JJSploit[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

JJSploit.exe
Size

10.4MB
MD5

b3d9dd590aca552fa889ada909282a72
SHA1

5e7344ee001b4cf541f539f1c3ddc4cbcd39bdc6
SHA256

601a6721f634bf8c81633679f9692b3396d091cfde58e9f84b9065e0c0ce5528
SHA512

59a9e131b16dd93d31684b78ccdd114fc90ff447f537d5e73fed41bd18698747d1971a214b79ba5402bcb8ae5d4452ca998377e90e4f2e168c595717c831f815
SSDEEP

98304:Y8IRb5LYIiHue/DN/1mGs0ITIEC3+a99bUHpMSr7uIMC4gCI3D7:YXmIy1Gs9bUr7hMwD7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JJSploit.exe

Files

JJSploit.exe
.exe windows:6 windows x64 arch:x64

791af27acb3fa0593e431c296d38b6b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wearedevs_net.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WaitOnAddress
WakeByAddressSingle

user32

RegisterWindowMessageA
ToUnicodeEx
GetKeyboardLayout
SetForegroundWindow
RegisterClassExW
GetWindowTextW
GetWindowTextLengthW
PostThreadMessageW
DefWindowProcW
FlashWindowEx
SystemParametersInfoA
IsWindowVisible
AdjustWindowRectEx
GetWindowRect
MonitorFromPoint
EnumDisplayMonitors
CreateIcon
PostQuitMessage
SendInput
AppendMenuW
CreateMenu
SetMenuItemInfoW
CheckMenuItem
CreateAcceleratorTableW
GetMessageA
ScreenToClient
GetWindowLongPtrW
SetWindowDisplayAffinity
GetWindowLongW
DispatchMessageA
GetMenu
ShowCursor
PeekMessageW
ClipCursor
DispatchMessageW
MonitorFromRect
GetClipCursor
SetWindowLongW
TranslateMessage
EnableMenuItem
TranslateAcceleratorW
TrackMouseEvent
GetSystemMenu
GetAncestor
GetMessageW
GetForegroundWindow
RegisterTouchWindow
ShowWindow
GetSystemMetrics
GetTouchInputInfo
GetRawInputData
DestroyAcceleratorTable
SendMessageW
DestroyIcon
VkKeyScanW
MapVirtualKeyExW
GetKeyState
GetAsyncKeyState
GetKeyboardState
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
IsProcessDPIAware
GetDC
IsWindow
CreateWindowExW
EnumChildWindows
SetCursorPos
InvalidateRgn
SetWindowPos
GetClientRect
ClientToScreen
ReleaseCapture
GetCursorPos
IsIconic
GetActiveWindow
SetMenu
RedrawWindow
PostMessageW
DestroyWindow
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
MapVirtualKeyW
GetUpdateRect
ValidateRect
SetCursor
LoadCursorW
GetMonitorInfoW
MonitorFromWindow
SetWindowTextW
CloseTouchInputHandle

kernel32

GetFullPathNameW
WaitForMultipleObjects
ReadFileEx
CreateNamedPipeW
ExitProcess
SetEnvironmentVariableW
CancelIo
SetUnhandledExceptionFilter
GetWindowsDirectoryW
CreateProcessW
InitializeProcThreadAttributeList
GetFinalPathNameByHandleW
CreateHardLinkW
CreateSymbolicLinkW
DeleteFileW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
FindClose
FindNextFileW
ReleaseMutex
HeapReAlloc
GetSystemTimePreciseAsFileTime
QueryPerformanceFrequency
GetFileAttributesW
OutputDebugStringA
OutputDebugStringW
GetModuleHandleW
IsProcessorFeaturePresent
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetEnvironmentVariableW
EncodePointer
SleepEx
WriteFileEx
GetStdHandle
SetFilePointerEx
SetFileInformationByHandle
UnhandledExceptionFilter
UpdateProcThreadAttribute
GetCommandLineW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
GetSystemDirectoryW
WriteConsoleW
WideCharToMultiByte
InitializeSListHead
GetSystemTimeAsFileTime
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
FreeLibrary
GetModuleFileNameW
CreateThread
SetThreadErrorMode
lstrlenW
LoadLibraryW
SetFileTime
LCIDToLocaleName
GetUserDefaultUILanguage
GetProcessHeap
GetProcAddress
GetEnvironmentStringsW
HeapFree
FormatMessageW
GetCurrentDirectoryW
SetLastError
GetLastError
LoadLibraryExW
LoadLibraryA
TerminateProcess
LocalFree
WaitForSingleObject
RtlVirtualUnwind
RtlLookupFunctionEntry
GetCurrentProcess
DuplicateHandle
RtlCaptureContext
QueryPerformanceCounter
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
GetCurrentThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
DeleteProcThreadAttributeList
SetHandleInformation
FreeEnvironmentStringsW
GetTempPathW
DeviceIoControl
GetVolumeInformationW
GetDriveTypeW
WaitForSingleObjectEx
CreateMutexA
IsDebuggerPresent
CreateFileW
TlsFree
GetCurrentProcessId
GetDiskFreeSpaceExW
GetLogicalDrives
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
GlobalMemoryStatusEx
GetTickCount64
GetSystemInfo
ReadFile
GetOverlappedResult
OpenProcess
SetFileCompletionNotificationModes
TlsAlloc
Sleep
GetModuleHandleA
GetFileInformationByHandle
GetConsoleMode
SetFileAttributesW
MoveFileExW
GetCurrentThreadId
CloseHandle
TlsGetValue
TlsSetValue
HeapAlloc
CreateEventW
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
GetExitCodeProcess
ReadProcessMemory
VirtualQueryEx

shell32

ShellExecuteW
DragQueryFileW
SHAppBarMessage
DragFinish
SHCreateItemFromParsingName
SHGetKnownFolderPath
CommandLineToArgvW

gdi32

GetDeviceCaps
DeleteObject
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

ole32

RegisterDragDrop
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CoSetProxyBlanket
CoCreateInstance
RevokeDragDrop
CoInitializeSecurity
CoInitializeEx
CoUninitialize
OleInitialize

comctl32

DefSubclassProc
RemoveWindowSubclass
TaskDialogIndirect
SetWindowSubclass

oleaut32

SysStringLen
SysFreeString
GetErrorInfo
SysAllocString
VariantClear
SetErrorInfo

uxtheme

SetWindowTheme

advapi32

IsValidSid
EventRegister
EventSetInformation
EventWriteTransfer
GetLengthSid
EventUnregister
CopySid
LookupAccountSidW
GetTokenInformation
OpenProcessToken
SystemFunction036
RegOpenKeyExW
RegGetValueW
RegCloseKey
RegQueryValueExW

ntdll

NtQueryInformationProcess
NtWriteFile
RtlGetVersion
NtCreateFile
NtReadFile
NtQuerySystemInformation
NtCancelIoFileEx
RtlNtStatusToDosError
NtDeviceIoControlFile

bcrypt

BCryptGenRandom

secur32

FreeCredentialsHandle
AcquireCredentialsHandleA
QueryContextAttributesW
DeleteSecurityContext
LsaEnumerateLogonSessions
LsaFreeReturnBuffer
LsaGetLogonSessionData
InitializeSecurityContextW
FreeContextBuffer
DecryptMessage
AcceptSecurityContext
EncryptMessage
ApplyControlToken

ws2_32

WSACleanup
getaddrinfo
closesocket
freeaddrinfo
WSAStartup
getpeername
getsockname
WSASocketW
bind
connect
ioctlsocket
getsockopt
shutdown
recv
send
WSASend
WSAIoctl
WSAGetLastError
setsockopt

crypt32

CertDuplicateCertificateChain
CertFreeCertificateChain
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertDuplicateStore

psapi

GetPerformanceInfo
GetModuleFileNameExW

pdh

PdhAddEnglishCounterW
PdhCloseQuery
PdhGetFormattedCounterValue
PdhOpenQueryA
PdhCollectQueryData
PdhRemoveCounter

powrprof

CallNtPowerInformation

iphlpapi

GetIfEntry2
FreeMibTable
GetIfTable2
GetAdaptersAddresses

netapi32

NetApiBufferFree
NetUserGetLocalGroups
NetUserEnum
NetUserGetInfo

api-ms-win-crt-string-l1-1-0

strlen
wcsncmp
_wcsicmp
strcpy_s
wcslen

api-ms-win-crt-math-l1-1-0

round
pow
__setusermatherr
trunc
floor

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
calloc
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_cexit
_set_app_type
_initialize_narrow_environment
__p___argv
abort
_get_initial_narrow_environment
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initterm
_exit
exit
__p___argc
_seh_filter_exe

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

791af27acb3fa0593e431c296d38b6b1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

user32

kernel32

shell32

gdi32

dwmapi

ole32

comctl32

oleaut32

uxtheme

advapi32

ntdll

bcrypt

secur32

ws2_32

crypt32

psapi

pdh

powrprof

iphlpapi

netapi32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 5.7MB - Virtual size: 5.7MB

.rdata Size: 4.3MB - Virtual size: 4.3MB

.data Size: 13KB - Virtual size: 24KB

.pdata Size: 304KB - Virtual size: 303KB

.rsrc Size: 23KB - Virtual size: 22KB

.reloc Size: 50KB - Virtual size: 50KB

.text
Size: 5.7MB - Virtual size: 5.7MB

.rdata
Size: 4.3MB - Virtual size: 4.3MB

.data
Size: 13KB - Virtual size: 24KB

.pdata
Size: 304KB - Virtual size: 303KB

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 50KB - Virtual size: 50KB