c6a6251bc047bb1b7e67cbc048795344d447d5667c6df98d97308e0f30735b22

Sharing

Copy URL Twitter E-mail

General

Target

c6a6251bc047bb1b7e67cbc048795344d447d5667c6df98d97308e0f30735b22
Size

3.4MB
MD5

45ea0c63d232048d6bfab94d8f24b012
SHA1

7041a4259f222e2a8273837abff7e62dbc8a6e73
SHA256

c6a6251bc047bb1b7e67cbc048795344d447d5667c6df98d97308e0f30735b22
SHA512

6311e9787e031a7274924a93244c64f7a2941c500a50bdb8c9e4dfc7af292ad5f7117cd724afdc0d68a9e80c6121dd6fdc6a925d0f1d0dc49236f0ec30b12086
SSDEEP

49152:bC4tFV1C1O8deZATOb2dITs05Y35olC5CKdUY1XNG+LL4vRGV6DNYcU2SZngm91:bC4ZYKOdOscY3dUOENjU2SZg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c6a6251bc047bb1b7e67cbc048795344d447d5667c6df98d97308e0f30735b22

Files

c6a6251bc047bb1b7e67cbc048795344d447d5667c6df98d97308e0f30735b22
.exe windows:5 windows x86 arch:x86

341f81444640c1b61433d2f4e00d9c03

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

rtl160.bpl

@System@Sysutils@EWin32Error@

kernel32

GetVersionExW
GetThreadPriority
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

jxycore.bpl

@Idiohandler@initialization$qqrv

user32

WindowFromPoint

gdi32

CreateFontIndirectW

version

GetFileVersionInfoSizeW

advapi32

LookupPrivilegeValueW

ole32

CreateFileMoniker

vcl160.bpl

@Vcl@Controls@TWinControl@SetTabOrder$qqrs

shell32

SHGetSpecialFolderLocation

wininet

InternetSetOptionW

jxycomm.bpl

@Mdaoconnection@TMConnection@ReConnection$qqrv

jxympub.bpl

@Exportgoods@TExportForm@$bctr$qqrxui20System@UnicodeStringt2

jxyreport.bpl

@Vcltee@Bubblech@Finalization$qqrv

jxyvipapi.bpl

@Sendsmsap@SendSmsMd

jxypurchase.bpl

@Adddjqi@initialization$qqrv

jxystock.bpl

@Jtaccount@TStAccount@$bctr$qqriiiip34Remoteadounit@TRemoteAdoConnection20System@UnicodeStringt6t6

jxyvipsale.bpl

@Salecfg@TSlCfg@

jxyfinance.bpl

@Salarylist@SalaryForm

jxyauxiliary.bpl

@Mzbd@TMZbdFrm@$bctr$qqrpx25System@Classes@TComponentp34Remoteadounit@TRemoteAdoConnection20System@UnicodeStringt3t3t3t3

jxyanalyse.bpl

@Selldetailfind@SellDetail

Sections

.text
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1.0MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 48B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 139KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

341f81444640c1b61433d2f4e00d9c03

Headers

File Characteristics

Imports

rtl160.bpl

kernel32

jxycore.bpl

user32

gdi32

version

advapi32

ole32

vcl160.bpl

shell32

wininet

jxycomm.bpl

jxympub.bpl

jxyreport.bpl

jxyvipapi.bpl

jxypurchase.bpl

jxystock.bpl

jxyvipsale.bpl

jxyfinance.bpl

jxyauxiliary.bpl

jxyanalyse.bpl

Sections

.text Size: - Virtual size: 1.3MB

.itext Size: - Virtual size: 10KB

.data Size: - Virtual size: 17KB

.bss Size: - Virtual size: 1.0MB

.idata Size: - Virtual size: 123KB

.didata Size: - Virtual size: 160B

.tls Size: - Virtual size: 48B

.rdata Size: - Virtual size: 24B

.vmp0 Size: - Virtual size: 1.7MB

.vmp1 Size: 3.3MB - Virtual size: 3.3MB

.reloc Size: 512B - Virtual size: 184B

.rsrc Size: 139KB - Virtual size: 2.8MB

.text
Size: - Virtual size: 1.3MB

.itext
Size: - Virtual size: 10KB

.data
Size: - Virtual size: 17KB

.bss
Size: - Virtual size: 1.0MB

.idata
Size: - Virtual size: 123KB

.didata
Size: - Virtual size: 160B

.tls
Size: - Virtual size: 48B

.rdata
Size: - Virtual size: 24B

.vmp0
Size: - Virtual size: 1.7MB

.vmp1
Size: 3.3MB - Virtual size: 3.3MB

.reloc
Size: 512B - Virtual size: 184B

.rsrc
Size: 139KB - Virtual size: 2.8MB