Static task
static1
General
-
Target
JJ-Spoofer.exe
-
Size
4.8MB
-
MD5
988715db3572c72f239e1533e4f4e1f5
-
SHA1
b84003fff7a01fadc37b055b589d599cd50ed7ad
-
SHA256
b05f2e8ced41ec1900208b80cc016e8534e16f2775d7a2ad3e534743f0a63619
-
SHA512
68382cbb6a054548ddd416db5ec361f31b2f84b8c8e44ea432a4644a2dacd395d532b56d2204bebbb1e351323b65d3b7389ef2192746fd087e8d776450e4eab2
-
SSDEEP
98304:CX9tKGK6W51mKrMd0OYLUzMtDVsRu0KaLv0bO/eudIS:PG3W51m/d7YLDIu09m4
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource JJ-Spoofer.exe
Files
-
JJ-Spoofer.exe.exe windows:6 windows x64 arch:x64
4dccdb22c6eb3f8c94d24ce02c4178d2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
K32EnumProcessModules
FreeLibrary
GetFileType
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
CreateThread
MapViewOfFile
GetModuleFileNameW
SetLastError
VirtualQuery
GetConsoleWindow
GetEnvironmentVariableA
MultiByteToWideChar
WaitForSingleObjectEx
CreateToolhelp32Snapshot
SetConsoleTitleA
SetConsoleTextAttribute
LocalFree
GetProcAddress
GetModuleHandleW
MoveFileExA
GetTickCount
VirtualFree
VerifyVersionInfoA
LoadLibraryA
GetSystemDirectoryA
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
WideCharToMultiByte
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceFrequency
IsDebuggerPresent
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
GetFileAttributesExW
GetModuleFileNameA
WriteProcessMemory
GetSystemInfo
CreateProcessA
Sleep
CreatePipe
SetHandleInformation
CheckRemoteDebuggerPresent
ReadFile
DeleteFileA
GetStdHandle
UnmapViewOfFile
CreateFileMappingW
CloseHandle
AreFileApisANSI
PeekNamedPipe
GetFileInformationByHandleEx
OutputDebugStringW
SleepEx
LeaveCriticalSection
VirtualProtect
EnterCriticalSection
FormatMessageA
QueryFullProcessImageNameW
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
GetLastError
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
QueryPerformanceCounter
CreateFileW
GetModuleHandleA
GetSystemTimeAsFileTime
CreateEventA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
HeapAlloc
HeapFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetModuleHandleW
LoadResource
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
FlsSetValue
GetCommandLineA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
RtlPcToFileHeader
RtlUnwindEx
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
user32
MessageBoxA
SetWindowPos
SetLayeredWindowAttributes
FindWindowW
SetWindowLongPtrA
GetWindowLongPtrA
advapi32
CryptEncrypt
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidA
CopySid
SetSecurityInfo
GetUserNameA
IsValidSid
InitializeAcl
GetLengthSid
AddAccessAllowedAce
CryptImportKey
ConvertSidToStringSidW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
GetTokenInformation
OpenProcessToken
msvcp140
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setf@ios_base@std@@QEAAHHH@Z
??7ios_base@std@@QEBA_NXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Xbad_function_call@std@@YAXXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_sleep
_Thrd_detach
_Query_perf_frequency
_Query_perf_counter
_Xtime_get_ticks
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
winhttp
WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpConnect
WinHttpCloseHandle
WinHttpReadData
WinHttpOpen
ntdll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtRaiseHardError
VerSetConditionMask
RtlAdjustPrivilege
normaliz
IdnToAscii
wldap32
ord211
ord200
ord30
ord45
ord79
ord50
ord41
ord22
ord217
ord143
ord301
ord35
ord33
ord32
ord27
ord60
ord26
ord46
crypt32
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore
ws2_32
WSAIoctl
setsockopt
ntohs
htons
getsockopt
WSAStartup
WSACleanup
htonl
getsockname
getpeername
connect
listen
ioctlsocket
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
recvfrom
sendto
gethostname
ntohl
bind
WSAGetLastError
send
recv
closesocket
accept
socket
WSASetLastError
shlwapi
PathFindFileNameW
rpcrt4
RpcStringFreeA
UuidCreate
UuidToStringA
psapi
GetModuleInformation
userenv
UnloadUserProfile
vcruntime140
_CxxThrowException
__std_exception_copy
memchr
memcmp
memcpy
__std_terminate
strchr
strstr
memmove
__current_exception_context
__C_specific_handler
__current_exception
strrchr
__std_exception_destroy
memset
vcruntime140_1
__CxxFrameHandler4
api-ms-win-crt-runtime-l1-1-0
strerror
__sys_nerr
_exit
_invalid_parameter_noinfo
__p___argv
_c_exit
_initterm
abort
_getpid
terminate
system
_configure_narrow_argv
_initterm_e
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
__p___argc
_beginthreadex
_resetstkoflw
exit
_errno
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
api-ms-win-crt-heap-l1-1-0
_callnewh
calloc
realloc
_set_new_mode
malloc
free
api-ms-win-crt-utility-l1-1-0
rand
qsort
srand
api-ms-win-crt-convert-l1-1-0
strtoul
atoi
strtod
strtoull
strtoll
strtol
api-ms-win-crt-stdio-l1-1-0
_set_fmode
_get_stream_buffer_pointers
fclose
fflush
_lseeki64
ftell
fgetc
fseek
feof
__stdio_common_vsscanf
fputs
fopen
fgetpos
fputc
fread
__acrt_iob_func
fsetpos
_fseeki64
fwrite
setvbuf
_popen
_pclose
fgets
ungetc
__stdio_common_vsprintf
__p__commode
_open
_close
_write
_read
api-ms-win-crt-filesystem-l1-1-0
_unlink
_access
_unlock_file
_lock_file
remove
_fstat64
_stat64
api-ms-win-crt-math-l1-1-0
_dsign
_dclass
ceilf
__setusermatherr
api-ms-win-crt-time-l1-1-0
strftime
_gmtime64
_localtime64
_time64
_localtime64_s
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
_configthreadlocale
localeconv
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-string-l1-1-0
strncmp
strcmp
strcspn
strpbrk
strncpy
_strdup
isupper
strspn
tolower
shell32
ShellExecuteA
Sections
.text Size: - Virtual size: 743KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 152KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.detourc Size: - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.detourd Size: - Virtual size: 72B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.=P` Size: - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vtS Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vlizer Size: - Virtual size: 3.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ISV Size: - Virtual size: 1.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.qs5 Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.|a1 Size: 4.8MB - Virtual size: 4.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ