JJSploit[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

JJSploit.exe
Size

10.5MB
MD5

e59012474c711e0db071950d859bac42
SHA1

2a1839c61829b70874aaecd41d76a03b8c6cb5dc
SHA256

5bd65131cad50c58ae916818d54abe44c014854db770aa71a9933293939ad576
SHA512

61e94c2949d9f08d2ce37dbe5687cc8ff68b274e2ee56d530870a977773a1e04ac58bca4f550887790f0d31534d862cdc869a90621c03ebf030cf73b41fd5774
SSDEEP

98304:cmnvcwo6FMJAAqD+YJTmUmGs0ITIECta99bUHp1TdZiyAIxlh/H:xUHrdqeUGB9bU3dZH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JJSploit.exe

Files

JJSploit.exe
.exe windows:6 windows x64 arch:x64

2b50f48eb617eef8a4591e4ff868f49a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

JJSploit.pdb

Imports

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

bcryptprimitives

ProcessPrng

ntdll

NtWriteFile
NtQueryInformationProcess
RtlLookupFunctionEntry
NtCancelIoFileEx
NtQuerySystemInformation
RtlCaptureContext
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
RtlVirtualUnwind
RtlUnwindEx
RtlGetVersion
RtlPcToFileHeader
NtReadFile

kernel32

EncodePointer
RaiseException
HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary
GetModuleFileNameW
SetThreadErrorMode
IsProcessorFeaturePresent
lstrlenW
SetUnhandledExceptionFilter
SetFileTime
DeleteCriticalSection
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
LoadLibraryA
GetSystemTimeAsFileTime
SleepConditionVariableSRW
WaitForSingleObject
WakeAllConditionVariable
FormatMessageW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetProcAddress
GetUserDefaultUILanguage
LCIDToLocaleName
GetLastError
LoadLibraryW
LoadLibraryExW
GetModuleHandleW
DeviceIoControl
GetVolumeInformationW
GetDriveTypeW
ReadProcessMemory
GetCurrentThreadId
CloseHandle
VirtualQueryEx
InitializeCriticalSectionAndSpinCount
GetProcessIoCounters
CreateMutexA
WaitForSingleObjectEx
GetTempPathW
CreateThread
WideCharToMultiByte
WriteConsoleW
MultiByteToWideChar
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
GetFullPathNameW
WaitForMultipleObjects
ReadFileEx
CreateNamedPipeW
ExitProcess
SetEnvironmentVariableW
CancelIo
CreateEventW
GetFinalPathNameByHandleW
CreateHardLinkW
CreateSymbolicLinkW
DeleteFileW
GetSystemTimes
TlsAlloc
TlsGetValue
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
FindClose
FindNextFileW
ReleaseMutex
HeapReAlloc
GetSystemTimePreciseAsFileTime
QueryPerformanceFrequency
TerminateProcess
SleepEx
WriteFileEx
GetStdHandle
SetFilePointerEx
SetFileInformationByHandle
GetCommandLineW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
QueryPerformanceCounter
GetFileAttributesW
OutputDebugStringA
OutputDebugStringW
TlsSetValue
OpenProcess
CreateFileW
GetCurrentProcessId
GetEnvironmentVariableW
SetWaitableTimer
GetExitCodeProcess
CreateWaitableTimerExW
SwitchToThread
GetCurrentThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
GetProcessTimes
GetDiskFreeSpaceExW
DeleteProcThreadAttributeList
GetLogicalDrives
FreeEnvironmentStringsW
GlobalMemoryStatusEx
GetTickCount64
MoveFileExW
SetFileAttributesW
GetConsoleMode
GetFileInformationByHandle
GetModuleHandleA
GetSystemInfo
LocalFree
Sleep
GetOverlappedResult
ReadFile
PostQueuedCompletionStatus
SetFileCompletionNotificationModes
GetQueuedCompletionStatusEx
CreateIoCompletionPort
TlsFree
SetHandleInformation
DuplicateHandle
GetCurrentProcess

user32

GetAsyncKeyState
GetKeyboardState
CreateAcceleratorTableW
SetForegroundWindow
RegisterClassExW
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
MapVirtualKeyExW
VkKeyScanW
IsWindowVisible
AdjustWindowRectEx
GetWindowRect
MonitorFromPoint
GetKeyboardLayout
EnumDisplayMonitors
CreateIcon
PostQuitMessage
SendInput
AppendMenuW
CreateMenu
SetMenuItemInfoW
CheckMenuItem
GetWindowLongPtrW
SetWindowDisplayAffinity
GetMenu
ShowCursor
ClipCursor
GetClipCursor
SetWindowLongW
ToUnicodeEx
SendMessageW
EnableMenuItem
RegisterWindowMessageA
GetSystemMenu
ShowWindow
MonitorFromWindow
GetKeyState
GetMessageA
GetRawInputData
DispatchMessageA
GetWindowPlacement
SetWindowPlacement
CloseTouchInputHandle
EnumChildWindows
DestroyAcceleratorTable
ChangeDisplaySettingsExW
MapVirtualKeyW
GetTouchInputInfo
TrackMouseEvent
MonitorFromRect
GetWindowLongW
ScreenToClient
GetUpdateRect
FlashWindowEx
DefWindowProcW
PostThreadMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetAncestor
GetMessageW
DestroyIcon
SetCapture
DestroyWindow
GetForegroundWindow
ValidateRect
SetCursor
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
IsProcessDPIAware
SetCursorPos
InvalidateRgn
SetWindowPos
GetClientRect
ClientToScreen
PostMessageW
ReleaseCapture
GetCursorPos
IsIconic
GetActiveWindow
SetMenu
RedrawWindow
GetDC
GetMonitorInfoW
SystemParametersInfoA
LoadCursorW

gdi32

DeleteObject
CreateRectRgn
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

ole32

CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize
RegisterDragDrop
CoTaskMemFree
RevokeDragDrop
CoTaskMemAlloc

comctl32

TaskDialogIndirect
SetWindowSubclass
DefSubclassProc
RemoveWindowSubclass

shell32

SHCreateItemFromParsingName
SHGetKnownFolderPath
CommandLineToArgvW
DragQueryFileW
ShellExecuteW
SHAppBarMessage
DragFinish

oleaut32

SysFreeString
SetErrorInfo
GetErrorInfo
SysAllocString
SysStringLen
VariantClear

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
GetTokenInformation
OpenProcessToken
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegGetValueW
SystemFunction036
LookupAccountSidW
CopySid
GetLengthSid
IsValidSid

pdh

PdhAddEnglishCounterW
PdhCollectQueryData
PdhOpenQueryA
PdhCloseQuery
PdhRemoveCounter
PdhGetFormattedCounterValue

powrprof

CallNtPowerInformation

psapi

GetPerformanceInfo
GetModuleFileNameExW

iphlpapi

FreeMibTable
GetIfTable2
GetAdaptersAddresses
GetIfEntry2

netapi32

NetUserEnum
NetUserGetInfo
NetUserGetLocalGroups
NetApiBufferFree

secur32

AcceptSecurityContext
FreeContextBuffer
InitializeSecurityContextW
AcquireCredentialsHandleA
EncryptMessage
QueryContextAttributesW
LsaEnumerateLogonSessions
DecryptMessage
LsaFreeReturnBuffer
FreeCredentialsHandle
LsaGetLogonSessionData
ApplyControlToken
DeleteSecurityContext

uxtheme

SetWindowTheme

bcrypt

BCryptGenRandom

ws2_32

getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
closesocket
WSAGetLastError
WSAIoctl
setsockopt
WSASend
send
recv
shutdown
getsockopt
ioctlsocket
connect
bind
WSASocketW
getpeername
getsockname

crypt32

CertDuplicateStore
CertAddCertificateContextToStore
CertFreeCertificateContext
CertEnumCertificatesInStore
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertDuplicateCertificateChain
CertCloseStore
CertOpenStore
CertDuplicateCertificateContext
CertFreeCertificateChain

api-ms-win-crt-string-l1-1-0

strlen
strcpy_s
wcsncmp
wcslen
_wcsicmp

api-ms-win-crt-math-l1-1-0

floor
__setusermatherr
pow
trunc
round

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc
_set_new_mode
_callnewh

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_configure_narrow_argv
_set_app_type
exit
_exit
__p___argc
__p___argv
_cexit
_c_exit
_initialize_onexit_table
abort
_register_thread_local_exe_atexit_callback
_seh_filter_exe
terminate
_register_onexit_function
_crt_atexit

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 310KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b50f48eb617eef8a4591e4ff868f49a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

ntdll

kernel32

user32

gdi32

dwmapi

ole32

comctl32

shell32

oleaut32

advapi32

pdh

powrprof

psapi

iphlpapi

netapi32

secur32

uxtheme

bcrypt

ws2_32

crypt32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 5.7MB - Virtual size: 5.7MB

.rdata Size: 4.4MB - Virtual size: 4.4MB

.data Size: 13KB - Virtual size: 24KB

.pdata Size: 310KB - Virtual size: 309KB

.rsrc Size: 23KB - Virtual size: 22KB

.reloc Size: 51KB - Virtual size: 51KB

.text
Size: 5.7MB - Virtual size: 5.7MB

.rdata
Size: 4.4MB - Virtual size: 4.4MB

.data
Size: 13KB - Virtual size: 24KB

.pdata
Size: 310KB - Virtual size: 309KB

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 51KB - Virtual size: 51KB