Threat Database Trojans Trojan.BadJoke.XA

Trojan.BadJoke.XA

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.BadJoke.XA
Signature status: No Signature

Known Samples

MD5: 615d04a80c94f9e36efb9c567a8afc34
SHA1: cb3b158ce9b5a0eef3097c55c226e6084a4f4877
SHA256: 9F2C6D14A476D10615FE8E099EF8F87681B80382665B81C041EB5128AE7C7CB8
File Size: 466.43 KB, 466432 bytes
MD5: 899fabe6877fb5161207aa0efdb47c3c
SHA1: 6188fceca7630d20ce8d4465c48b76ce9e3354fb
SHA256: A7EB5D8DD57A540179EA000ADE82B862F76F14253423678A98E7976ABEDD2032
File Size: 264.70 KB, 264704 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • Wither 5 Game
  • WobbyCorp (C) 2017
File Description
  • Magnesium Malware
  • Melt Your Screen
File Version
  • 4.5.1.7
  • 1.0.0.0
Internal Name
  • Magnesium.exe
  • ScreenMelter.exe
Legal Copyright
  • Copyright (C) 2022
  • Copyright WobbyCorp (C) 2017
Original Filename
  • Magnesium.exe
  • ScreenMelter.exe
Product Name
  • Magnesium
  • ScreenMelter
Product Version
  • 3.0.0.0
  • 0.0.0.0

File Traits

  • HighEntropy
  • ntdll
  • x86

Block Information

Total Blocks: 557
Potentially Malicious Blocks: 12
Whitelisted Blocks: 511
Unknown Blocks: 34

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? 0 0 0 0 0 ? ? ? ? ? x ? ? x ? x x ? ? x x x x ? ? ? ? ? ? x ? ? x ? ? ? ? ? x x ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 2 0 0 0 0 1 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 1 1 1 1 1 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.HJDD
  • BadJoke.XA
  • Delf.SC
  • Injector.GEA

Files Modified

File Attributes
\device\harddisk0\dr0 Generic Read,Generic Execute,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 786496

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\control\crashcontrol::displayprereleasecolor ￿￿ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\system::disabletaskmgr  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\system::disableregistrytools  RegNtPreCreateKey
HKCU\software\policies\microsoft\windows\system::disablecmd  RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • WinExec

Shell Command Execution

taskown /f %systemroot%system32 && taskown /f %userprofile% && icacls %systemroot%System32 /grant %username%:F && icacls %userprofile% /grant %username%:F

Trending

Most Viewed

Loading...