Joyxoff[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Joyxoff.exe
Size

2.9MB
MD5

e59c2f361b1cbb2ce5059cd1432f8e1c
SHA1

f28904f2a5bc2c2fcf7d6344ea2c14e69dba7bd3
SHA256

f75dfc6eca53248b05de3b312f2f5d858b1a86091135b6d26aeb000b5b7cd0bb
SHA512

3a7be40f7f623576c2cf81376f2ef79cb75187f6012b79d82d163f179f0c26439b462cd79aed33fd49e6507dbf6ec4159d93da75d4f8b689eeae6f981020519e
SSDEEP

49152:cFujVdIOBaLkpB54VKcd0U99yfTU2S2UjuFMDc3g1o6OreMNK90:SWVuOBanKu999u5S29mDOr7NK90

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Joyxoff.exe

Files

Joyxoff.exe
.exe windows:6 windows x86

d1879b547e942b1f0a1bb1e4c8306a14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleW
SetEndOfFile
HeapSize
GetTimeZoneInformation
FlushFileBuffers
GetStringTypeW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetStdHandle
MultiByteToWideChar
GetCurrentDirectoryW
SetFilePointerEx
GetFileSizeEx
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
CreateDirectoryW
HeapFree
HeapAlloc
GetStdHandle
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RaiseException
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
GetUserDefaultLocaleName
GetLocaleInfoEx
ConnectNamedPipe
Process32FirstW
Process32NextW
ProcessIdToSessionId
CreateToolhelp32Snapshot
DisconnectNamedPipe
CreateNamedPipeW
ReadFile
GetFileAttributesW
GetUserDefaultUILanguage
Sleep
GlobalUnlock
GlobalLock
QueryFullProcessImageNameW
WTSGetActiveConsoleSessionId
OpenProcess
FreeLibrary
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
NormalizeString
GetModuleFileNameW
lstrcmpiW
GetExitCodeProcess
CreateFileW
WriteFile
GetModuleHandleW
LocalFree
CloseHandle
SetEvent
CreateEventW
OpenEventW
WaitForSingleObject
lstrcatW
VerifyVersionInfoW
VerSetConditionMask
lstrcpyW
FindResourceW
LoadResource
CreateThread
LockResource
FreeResource
ReleaseMutex
CreateMutexW
SizeofResource
MulDiv
lstrcmpW
GetLastError
lstrlenW
SetLastError
DecodePointer

user32

SystemParametersInfoW
MapVirtualKeyW
PostMessageW
GetKeyboardLayoutNameW
GetKeyboardLayout
ActivateKeyboardLayout
SendInput
GetShellWindow
QueryDisplayConfig
GetDisplayConfigBufferSizes
GetClassNameW
GetDesktopWindow
SetDisplayConfig
IsWindowEnabled
MapVirtualKeyExW
VkKeyScanExW
GetKeyState
CheckDlgButton
GetDlgItemInt
MapWindowPoints
DrawIcon
UpdateWindow
KillTimer
UnhookWinEvent
GetMonitorInfoW
MonitorFromWindow
AdjustWindowRect
SetPropW
GetWindowTextW
EndPaint
BeginPaint
ReleaseDC
InvalidateRect
PtInRect
DrawIconEx
DrawTextW
GetClientRect
GetCapture
LoadCursorW
SetFocus
DestroyIcon
ShowWindow
RegisterClassExW
SetWindowTextW
UnregisterClassW
SendMessageW
CreateWindowExW
FillRect
SetWindowPos
IsWindowVisible
GetDC
DestroyWindow
CallWindowProcW
DefWindowProcW
GetWindowTextLengthW
GetWindowLongW
GetSystemMetrics
SetLayeredWindowAttributes
RegisterClassW
GetAsyncKeyState
EnableWindow
GetCursorPos
SetForegroundWindow
GetParent
AppendMenuW
InsertMenuW
DestroyMenu
TrackPopupMenu
CreatePopupMenu
CopyImage
RegisterWindowMessageW
SetWinEventHook
PostQuitMessage
GetDlgItem
FindWindowW
TranslateMessage
MessageBoxA
IsDlgButtonChecked
CheckMenuItem
IsDialogMessageW
SetTimer
DispatchMessageW
IsWindow
MessageBoxW
FindWindowExW
GetMessageW
ReleaseCapture
GetWindowThreadProcessId
RemoveMenu
RemovePropW
GetPropW
ScrollWindow
GetScrollInfo
SetScrollInfo
SetMenuItemInfoW
IsZoomed
SetWindowPlacement
GetWindowInfo
GetWindowPlacement
SetWindowLongW
SetCursor
SetCapture
TrackMouseEvent
ClientToScreen
ScreenToClient
GetMenuItemCount
GetWindowRect
GetSystemMenu
PeekMessageW
OpenWindowStationW
OpenDesktopW
OpenInputDesktop
SetProcessWindowStation
GetForegroundWindow
CloseDesktop
SetThreadDesktop
RealGetWindowClassW
IsIconic
LoadImageW
GetIconInfo
CreateIconIndirect
CloseWindowStation

gdi32

CreateFontIndirectW
CreateFontW
GetPixel
GetCurrentObject
CreateDIBSection
GetBitmapBits
SetDIBits
LineTo
CreatePen
MoveToEx
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
CreateSolidBrush
DeleteObject
SetStretchBltMode
SetBkColor
SetDCBrushColor
GetObjectW
SetBkMode
SetTextColor
GetTextExtentPoint32W
DeleteDC
GetDeviceCaps
GetStockObject
GetTextMetricsW
StretchBlt

advapi32

RegSetValueExW
InitializeSecurityDescriptor
RegQueryValueExA
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
SetTokenInformation
OpenProcessToken
CreateProcessAsUserW
RevertToSelf
ImpersonateLoggedOnUser
DuplicateTokenEx
CloseServiceHandle
OpenSCManagerW
ControlService
OpenServiceW
RegOpenKeyExA
RegGetValueW
RegDeleteValueW
SetSecurityDescriptorDacl
RegCloseKey
RegOpenCurrentUser
RegOpenKeyExW

shell32

CommandLineToArgvW
DragQueryFileW
SHCreateItemFromParsingName
SHGetKnownFolderPath
SHGetStockIconInfo
Shell_NotifyIconW
ShellExecuteW
ExtractAssociatedIconW
SHCreateDirectoryExW
ShellExecuteExW
SHGetDesktopFolder
ord6

ole32

CoTaskMemFree
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoUninitialize
OleInitialize
OleUninitialize
CoInitializeEx
CoCreateInstance
ReleaseStgMedium

wtsapi32

WTSUnRegisterSessionNotification
WTSFreeMemory
WTSRegisterSessionNotification
WTSQueryUserToken
WTSQuerySessionInformationW

gdiplus

GdipCreatePath
GdipCreateSolidFill
GdipFillPath
GdipSetPixelOffsetMode
GdipDrawPath
GdipSetSmoothingMode
GdipGetImageGraphicsContext
GdipDeletePath
GdipAddPathArc
GdipDeletePen
GdipCreateBitmapFromScan0
GdipClosePathFigures
GdipImageRotateFlip
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipAlloc
GdipDrawImageRectI
GdipDisposeImage
GdipSetInterpolationMode
GdipFree
GdipCreateFromHDC
GdipCreateBitmapFromHICON
GdipDeleteGraphics
GdipDeleteBrush
GdiplusShutdown
GdiplusStartup
GdipCreatePen1
GdipFillRectangleI

dwrite

DWriteCreateFactory

d3d11

D3D11CreateDevice

d2d1

ord1

dwmapi

DwmIsCompositionEnabled
DwmExtendFrameIntoClientArea

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

shlwapi

StrStrIW
StrTrimW
PathIsDirectoryW
PathFindFileNameW
PathFindExtensionW
PathRemoveExtensionW
PathAddExtensionW
StrToIntExW
ord12
PathCombineW

winmm

PlaySoundW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

inet_pton

winhttp

WinHttpOpenRequest
WinHttpConnect
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpReadData
WinHttpOpen
WinHttpCloseHandle
WinHttpQueryHeaders

Sections

.text
Size: 539KB - Virtual size: 539KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1879b547e942b1f0a1bb1e4c8306a14

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

wtsapi32

gdiplus

dwrite

d3d11

d2d1

dwmapi

userenv

shlwapi

winmm

version

ws2_32

winhttp

Sections

.text Size: 539KB - Virtual size: 539KB

.rdata Size: 188KB - Virtual size: 188KB

.data Size: 15KB - Virtual size: 34KB

.rsrc Size: 2.1MB - Virtual size: 2.1MB

.reloc Size: 47KB - Virtual size: 46KB

.text
Size: 539KB - Virtual size: 539KB

.rdata
Size: 188KB - Virtual size: 188KB

.data
Size: 15KB - Virtual size: 34KB

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

.reloc
Size: 47KB - Virtual size: 46KB