40dfa38b39ee57136c51673dd0cbbebb

Sharing

Copy URL Twitter E-mail

General

Target

40dfa38b39ee57136c51673dd0cbbebb
Size

128KB
MD5

40dfa38b39ee57136c51673dd0cbbebb
SHA1

32240b44dfdb750056ab16a69e702d09fd09c0e5
SHA256

307316186307cc964bd69a303f7db1d21abc3698084b38bc485b02e36cb6e11c
SHA512

2005e0868b7060e64d03dd3c9a0c18fc3a2bafbe4051d9d49cf14e1552667e9ad5e0b4accdba6050400dd17c98b52a611fc257e6808d9bea510401273cf709cf
SSDEEP

1536:Onjr99sn4u5ZhJ3Te/ugdDiSApewQXYtfWUJfNgchPkmki1RZtNoCmMVn9LAHE1O:X5Ri1mTMupJl7J0caMVny2uk/BW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/357721/JBSTRDLL.DLL

Files

40dfa38b39ee57136c51673dd0cbbebb
.rar
357721/.TV
357721/DBDWORK.INI
357721/DBTYPE.txt
357721/DelForExp.cfg
357721/EncryptIt.dcu
357721/EncryptIt.pas
357721/JBSTR.PAS
.js
357721/JBSTRDLL.DLL
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

AddLastChar
CapitalizeWord
Center
CenterCh
Change
ChangeWord
CharStr
CleanFileName
Count
DefaultExtension
Detab
Doc
Entab
ExtractWord
Flop
ForceExtension
Form
GetEnd
GetFirstWord
GetLastWord
GetPos
HasExtension
Hash
InsWord
Int2Roman
JustExtension
JustFilename
JustName
JustPathname
LeftPad
LeftPadCh
LoCase
Long2Str
MakeStr
Mask
Mult
Null
Num
PackNum
Pad
PadCh
PopWord
Push
Real2Str
RemLastChar
Roman2Int
ShortDirName
ShortFileName
Smash
Space
Str2Int
Str2Long
Str2Real
Str2Word
Str3Long
StrLoCase
StrStr
StrUpCase
StrUpCaseNoCs
Strip
TestDosName
Trans
Trim
TrimLead
TrimTrail
Turn
UnpackNum
UpCase
Version
WordCount
WordWrap
ZeroClip
Zip
htmlSrcEmail

Sections

CODE
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
357721/JBStr.dcu
357721/M99 介绍文件.doc
.doc windows office2003
357721/M99ReadMe.txt
357721/M99家庭财账管理软件软件说明.doc
.doc windows office2003
357721/MONEYBAK.BAK
357721/PWD.BAK
357721/ShowDB.yy1
357721/Tools.dcu
357721/Tools.pas
357721/ViewYY.dcu
357721/ViewYY.dfm
357721/ViewYY.pas
357721/ViewYY.~df
357721/ViewYY.~pa
357721/YYEditor$$$
357721/YYEditor.cfg
357721/YYEditor.dof
357721/YYEditor.dpr
357721/YYEditor.dsk
357721/YYEditor.res
357721/YYEditor.~dp
357721/append.yy1
357721/bulbon.bmp
357721/buttons/about.yy1
357721/buttons/append.yy1
357721/buttons/delete.yy1
357721/buttons/edit.yy1
357721/buttons/end.yy1
357721/buttons/help.yy1
357721/buttons/query.yy1
357721/buttons/setup.yy1
357721/buttonsBMP/EQUERRE2.bmp
357721/buttonsBMP/FINANCE.ICO
357721/buttonsBMP/bulbon.bmp
357721/buttonsBMP/crdfile3.bmp
357721/buttonsBMP/desk.ico
357721/buttonsBMP/doorshut.bmp
357721/buttonsBMP/edit.bmp
357721/buttonsBMP/erase.bmp
357721/buttonsBMP/globe.bmp
357721/buttonsBMP/help.bmp
357721/buttonsBMP/new.bmp
357721/copydbf.bat
357721/dat/FS.dat
357721/dat/SR.dat
357721/dat/zc.dat
357721/dbf.ARJ
357721/delete.yy1
357721/desk.ico
357721/doorshut.bmp
357721/edit.yy1
357721/end.yy1
357721/log.txt
357721/m99.WSM
357721/m99.wse
357721/main.dcu
357721/main.dfm
357721/main.pas
357721/main.~df
357721/main.~dfm
357721/main.~pa
357721/main.~pas
357721/money.ebf
357721/money99.ini
357721/moneybak.ebf
357721/moneymid.ebf
357721/moneyq.ebf
357721/pwd.ebf
357721/rec.txt
357721/test1.txt
357721/test2.txt
357721/uAbout.dcu
357721/uAbout.dfm
357721/uAbout.pas
357721/uAbout.~df
357721/uAbout.~pa
357721/uHelp.dcu
357721/uHelp.dfm
357721/uHelp.pas
357721/uHelp.~df
357721/uHelp.~pa
357721/uQuery.dcu
357721/uQuery.dfm
357721/uQuery.pas
357721/uQuery.~df
357721/uQuery.~pa
357721/uSetup.dcu
357721/uSetup.dfm
357721/uSetup.pas
357721/uSetup.~df
357721/uSetup.~pa
357721/uinput.dcu
357721/uinput.dfm
357721/uinput.pas
357721/uinput.~df
357721/uinput.~pa
357721/ulogin.dcu
357721/ulogin.dfm
357721/ulogin.pas
357721/ulogin.~df
357721/ulogin.~pa
357721/update.txt
357721/update.~tx
357721/yoyo$$$
357721/yoyo.cfg
357721/yoyo.dof
357721/yoyo.dpr
357721/yoyo.dsk
357721/yoyo.res
357721/yoyo.~dp
357721/yoyo.~dpr
357721/yoyo.~ds
357721/yoyo.~dsk
357721/yytools.dcu
357721/yytools.pas
357721/yytools.~pa
357721/yytools.~pas
357721/下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 31KB - Virtual size: 31KB

DATA Size: 512B - Virtual size: 312B

BSS Size: - Virtual size: 1KB

.idata Size: 1KB - Virtual size: 1KB

.edata Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

CODE
Size: 31KB - Virtual size: 31KB

DATA
Size: 512B - Virtual size: 312B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

.edata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB