JJSploit[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

JJSploit.exe
Size

9.9MB
MD5

7b0cd24f6573f45f707381896445dc20
SHA1

bd49edd9bf4536324f71effa53c0ecac53e074e0
SHA256

5caab958fde69fbae9bd0f3dbee8398ef616c0dc1245cd2c0f17ac9e15c8c777
SHA512

9f76f91edece4c67a956971b803d53a437ea4c4ee8cdb46d21ca6d45ea8e1fec71d77446c864cbdb2310fda1b7ea73d0720d238a3647288a737debc588d7b513
SSDEEP

196608:hG62lrJbyMyyf3e4S6GRkCA++08nwquSNctTL+wZSXjjf5YAJ4dpkA5cKZOECYuE:hG62lrJbyMyyf3e4S6GRkCA++08nwquX

Score

1^/10

Malware Config

Signatures

Files

JJSploit.exe
.exe windows x86

bbc593d632f9b9fe074e5413be6d3bf7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CloseHandle
GetCurrentThreadId
GetModuleHandleW
WaitNamedPipeA
OpenProcess
TerminateProcess
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
WaitNamedPipeW
CreateFileW
FlushFileBuffers
DisconnectNamedPipe
ReadFile
WriteFile
CreateNamedPipeW
lstrlenW
GetUserDefaultUILanguage
LCIDToLocaleName
LoadLibraryW
GetProcAddress
LoadLibraryA
GetFileAttributesW
GetModuleFileNameW
GetLastError
OutputDebugStringA
OutputDebugStringW
LoadLibraryExW
FreeLibrary
GetEnvironmentVariableW
SetFileTime
GetProcessHeap
HeapAlloc
HeapFree
FormatMessageW
SetEvent
WaitForSingleObject
GetCurrentProcess
DuplicateHandle
SetHandleInformation
GetCurrentProcessId
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
SetFileCompletionNotificationModes
GetOverlappedResult
Sleep
GetModuleHandleA
GetFileInformationByHandle
SetFileAttributesW
MoveFileExW
GetTickCount64
GlobalMemoryStatusEx
GetLogicalDrives
GetDiskFreeSpaceExW
GetProcessTimes
GetExitCodeProcess
GetSystemTimes
GetProcessIoCounters
GetSystemInfo
GetDriveTypeW
GetVolumeInformationW
DeviceIoControl
SleepConditionVariableSRW
FreeEnvironmentStringsW
ReleaseMutex
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentThread
RtlCaptureContext
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
SetEnvironmentVariableW
GetCommandLineW
SetFileInformationByHandle
SetFilePointerEx
CreateDirectoryW
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceCounter
QueryPerformanceFrequency
HeapReAlloc
WaitForSingleObjectEx
CreateMutexA
FindNextFileW
GetFileInformationByHandleEx
FindFirstFileW
DeleteFileW
CreateSymbolicLinkW
CreateHardLinkW
GetFinalPathNameByHandleW
CreateEventW
CancelIo
GetConsoleMode
ExitProcess
GetFullPathNameW
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
WriteConsoleW
CreateThread
InitOnceBeginInitialize
TlsAlloc
InitOnceComplete
TlsFree
GetSystemTimeAsFileTime
GetTempPathW
RaiseException
RtlUnwind
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
ResetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
EncodePointer

comctl32

SetWindowSubclass
RemoveWindowSubclass
DefSubclassProc

user32

GetKeyboardLayout
RegisterRawInputDevices
ToUnicodeEx
AppendMenuW
CreateAcceleratorTableW
ShowWindow
PostQuitMessage
GetKeyboardState
GetDC
GetKeyState
GetAsyncKeyState
MapVirtualKeyExW
DestroyAcceleratorTable
DestroyIcon
EnumDisplayMonitors
RegisterClassExW
RegisterWindowMessageA
SetCapture
MonitorFromPoint
SetWindowLongW
GetWindowLongW
DestroyWindow
VkKeyScanW
TrackMouseEvent
PostMessageW
MonitorFromRect
AdjustWindowRectEx
ShowCursor
EnumChildWindows
GetUpdateRect
CheckMenuItem
MsgWaitForMultipleObjectsEx
PeekMessageW
GetSystemMenu
GetClipCursor
ClientToScreen
ClipCursor
IsWindowVisible
PostThreadMessageW
ValidateRect
RedrawWindow
GetClientRect
GetTouchInputInfo
EnableMenuItem
SystemParametersInfoA
CreateIcon
SendMessageW
GetMenu
CreateMenu
GetWindowRect
IsProcessDPIAware
SetCursorPos
GetActiveWindow
GetForegroundWindow
SetMenu
ReleaseCapture
MessageBoxW
GetRawInputData
SetForegroundWindow
SendInput
SetWindowTextW
DispatchMessageA
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
InvalidateRgn
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
FlashWindowEx
DefWindowProcW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetAncestor
GetMessageW
MapVirtualKeyW
GetMessageA
LoadCursorW
GetMonitorInfoW
SetCursor
SetWindowPos
MonitorFromWindow
GetCursorPos
CloseTouchInputHandle
ScreenToClient
SetWindowDisplayAffinity
SetMenuItemInfoW

ole32

CoCreateInstance
CoTaskMemFree
CoSetProxyBlanket
CoInitializeSecurity
RevokeDragDrop
CoInitializeEx
RegisterDragDrop
OleInitialize
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemAlloc

ws2_32

closesocket
freeaddrinfo
WSACleanup
WSAStartup
getaddrinfo
WSAIoctl
setsockopt
WSASend
WSAGetLastError
recv
shutdown
getsockopt
ioctlsocket
connect
bind
WSASocketW
getpeername
getsockname
select
send

gdi32

CreateRectRgn
DeleteObject
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

secur32

DecryptMessage
EncryptMessage
ApplyControlToken
LsaFreeReturnBuffer
InitializeSecurityContextW
AcceptSecurityContext
FreeCredentialsHandle
AcquireCredentialsHandleA
FreeContextBuffer
LsaEnumerateLogonSessions
QueryContextAttributesW
DeleteSecurityContext
LsaGetLogonSessionData

crypt32

CertOpenStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertDuplicateStore
CertCloseStore
CertFreeCertificateContext
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertDuplicateCertificateChain

advapi32

OpenProcessToken
GetTokenInformation
IsValidSid
GetLengthSid
EventWriteTransfer
CopySid
LookupAccountSidW
EventUnregister
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SystemFunction036
EventRegister
EventSetInformation
RegGetValueW

shell32

SHGetKnownFolderPath
DragFinish
DragQueryFileW
SHCreateItemFromParsingName

uxtheme

SetWindowTheme

oleaut32

SysAllocString
SysStringLen
SysFreeString
SetErrorInfo
GetErrorInfo
VariantClear

ntdll

NtCancelIoFileEx
NtCreateFile
NtQuerySystemInformation
RtlNtStatusToDosError
NtDeviceIoControlFile

bcrypt

BCryptGenRandom

pdh

PdhOpenQueryA
PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhCollectQueryData
PdhCloseQuery
PdhRemoveCounter

powrprof

CallNtPowerInformation

iphlpapi

GetIfEntry2
GetIfTable2
GetAdaptersAddresses
FreeMibTable

netapi32

NetUserEnum
NetUserGetInfo
NetUserGetLocalGroups
NetApiBufferFree

psapi

GetPerformanceInfo
GetModuleFileNameExW

api-ms-win-crt-math-l1-1-0

trunc
round
__setusermatherr
floor

api-ms-win-crt-string-l1-1-0

wcslen
_wcsicmp
strcpy_s
wcsncmp

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
_callnewh
calloc
free

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
abort
_get_initial_narrow_environment
_initterm
_initterm_e
_initialize_narrow_environment
_exit
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_set_app_type
_initialize_onexit_table
_seh_filter_exe
terminate
exit
_controlfp_s
_register_onexit_function

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbc593d632f9b9fe074e5413be6d3bf7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comctl32

user32

ole32

ws2_32

gdi32

dwmapi

secur32

crypt32

advapi32

shell32

uxtheme

oleaut32

ntdll

bcrypt

pdh

powrprof

iphlpapi

netapi32

psapi

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 5.5MB - Virtual size: 5.5MB

.rdata Size: 4.1MB - Virtual size: 4.1MB

.data Size: 7KB - Virtual size: 9KB

.rsrc Size: 23KB - Virtual size: 22KB

.reloc Size: 198KB - Virtual size: 197KB

.text
Size: 5.5MB - Virtual size: 5.5MB

.rdata
Size: 4.1MB - Virtual size: 4.1MB

.data
Size: 7KB - Virtual size: 9KB

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 198KB - Virtual size: 197KB