Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can Malware or Trojan be Hidden in .EJS File


  • Please log in to reply
7 replies to this topic

#1 gonwk

gonwk

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 23 January 2013 - 08:42 PM

Hi folks,

Sorry if I have posted this in the Wrong Thread ... was not sure where it goes! :unsure:

FYI, I am a Total Newbie ... don't understand beans about programming or anything like that ... so, with that ...
I have a ".ejs" file "xxxx.settings.xxxx.xxxx.ejs" with size of 182KB that I like to use ...

Q1: Can the Author of the file Hide commands in it that it can install TROJANS & VIRUS on my laptop?

Q2: How can I open up and read the contents of an .ejs file?

Q3: Is there a way that this can be teseted to make sure it is Safe?

BTW, I ran it thru VirusTotal ... and it says it is Clean!!!

Q4: Can VirusTotal Result be Trusted since it is a JavaScript and Not an .Exe file?

Thanks,

G! :)

Edited by gonwk, 23 January 2013 - 08:43 PM.

Totally a Newbie, Eager to Learn!

BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:26 PM

Posted 23 January 2013 - 09:32 PM

What is EJS file extension?
File type specification:
Source code and script file type
The EJS file extension is associated with the Embedded JavaScript (EJS) for JavaScriptMVC. EJS is used to clean the HTML out of JavaScript with client side templates. The .ejs file contains Embedded JavaScript template.
Open ejs file, file extension ejs details. A bit more information -

#3 gonwk

gonwk
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 23 January 2013 - 10:27 PM

Hi noknojon,

Thanks for your reply and the Resources.

I suppose from some articles that I have seen in past, Java is vulernable and can be Hacked ... so I suppose the author of this .EJS file can have loaded it up with some Commands to do some Nasty Stuff!!!

But still, if I can get some more Clarification on my Q's would really be helpful!

Thanks again,

G! :)
Totally a Newbie, Eager to Learn!

#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 AM

Posted 24 January 2013 - 03:29 AM

I suppose from some articles that I have seen in past, Java is vulernable and can be Hacked

You are confusing Java and JavaScript. They are not the same. What you read about Java vulnerabilities does not apply to JavaScript, and vice versa.

Where did you get this eps file from? It looks like you don't trust it.
Is xxxx.settings.xxxx.xxxx.ejs the real name, or did you edit that name?

Edited by Didier Stevens, 24 January 2013 - 03:29 AM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 gonwk

gonwk
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 24 January 2013 - 08:38 PM

Hi Didier Stevens,

Thanks for Clarification ... and you are right, I am hesitant and not sure if I should run a Script if I don't know what it has in it.

Q1: So can someone Hide Commands in a Script to activate Back-Door or Trojans?

Thanks,

G!:)
Totally a Newbie, Eager to Learn!

#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:26 PM

Posted 26 January 2013 - 11:13 PM

<< Q1: Can the Author of the file Hide commands in it that it can install TROJANS & VIRUS on my laptop? >>
Hi -
I can add a redirect, or similar script, and I am always still learning. So if I can add one then anybody can.
Without scanning the script and knowing exactly what is in it, there is no other answer that I can leave -

Basic answer that I can leave. Unless Didier Stevens can add to that -

Thank You -

#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 AM

Posted 27 January 2013 - 08:03 AM

Correct noknojon.

FYI: I was able to analyze a similar file, and it is not Embedded JavaScript. In my opinion it is an encrypted file, so there's not much I can say about it.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#8 gonwk

gonwk
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 28 January 2013 - 03:04 PM

Hi folks,

Thanks "noknojon" and "Didier" for your Help & Comments.

I guess I will skip using this file.

Appreciate all the Help!

G!:)

Edited by gonwk, 28 January 2013 - 03:04 PM.

Totally a Newbie, Eager to Learn!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users