The malicious Java applet is downloaded.If your system is not vulnerable or is patched, the attack stops. From the user perspective, it is impossible to tell if the attack was successful or not. If the exploit is successful, it downloads and executes a malicious binary, which calls to another domain or IP xxx.xxx.xxx.xxx
The exe analysis reveals the clear story behind the attack. The file details are as follow:
File: hi.exe Size: 16896
The execution of this file has the follwoing aftermath:
[+] It deletes legitimate Portable Media Serial Number Service MsPMSNSv.dll from C:\WINDOWS\System32
[+] It copies a malicious dll file named mspmsnsv.dll to C\WINDOWS\system32
[+] “Portable Media Serial Number Service” (WmdmPmSN in the registry) is found to be running.
The exploit has been successfully added in Metasploit. Till date, no patch is available. It is advised to all users to avoid downgrading their java version.