JJSploit[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

JJSploit.exe
Size

9.9MB
MD5

9025b1a81a264417aa8aa18a56075f88
SHA1

d3b0c130acd815e9f7430d7f0857b05430420279
SHA256

2a19e43202cef88fdabb63be7811cb4214ed455aeac227ea6a86b19d60a9d14d
SHA512

63ea2d941ba66a30fbd57aee2758129414563e556479ff8e0911c4db0c8d2827ef58750b665e1b630009a730f542f790f771c89c9e5148747b98a4741c334d7c
SSDEEP

196608:mF1nxFQgiJDvuyYHCKNouhiiCbzopC1GmTmYChQ0CnM9M2rpo3xPkWDgfxIO43d7:mF1nxFQgiJDvuyYHCKNouhiiCbzopC1R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JJSploit.exe

Files

JJSploit.exe
.exe windows:6 windows x86 arch:x86

f212b9b898203f30e4f25111809dedeb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\burne\Desktop\JJSploit\src-tauri\target\i686-pc-windows-msvc\release\deps\wearedevs_net.pdb

Imports

kernel32

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CloseHandle
GetCurrentThreadId
GetModuleHandleW
OpenProcess
TerminateProcess
WaitNamedPipeA
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
WaitNamedPipeW
CreateFileW
FlushFileBuffers
DisconnectNamedPipe
ReadFile
WriteFile
CreateNamedPipeW
lstrlenW
GetUserDefaultUILanguage
LCIDToLocaleName
LoadLibraryW
GetProcAddress
LoadLibraryA
GetFileAttributesW
GetModuleFileNameW
GetLastError
OutputDebugStringA
OutputDebugStringW
LoadLibraryExW
FreeLibrary
GetEnvironmentVariableW
SetFileTime
GetProcessHeap
HeapAlloc
HeapFree
FormatMessageW
WaitForSingleObject
GetCurrentProcess
DuplicateHandle
SetHandleInformation
GetCurrentProcessId
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
SetFileCompletionNotificationModes
GetOverlappedResult
Sleep
GetModuleHandleA
GetFileInformationByHandle
SetFileAttributesW
MoveFileExW
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
GetExitCodeProcess
GetTickCount64
GlobalMemoryStatusEx
GetLogicalDrives
GetDiskFreeSpaceExW
GetDriveTypeW
GetVolumeInformationW
DeviceIoControl
GetSystemInfo
SleepConditionVariableSRW
FreeEnvironmentStringsW
ReleaseMutex
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentThread
RtlCaptureContext
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
SetEnvironmentVariableW
GetCommandLineW
SetFileInformationByHandle
SetFilePointerEx
CreateDirectoryW
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceCounter
QueryPerformanceFrequency
HeapReAlloc
WaitForSingleObjectEx
CreateMutexA
FindNextFileW
GetFileInformationByHandleEx
FindFirstFileW
DeleteFileW
CreateSymbolicLinkW
CreateHardLinkW
GetFinalPathNameByHandleW
CreateEventW
CancelIo
GetConsoleMode
ExitProcess
GetFullPathNameW
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
WriteConsoleW
CreateThread
InitOnceBeginInitialize
TlsAlloc
InitOnceComplete
TlsFree
GetSystemTimeAsFileTime
GetTempPathW
DeleteCriticalSection
EncodePointer
RaiseException
RtlUnwind
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
InitializeCriticalSectionAndSpinCount

comctl32

SetWindowSubclass
RemoveWindowSubclass
DefSubclassProc

user32

VkKeyScanW
AdjustWindowRectEx
ShowCursor
GetClipCursor
ClipCursor
ToUnicodeEx
IsWindowVisible
ClientToScreen
SystemParametersInfoA
RegisterClassExW
RegisterWindowMessageA
DestroyAcceleratorTable
EnumChildWindows
MsgWaitForMultipleObjectsEx
MonitorFromRect
PeekMessageW
CreateMenu
PostThreadMessageW
ValidateRect
RedrawWindow
AppendMenuW
CreateAcceleratorTableW
CreateIcon
SetWindowLongW
RegisterRawInputDevices
SetMenuItemInfoW
PostMessageW
CheckMenuItem
MapVirtualKeyExW
ShowWindow
PostQuitMessage
GetClientRect
GetKeyboardState
SetCapture
GetKeyState
TrackMouseEvent
DestroyWindow
GetMenu
DestroyIcon
GetUpdateRect
GetWindowRect
SendMessageW
GetSystemMenu
SetForegroundWindow
MessageBoxW
SetWindowDisplayAffinity
GetAsyncKeyState
MonitorFromPoint
GetRawInputData
SetCursorPos
GetActiveWindow
GetForegroundWindow
SetMenu
ReleaseCapture
GetKeyboardLayout
GetDC
SetWindowTextW
DispatchMessageA
SendInput
IsProcessDPIAware
RegisterTouchWindow
GetSystemMetrics
GetMessageA
GetWindowLongW
IsWindow
CreateWindowExW
InvalidateRgn
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
FlashWindowEx
DefWindowProcW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetAncestor
GetMessageW
MapVirtualKeyW
EnumDisplayMonitors
LoadCursorW
GetMonitorInfoW
SetCursor
SetWindowPos
MonitorFromWindow
GetCursorPos
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
EnableMenuItem

ole32

CoUninitialize
OleInitialize
RegisterDragDrop
CoInitializeEx
CoInitializeSecurity
CoTaskMemAlloc
CreateStreamOnHGlobal
CoSetProxyBlanket
CoCreateInstance
RevokeDragDrop
CoTaskMemFree

ws2_32

closesocket
freeaddrinfo
WSACleanup
WSAStartup
getaddrinfo
WSAIoctl
setsockopt
WSASend
WSAGetLastError
recv
shutdown
getsockopt
ioctlsocket
connect
bind
WSASocketW
getpeername
getsockname
select
send

gdi32

CreateRectRgn
DeleteObject
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

secur32

ApplyControlToken
AcceptSecurityContext
InitializeSecurityContextW
FreeContextBuffer
DecryptMessage
DeleteSecurityContext
LsaGetLogonSessionData
FreeCredentialsHandle
AcquireCredentialsHandleA
LsaEnumerateLogonSessions
LsaFreeReturnBuffer
QueryContextAttributesW
EncryptMessage

crypt32

CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertFreeCertificateContext
CertDuplicateStore
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertFreeCertificateChain

advapi32

OpenProcessToken
GetTokenInformation
IsValidSid
GetLengthSid
CopySid
LookupAccountSidW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SystemFunction036
RegGetValueW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

shell32

SHGetKnownFolderPath
DragFinish
SHCreateItemFromParsingName
DragQueryFileW

uxtheme

SetWindowTheme

oleaut32

GetErrorInfo
SysStringLen
SetErrorInfo
SysFreeString
VariantClear
SysAllocString

ntdll

NtQuerySystemInformation
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx

bcrypt

BCryptGenRandom

pdh

PdhRemoveCounter
PdhAddEnglishCounterW
PdhGetFormattedCounterValue
PdhOpenQueryA
PdhCollectQueryData
PdhCloseQuery

powrprof

CallNtPowerInformation

iphlpapi

GetAdaptersAddresses
GetIfEntry2
GetIfTable2
FreeMibTable

netapi32

NetUserGetInfo
NetUserGetLocalGroups
NetApiBufferFree
NetUserEnum

psapi

GetPerformanceInfo
GetModuleFileNameExW

api-ms-win-crt-math-l1-1-0

round
trunc
floor
__setusermatherr

api-ms-win-crt-string-l1-1-0

wcslen
_wcsicmp
strcpy_s
wcsncmp

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-heap-l1-1-0

calloc
_set_new_mode
free
malloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_seh_filter_exe
terminate
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_controlfp_s
_crt_atexit
_configure_narrow_argv
_register_onexit_function
abort
_initialize_onexit_table

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f212b9b898203f30e4f25111809dedeb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

comctl32

user32

ole32

ws2_32

gdi32

dwmapi

secur32

crypt32

advapi32

shell32

uxtheme

oleaut32

ntdll

bcrypt

pdh

powrprof

iphlpapi

netapi32

psapi

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 5.5MB - Virtual size: 5.5MB

.rdata Size: 4.1MB - Virtual size: 4.1MB

.data Size: 7KB - Virtual size: 9KB

.rsrc Size: 23KB - Virtual size: 22KB

.reloc Size: 198KB - Virtual size: 197KB

.text
Size: 5.5MB - Virtual size: 5.5MB

.rdata
Size: 4.1MB - Virtual size: 4.1MB

.data
Size: 7KB - Virtual size: 9KB

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 198KB - Virtual size: 197KB