295d90ab5bcfd4075bcc130fde1fd4ad79ee8cf97643be07ab164296e1f9e7b9

Sharing

Copy URL

Twitter E-mail

General

Target

295d90ab5bcfd4075bcc130fde1fd4ad79ee8cf97643be07ab164296e1f9e7b9
Size

3.5MB
MD5

25cb4b166934b245d8937b79ad082295
SHA1

331ca2fa30796a44e100f30810b7aee3cb44cd3e
SHA256

295d90ab5bcfd4075bcc130fde1fd4ad79ee8cf97643be07ab164296e1f9e7b9
SHA512

eee05f21c848785c77e24181595e183dac5226205dde77fbe6519a00b8913282b05e768c0b7d04ef7c0ca73de6e292c16f672626a05986f232d5c2bd648e974b
SSDEEP

98304:snpERFF2m+3mnF/WcZAUZp63m/j1oQ+YX1jL8fJAe7fRLWOMjS/qVgO:1RFF2CTZAUv63KTaJ+zeo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
295d90ab5bcfd4075bcc130fde1fd4ad79ee8cf97643be07ab164296e1f9e7b9

Files

295d90ab5bcfd4075bcc130fde1fd4ad79ee8cf97643be07ab164296e1f9e7b9
.exe windows:5 windows x86 arch:x86

2bd0c58e001fe69d28dc83a0f326deb3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

rtl160.bpl

@$xp$22Winapi@Activex@POleCmd

kernel32

GetVersionExW
FlushInstructionCache
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

jxycore.bpl

@Rzedit@TRzRichEdit@$bcctr$qqrv

user32

DrawIconEx

gdi32

CreateCompatibleBitmap

version

GetFileVersionInfoSizeW

advapi32

LookupPrivilegeValueW

oleaut32

SafeArrayCreate

ole32

CreateFileMoniker

vcl160.bpl

@Vcl@Forms@TCustomForm@ShowModal$qqrv

shell32

ExtractIconExW

wininet

InternetConnectW

urlmon

URLDownloadToFileW

wsock32

inet_ntoa

jxycomm.bpl

@Brandinfo@Finalization$qqrv

jxympub.bpl

@Managebase@TMBaseForm@

crypt32

CertOpenSystemStoreW

shdocvw

DoOrganizeFavDlg

jxyreport.bpl

@Frxres@initialization$qqrv

jxyvipapi.bpl

@Sendsmsap@SendSmsMd

jxypurchase.bpl

@Sjl@TSjlKind@

jxystock.bpl

@Outstoragedetail@Finalization$qqrv

jxyvipsale.bpl

@Intcfg@TInCfg@

jxyfinance.bpl

@Empsalaryset@EmpSal

jxyauxiliary.bpl

@Medgoodsdetail@MedGd

jxyanalyse.bpl

@Selldetailfind@SellDetail

Sections

.text
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1.0MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 48B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 139KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2bd0c58e001fe69d28dc83a0f326deb3

Headers

File Characteristics

Imports

rtl160.bpl

kernel32

jxycore.bpl

user32

gdi32

version

advapi32

oleaut32

ole32

vcl160.bpl

shell32

wininet

urlmon

wsock32

jxycomm.bpl

jxympub.bpl

crypt32

shdocvw

jxyreport.bpl

jxyvipapi.bpl

jxypurchase.bpl

jxystock.bpl

jxyvipsale.bpl

jxyfinance.bpl

jxyauxiliary.bpl

jxyanalyse.bpl

Sections

.text Size: - Virtual size: 1.3MB

.itext Size: - Virtual size: 10KB

.data Size: - Virtual size: 18KB

.bss Size: - Virtual size: 1.0MB

.idata Size: - Virtual size: 131KB

.didata Size: - Virtual size: 160B

.tls Size: - Virtual size: 48B

.rdata Size: - Virtual size: 24B

.vmp0 Size: - Virtual size: 1.7MB

.vmp1 Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 512B - Virtual size: 236B

.rsrc Size: 139KB - Virtual size: 2.8MB

.text
Size: - Virtual size: 1.3MB

.itext
Size: - Virtual size: 10KB

.data
Size: - Virtual size: 18KB

.bss
Size: - Virtual size: 1.0MB

.idata
Size: - Virtual size: 131KB

.didata
Size: - Virtual size: 160B

.tls
Size: - Virtual size: 48B

.rdata
Size: - Virtual size: 24B

.vmp0
Size: - Virtual size: 1.7MB

.vmp1
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 512B - Virtual size: 236B

.rsrc
Size: 139KB - Virtual size: 2.8MB