SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  JScript.Jukiwad.A
JScript.Jukiwad.A is an Exploit. An Exploit is a piece of software or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behaviour to occur on computer software. Attackers usually use an exploit to deliver a payload on the victims system.

Mutexes created
  • Nothing to report


Directory level activity
    • Nothing to report


    File level activity
      • Nothing to report


      Registry level activity
      • write - registry - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ListC:\DOCUME~1\TestMachine\LOCALS~1\Temp\33e18e1a4b5055f0cb6e26dd78947938.bin


      Library level activity
      • load - library - KERNEL32
      • load - library - kernel32.DLL
      • load - library - C:\WINDOWS\system32\uxtheme.dll
      • load - library - uxtheme.dll
      • load - library - ntdll.dll


      Process API calls used
      • VirtualProtectEx
      • ZwMapViewOfSection
      • NtCreateSection
      • VirtualProtectEx


      Registry API calls used
      • RegOpenKeyExW
      • RegOpenKeyExA
      • RegQueryValueExA
      • RegCloseKey
      • RegQueryValueExW
      • RegEnumValueW
      • RegCreateKeyExA
      • RegCreateKeyExW
      • RegSetValueExW
      • RegCloseKey


      System API calls used
      • LdrGetDllHandle
      • LdrGetProcedureAddress
      • LdrLoadDll
      • IsDebuggerPresent
      • LdrGetDllHandle


      Filesystem API calls used
      • NtCreateFile

      Network

      UDP source >> destination
      • 192.168.30.1 >> 192.168.30.254
      • 192.168.30.1 >> 192.168.30.255
      • 192.168.30.1 >> 8.8.8.8
      • 192.168.30.254 >> 192.168.30.1


      TCP source >> destination
      • 192.168.30.1 >> 192.168.30.254



      Domains:
      • yahoo.com with IP - 72.30.35.9
      • mta5.am0.yahoodns.net with IP - 67.195.228.94

      DNS Request:
      • mta5.am0.yahoodns.net
      • yahoo.com

      HTTP Request:
      • NA

      DLL related data
      Number of DLL's imported = 3
      • KERNEL32.dll
      • USER32.dll
      • GDI32.dll


      Relevant Information