Error "array type listed, but typecode is not TC_ARRAY: 0x70" #3
Description
I'm trying to analyze serialized payload of malware exploiting CVE-2010-0094,
but get error "error while attempting to decode file: array type listed, but
typecode is not TC_ARRAY: 0x70"
What steps will reproduce the problem?
1. Please find payload vmain.z.ser attached
2. java -jar ./jdeserialize-1.2.jar vmain.z.ser
What is the expected output? What do you see instead?
Expected output -- content, declarations, instance dump.
I receive
error while attempting to decode file vmain.z.ser: array type listed, but
typecode is not TC_ARRAY: 0x70
java.io.IOException: array type listed, but typecode is not TC_ARRAY: 0x70
at org.unsynchronized.jdeserialize.read_FieldValue(jdeserialize.java:228)
at org.unsynchronized.jdeserialize.read_Classdata(jdeserialize.java:181)
at org.unsynchronized.jdeserialize.read_newObject(jdeserialize.java:729)
at org.unsynchronized.jdeserialize.read_Content(jdeserialize.java:760)
at org.unsynchronized.jdeserialize.run(jdeserialize.java:842)
at org.unsynchronized.jdeserialize.main(jdeserialize.java:1186)
What version of the product are you using? On what operating system?
I'm using jdserialize 1.2 on Fedora 16 i686 with
$ java -version
java version "1.6.0_30"
Java(TM) SE Runtime Environment (build 1.6.0_30-b12)
Java HotSpot(TM) Server VM (build 20.5-b03, mixed mode)
Additional information
Payload in malware is deserialized fine, stream seems correct.
Original issue reported on code.google.com by mykola.i...@gmail.com on 16 Nov 2012 at 3:51
Attachments: