>\n<h3>\u00a0 \u00a0Environment<\/h3>\n<table style=\"height: 150px;\" width=\"567\">\n<tbody>\n<tr>\n<td width=\"110\">Operating System<\/td>\n<td width=\"443\">32-bit Windows 7<\/td>\n<\/tr>\n<tr>\n<td width=\"110\">Tools<\/td>\n<td width=\"443\">ProcessMonitor, XueTr, Wireshark, OllyDbg, IDA<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3>Major Functions<\/h3>\n<ol>\n<li><strong>Information theft<\/strong>: The sample steals the computer name, operating system version, user privilege information, as well as information (such as login data) saved in Google Chrome.<\/li>\n<li><strong>Network behavior<\/strong>: The sample connects to 104.18.48.240 to send an HTTP GET request in which the &#8220;value&#8221; field is encrypted user information.<\/li>\n<\/ol>\n<p style=\"text-align: left;\">http:\/\/www.apexserver.ws\/index.php?route=anticheat&#038;op=validatekey&#038;cid=7&#038;ver=4&#038;value=c9LKpz30qO2-L4mZUktTzhQiySiSOfhzxdwusZP4GCXiQGWr96-7R22jHFA_lny5FtUMlbSI6tiiGCtl5_UuVe0SG-ft8VmlXMa<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/08\/pic01.png\"><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-full wp-image-800\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/08\/pic01.png\" alt=\"\" width=\"342\" height=\"638\" \/><\/a><\/p>\n<p>At first, this sample collects information about the local device, including the device name, user name, operating system version, and the user&#8217;s privilege level.<\/p>\n<p><a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/08\/pic02.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-801\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/08\/pic02.png\" alt=\"\" width=\"672\" height=\"128\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/08\/pic02.png 672w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/08\/pic02-300x57.png 300w\" sizes=\"(max-width: 672px) 100vw, 672px\" \/><\/a><\/p>\n<p>Then the sample encrypts and encodes the information shown in the preceding figure, extracts the URL from its own data via decryption, and adds the encoded local information to the &#8220;value&#8221; field in the URL. After that, the sample connects to the remote server and sends it an HTTP GET request.<\/p>\n<p><a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/08\/pic03.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-802\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/08\/pic03.png\" alt=\"\" width=\"850\" height=\"314\" \/><\/a><\/p>\n<p>If URL is unavailable and a request to it is replied with error 522 the sample has no further malicious behaviors as it fails to download data from the server. After receiving data from the server the sample acts as instructed. Specifically, it may create processes for code injection or steal information (such as user login data) saved in Google Chrome and send it to the remote server.<\/p>\n<h3>Analysis of Associated Samples<\/h3>\n<p>We searched for associated samples and found a component of Joao. According to our simple analysis, this component is also a downloader that is mainly used to download a PE file and inject it in the downloader for execution.<\/p>\n<p>This component keeps trying to connect ports 53, 18000, 80, 443, 8000, 25, 21, 3389, and 445 of IP addresses 95.170.86.186, 146.185.136.11, and 185.35.77.17 in a circular manner until a connection is established.<\/p>\n<p><a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/08\/pic04.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-803 aligncenter\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/08\/pic04.png\" alt=\"\" width=\"603\" height=\"164\" \/><\/a><\/p>\n<p>After the connection is established, both ends first decide on the size of the file to upload. After that, the Joao component receives data and checks whether it is a PE file. If yes, this component injects it into its own process application space and then invokes CreateRemoteThread for execution.<\/p>\n<p><a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/08\/pic05.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-large wp-image-804 aligncenter\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/08\/pic05-1024x333.png\" alt=\"\" width=\"640\" height=\"208\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/08\/pic05-1024x333.png 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/08\/pic05-300x98.png 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/08\/pic05-768x250.png 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/08\/pic05.png 1051w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/a><\/p>\n<h3>\u00a0 \u00a0Network Characteristics<\/h3>\n<ol>\n<li>The sample sends an HTTP GET request to 104.18.48.240, in which the value of the &#8220;host&#8221; field is <a href=\"http:\/\/www.apexcontrol.ws\">www.apexcontrol.ws<\/a>.<\/li>\n<li>An associated sample tries to download malicious code from the following malicious IP addresses: 95.170.86.186, 146.185.136.11, and 185.35.77.17.<\/li>\n<\/ol>\n<h3>\u00a0 \u00a0Attack Source<\/h3>\n<p><a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/08\/pic06.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-805 aligncenter\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/08\/pic06.png\" alt=\"\" width=\"473\" height=\"398\" \/><\/a><\/p>\n<h2>Detection Method<\/h2>\n<h3>\u00a0 \u00a0Users&#8217; Self-Protection<\/h3>\n<ol>\n<li>Download games from official websites, rather than third-party websites where trojans may be concealed.<\/li>\n<li>Monitor HTTP GET requests whose &#8220;host&#8221; field contains the www.apexcontrol.ws domain name.<\/li>\n<li>Install antivirus software to prevent malware infection and resulting damage.<\/li>\n<\/ol>\n<h3>\u00a0 \u00a0NSFOCUS Recommended Solutions for Removing Trojans<\/h3>\n<ol>\n<li>Short-term service: NSFOCUS engineers provide the onsite trojan backdoor removal service (manual services + NIPS + TAC) to ensure that risk points are immediately eliminated from the network and the event impact is minimized. After the handling, an event analysis report is provided.<\/li>\n<li>Mid-term service: NSFOCUS provides 3- to 6-month risk monitoring and preventive maintenance inspection (PMI) services (NIPS + TAC + manual services) to detect this malicious sample in an ongoing manner, thereby securing customers&#8217; systems.<\/li>\n<li>Long-term service: NSFOCUS provides industry-specific risk mitigation solutions (threat intelligence + attack traceback + professional security service).<\/li>\n<\/ol>\n<h2>Conclusion<\/h2>\n<p>The malware Joao propagates via hacked Aeria games offered on unofficial websites for users to download. To prevent the infection of this malware, users must check whether the game installation pack contains an extra DLL file, especially mskdbe.dll. If yes, remove it immediately.<\/p>\n<h2>Appendix<\/h2>\n<p>The following indicators of compromise (IoCs) are concerned with Joao:<\/p>\n<table width=\"552\">\n<tbody>\n<tr>\n<td>Joao downloader: mskdbe.dll &#8211; Win32 \/ Joao.A<\/td>\n<\/tr>\n<tr>\n<td>Hashes:<\/td>\n<\/tr>\n<tr>\n<td>49505723d250cde39087fd85273f7d6a96b3c50d<\/td>\n<\/tr>\n<tr>\n<td>d9fb94ac24295a2d439daa1f0bf4479420b32e34<\/td>\n<\/tr>\n<tr>\n<td>4ede2c99cc174fc8b36a0e8fe6724b03cc7cb663<\/td>\n<\/tr>\n<tr>\n<td>e44dbadcd7d8b768836c16a40fae7d712bfb60e2<\/td>\n<\/tr>\n<tr>\n<td>b37f7a01c5a7e366bd2f4f0e7112bbb94e5ff589<\/td>\n<\/tr>\n<tr>\n<td>fdbb398839c7b6692c1d72ac3fcd8ae837c52b47<\/td>\n<\/tr>\n<tr>\n<td>5ab0b5403569b17d8006ef6819acc010ab36b2db<\/td>\n<\/tr>\n<tr>\n<td>c3abd23d775c85f08662a00d945110bb46897c7c<\/td>\n<\/tr>\n<tr>\n<td>00a0677e7f26c325265e9ec8d3e4c5038c3d461d<\/td>\n<\/tr>\n<tr>\n<td>c1b4c2696294df414cfc234ab50b2e209c724390<\/td>\n<\/tr>\n<tr>\n<td>844f20d543d213352d533eb8042bd5d2aff4b7d4<\/td>\n<\/tr>\n<tr>\n<td>2ce51e5e75d8ecc560e9c024cd74b7ec8233ff78<\/td>\n<\/tr>\n<tr>\n<td>12a772e2092e974da5a1b6e008c570563e9acfe9<\/td>\n<\/tr>\n<tr>\n<td>287c610e40aff6c6f37f1ad4d4e477cb728f7b1d<\/td>\n<\/tr>\n<tr>\n<td>5303a6f8318c2c79c2188377edddbe163cd02572<\/td>\n<\/tr>\n<tr>\n<td>6f17c3ab48f857669d99065904e85b198f2b83f5<\/td>\n<\/tr>\n<tr>\n<td>51dfe50e675eea427192dcc7a900b00d10bb257a<\/td>\n<\/tr>\n<tr>\n<td>ec976800cd25109771f09bbba24fca428b51563e<\/td>\n<\/tr>\n<tr>\n<td>13e05e44d1311c5c15c32a4d21aa8eadf2106e96<\/td>\n<\/tr>\n<tr>\n<td>0914913286c80428b2c6dec7aff4e0a9b51acf50<\/td>\n<\/tr>\n<tr>\n<td>1e9c0a2a75db5b74a96dbfd61bcdda47335aaf8b<\/td>\n<\/tr>\n<tr>\n<td>392b54c5a318b64f4fd3e9313b1a17eac36320e1<\/td>\n<\/tr>\n<tr>\n<td>ba40012bdee8fc8f4ec06921e99bc4d566bba336<\/td>\n<\/tr>\n<tr>\n<td>6d130e6301f4971069513266a1510a4729062f6d<\/td>\n<\/tr>\n<tr>\n<td>beea9351853984e7426107c37bc0c7f40c5360e0<\/td>\n<\/tr>\n<tr>\n<td>a34d6a462b7f176827257991ef9807b31679e781<\/td>\n<\/tr>\n<tr>\n<td>ac86700c85a857c6d8c72cb0d34ebd9552351366<\/td>\n<\/tr>\n<tr>\n<td>af079da9243eb7113f30146c258992b2b5ceb651<\/td>\n<\/tr>\n<tr>\n<td>1e6125b9c4337b501c699f481debdfefea070583<\/td>\n<\/tr>\n<tr>\n<td>a158f01199c6fd931f064b948c923118466c7384<\/td>\n<\/tr>\n<tr>\n<td>350fc8286efdf8bcf4c92dc077088dd928439de9<\/td>\n<\/tr>\n<tr>\n<td>2da8a51359bf3be8d17c19405c930848fe41bb04<\/td>\n<\/tr>\n<tr>\n<td>Components:<\/td>\n<\/tr>\n<tr>\n<td>JoaoShepherd.dll &#8211; Win32 \/ Joao.B<\/td>\n<\/tr>\n<tr>\n<td>joaoDLL.dll &#8211; Win32 \/ Joao.C<\/td>\n<\/tr>\n<tr>\n<td>joaoInstaller.exe &#8211; Win32 \/ Joao.D<\/td>\n<\/tr>\n<tr>\n<td>JoaoShepherd.dll\uff08x64\uff09 &#8211; Win64 \/ Joao.B<\/td>\n<\/tr>\n<tr>\n<td>joaoInstaller.exe\uff08x64\uff09 &#8211; Win64 \/ Joao.D<\/td>\n<\/tr>\n<tr>\n<td>Hashes:<\/td>\n<\/tr>\n<tr>\n<td>0d0eb06aab3452247650585f5d70fa8a7d81d968<\/td>\n<\/tr>\n<tr>\n<td>f96b42fd652275d74f30c718cbcd009947aa681a<\/td>\n<\/tr>\n<tr>\n<td>6154484d4acf83c21479e7f4d19aa33ae6cb716c<\/td>\n<\/tr>\n<tr>\n<td>d338babd7173fa9bb9b1db9c9710308ece7da56e<\/td>\n<\/tr>\n<tr>\n<td>ef2a21b204b357ca068fe2f663df958428636194<\/td>\n<\/tr>\n<tr>\n<td>6b0e03e12070598825ac97767f9a7711aa6a7b91<\/td>\n<\/tr>\n<tr>\n<td>28ca2d945731be2ff1db1f4c68c39f48b8e5ca98<\/td>\n<\/tr>\n<tr>\n<td>d08120dd3fa82a5f117d91e324b2baf4cbbcaea5<\/td>\n<\/tr>\n<tr>\n<td>f95aef3ca0c4bd2338ce851016dd05e2ee639c30<\/td>\n<\/tr>\n<tr>\n<td>9b2d59a1aa7733c1a820cc94a8d5a6a5b4a5b586<\/td>\n<\/tr>\n<tr>\n<td>ceb15c9fd15c844b65d280432491189cc50e7331<\/td>\n<\/tr>\n<tr>\n<td>3331ac2aecfd434c591b83f3959fa8880141ab05<\/td>\n<\/tr>\n<tr>\n<td>2ff2aadc9276592cbe2f2a07cf800da1b7c68581<\/td>\n<\/tr>\n<tr>\n<td>3bceb54eb9dd2994b1232b596ee0b117d460af09<\/td>\n<\/tr>\n<tr>\n<td>86617e92fc6b8625e8dec2a006f2194a35572d20<\/td>\n<\/tr>\n<tr>\n<td>18a74078037b788f8be84d6e63ef5917cbafe418<\/td>\n<\/tr>\n<tr>\n<td>4b0c1fcd43feab17ca8f856afebac63dedd3cd19<\/td>\n<\/tr>\n<tr>\n<td>6bfa98f347b61d149bb2f8a2c9fd48829be697b6<\/td>\n<\/tr>\n<tr>\n<td>7336e5255043841907e635b07e1e976d2ffb92b5<\/td>\n<\/tr>\n<tr>\n<td>745396fedd66a807b55deee691c3fe70c5bc955d<\/td>\n<\/tr>\n<tr>\n<td>574f81b004cb9c6f14bf912e389eabd781fe8c90<\/td>\n<\/tr>\n<tr>\n<td>d7751fc27efbc5a28d348851ce74f987d59b2d91<\/td>\n<\/tr>\n<tr>\n<td>19bf7b5ad77c62c740267ea01928c729ca6d0762<\/td>\n<\/tr>\n<tr>\n<td>ecc0ade237fa46a5b8f92ccc97316901a1eaba47<\/td>\n<\/tr>\n<tr>\n<td>7075ffa5c8635fb4afeb7eea69a910e2f74080b3<\/td>\n<\/tr>\n<tr>\n<td>47f68b6352243d1e03617d5e50948648f090dc32<\/td>\n<\/tr>\n<tr>\n<td>7a4f05fc0906e3e1c5f2407daae2a73b638b73d9<\/td>\n<\/tr>\n<tr>\n<td>b6d7da761084d4732e85fd33fb670d2e330687a2<\/td>\n<\/tr>\n<tr>\n<td>ab69fb7c47e937620ab4af6aa7c36cf75f262e39<\/td>\n<\/tr>\n<tr>\n<td>0e9e2dcf39dfe2436b220f13a18fdbce1270365d<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Overview Security researchers from the security firm ESET spotted a piece of malware dubbed Joao targeting gamers. This malware is found inside an Aeria game installation pack provided by a third party. Upon the start of a game, this malware runs in the background, sending the victim&#8217;s machine information to the attacker, including the operating [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":7787,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[6,15,17],"tags":[],"class_list":["post-7631","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-emergency-response","category-research-reports","category-vulnerability-analysis"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Joao Malware Analysis - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Joao Malware Analysis - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"Overview Security researchers from the security firm ESET spotted a piece of malware dubbed Joao targeting gamers. This malware is found inside an Aeria\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/joao-malware-analysis\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2017-08-31T22:55:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/08\/aeria_LPv2-1.jpg\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Joao Malware Analysis - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"Overview Security researchers from the security firm ESET spotted a piece of malware dubbed Joao targeting gamers. This malware is found inside an Aeria\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/08\/aeria_LPv2-1.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/joao-malware-analysis\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/joao-malware-analysis\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"Joao Malware Analysis\",\"datePublished\":\"2017-08-31T22:55:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/joao-malware-analysis\\\/\"},\"wordCount\":1394,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/joao-malware-analysis\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2017\\\/08\\\/aeria_LPv2-1.jpg\",\"articleSection\":[\"Emergency Response\",\"Research &amp; Reports\",\"Threat Analysis\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/joao-malware-analysis\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/joao-malware-analysis\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/joao-malware-analysis\\\/\",\"name\":\"Joao Malware Analysis - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/joao-malware-analysis\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/joao-malware-analysis\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2017\\\/08\\\/aeria_LPv2-1.jpg\",\"datePublished\":\"2017-08-31T22:55:11+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/joao-malware-analysis\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/joao-malware-analysis\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/joao-malware-analysis\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2017\\\/08\\\/aeria_LPv2-1.jpg\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2017\\\/08\\\/aeria_LPv2-1.jpg\",\"width\":1458,\"height\":582,\"caption\":\"Aeria Games Joao Malware NSFocus text.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/joao-malware-analysis\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Joao Malware Analysis\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Joao Malware Analysis - NSFOCUS","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"pt_BR","og_type":"article","og_title":"Joao Malware Analysis - NSFOCUS","og_description":"Overview Security researchers from the security firm ESET spotted a piece of malware dubbed Joao targeting gamers. This malware is found inside an Aeria","og_url":"https:\/\/nsfocusglobal.com\/joao-malware-analysis\/","og_site_name":"NSFOCUS","article_published_time":"2017-08-31T22:55:11+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/08\/aeria_LPv2-1.jpg","type":"","width":"","height":""}],"author":"admin","twitter_card":"summary_large_image","twitter_title":"Joao Malware Analysis - NSFOCUS","twitter_description":"Overview Security researchers from the security firm ESET spotted a piece of malware dubbed Joao targeting gamers. This malware is found inside an Aeria","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/08\/aeria_LPv2-1.jpg","twitter_misc":{"Escrito por":"admin","Est. tempo de leitura":"7 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/joao-malware-analysis\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/joao-malware-analysis\/"},"author":{"name":"admin","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"Joao Malware Analysis","datePublished":"2017-08-31T22:55:11+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/joao-malware-analysis\/"},"wordCount":1394,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/joao-malware-analysis\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/08\/aeria_LPv2-1.jpg","articleSection":["Emergency Response","Research &amp; Reports","Threat Analysis"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/joao-malware-analysis\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/joao-malware-analysis\/","url":"https:\/\/nsfocusglobal.com\/joao-malware-analysis\/","name":"Joao Malware Analysis - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/joao-malware-analysis\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/joao-malware-analysis\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/08\/aeria_LPv2-1.jpg","datePublished":"2017-08-31T22:55:11+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/joao-malware-analysis\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/joao-malware-analysis\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/joao-malware-analysis\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/08\/aeria_LPv2-1.jpg","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/08\/aeria_LPv2-1.jpg","width":1458,"height":582,"caption":"Aeria Games Joao Malware NSFocus text."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/joao-malware-analysis\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"Joao Malware Analysis"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website","url":"https:\/\/nsfocusglobal.com\/pt-br\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/pt-br\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/pt-br\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"admin","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/7631","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=7631"}],"version-history":[{"count":0,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/7631\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/7787"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=7631"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=7631"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=7631"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}