46887979a694085474ba5b577765a324_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

46887979a694085474ba5b577765a324_JaffaCakes118
Size

2.6MB
MD5

46887979a694085474ba5b577765a324
SHA1

eb4e3379d3ebc55accc13708793c7b02e5331f5e
SHA256

4d0059453a785414b5004da18785c13b5e73e7b761ad4f85ec92146e7ae6e220
SHA512

c98f30f4baaf2e38037ef342722726f707b8e944c6637a59e7e0c71e4f12f138fac574e8531107977285a77da8976d9f3ef058014a2bbf21a21c5705499e192d
SSDEEP

49152:64e2Z4Ruw/8CYoZP9cZ4HcoH31px28yuPey1qUhbhAIkrkEQJzGQEji7zMX:aCaD/8C3Z1WqN7my1dh2IiJQJKQLa

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/FS4X.exe	aspack_v212_v242

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FS4X.exe
unpack001/sqlite3.dll

Files

46887979a694085474ba5b577765a324_JaffaCakes118
.rar
Author.fab
FS4X.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

@$xp$10TGraphKind
@$xp$11TCGaugeKind
@$xp$15Controls@TAlign
@$xp$15Graphics@TColor
@$xp$16Controls@TCursor
@$xp$16Cspin@TCSpinEdit
@$xp$17TPerformanceGraph
@$xp$18Controls@TDragMode
@$xp$18Cspin@TCSpinButton
@$xp$20Controls@TAnchorKind
@$xp$20Editvalue@TEditValue
@$xp$20JSL_Library@jslMSSQL
@$xp$21JSL_Library@fsAdjunct
@$xp$21JSL_Library@fsArchive
@$xp$21JSL_Library@fsDossier
@$xp$21JSL_Library@fsMission
@$xp$21JSL_Library@jslObject
@$xp$21JSL_Library@jslSQLite
@$xp$22JSL_Library@fsPersonal
@$xp$22JSL_Library@fsTreeNode
@$xp$23Cspin@TTimerSpeedButton
@$xp$23Editvalue@TNumberFormat
@$xp$23JSL_Library@jslObjectIO
@$xp$23JSL_Library@jslTreeNode
@$xp$26JSL_Library@fsAccountOrder
@$xp$26JSL_Library@fsAccountTitle
@$xp$28JSL_Library@fsAccountSpecial
@$xp$28JSL_Library@fsAccountSubject
@$xp$32JSL_Library@jslDatabaseInterface
@$xp$7TCGauge
@@Appstrings@Finalize
@@Appstrings@Initialize
@@Apputils@Finalize
@@Apputils@Initialize
@@Cgauges@Finalize
@@Cgauges@Initialize
@@Cspin@Finalize
@@Cspin@Initialize
@@Dlg_about@Finalize
@@Dlg_about@Initialize
@@Dlg_accounttitle@Finalize
@@Dlg_accounttitle@Initialize
@@Dlg_changepassword@Finalize
@@Dlg_changepassword@Initialize
@@Dlg_chat@Finalize
@@Dlg_chat@Initialize
@@Dlg_contact@Finalize
@@Dlg_contact@Initialize
@@Dlg_downloadfiles@Finalize
@@Dlg_downloadfiles@Initialize
@@Dlg_itemseditor@Finalize
@@Dlg_itemseditor@Initialize
@@Dlg_login@Finalize
@@Dlg_login@Initialize
@@Dlg_memorialday@Finalize
@@Dlg_memorialday@Initialize
@@Dlg_mission@Finalize
@@Dlg_mission@Initialize
@@Dlg_myinfo@Finalize
@@Dlg_myinfo@Initialize
@@Dlg_option@Finalize
@@Dlg_option@Initialize
@@Dlg_orderfamily@Finalize
@@Dlg_orderfamily@Initialize
@@Dlg_orderprofessional@Finalize
@@Dlg_orderprofessional@Initialize
@@Dlg_personal@Finalize
@@Dlg_personal@Initialize
@@Dlg_progress@Finalize
@@Dlg_progress@Initialize
@@Dlg_remindconfig@Finalize
@@Dlg_remindconfig@Initialize
@@Dlg_selectdate@Finalize
@@Dlg_selectdate@Initialize
@@Dlg_splash@Finalize
@@Dlg_splash@Initialize
@@Dlg_tipofday@Finalize
@@Dlg_tipofday@Initialize
@@Dlg_virement@Finalize
@@Dlg_virement@Initialize
@@Dlg_waitforopen@Finalize
@@Dlg_waitforopen@Initialize
@@Dm_appdata@Finalize
@@Dm_appdata@Initialize
@@Embed_personalpanel@Finalize
@@Embed_personalpanel@Initialize
@@Embed_rtfeditor@Finalize
@@Embed_rtfeditor@Initialize
@@Embed_workgroup@Finalize
@@Embed_workgroup@Initialize
@@Ffqutility@Finalize
@@Ffqutility@Initialize
@@Fm_desktop@Finalize
@@Fm_desktop@Initialize
@@Fm_desktopnote@Finalize
@@Fm_desktopnote@Initialize
@@Frm_accountlist@Finalize
@@Frm_accountlist@Initialize
@@Frm_journallist@Finalize
@@Frm_journallist@Initialize
@@Frm_lanchatlist@Finalize
@@Frm_lanchatlist@Initialize
@@Frm_personallist@Finalize
@@Frm_personallist@Initialize
@@Frm_schedulelist@Finalize
@@Frm_schedulelist@Initialize
@@Fsaccountorder@Finalize
@@Fsaccountorder@Initialize
@@Fsaccountspecial@Finalize
@@Fsaccountspecial@Initialize
@@Fsaccountsubject@Finalize
@@Fsaccountsubject@Initialize
@@Fsaccounttitle@Finalize
@@Fsaccounttitle@Initialize
@@Fsadjunct@Finalize
@@Fsadjunct@Initialize
@@Fsarchive@Finalize
@@Fsarchive@Initialize
@@Fsdossier@Finalize
@@Fsdossier@Initialize
@@Fsmission@Finalize
@@Fsmission@Initialize
@@Fspersonal@Finalize
@@Fspersonal@Initialize
@@Fstreenode@Finalize
@@Fstreenode@Initialize
@@Ftpclientthread@Finalize
@@Ftpclientthread@Initialize
@@Jsl_dialog@Finalize
@@Jsl_dialog@Initialize
@@Jsl_dialogcustom@Finalize
@@Jsl_dialogcustom@Initialize
@@Jsl_dialoghorzontal@Finalize
@@Jsl_dialoghorzontal@Initialize
@@Jsl_dialogvertial@Finalize
@@Jsl_dialogvertial@Initialize
@@Jsl_form@Finalize
@@Jsl_form@Initialize
@@Jsl_formlist@Finalize
@@Jsl_formlist@Initialize
@@Jslcommon@Finalize
@@Jslcommon@Initialize
@@Jslconfigure@Finalize
@@Jslconfigure@Initialize
@@Jsldatabaseinterface@Finalize
@@Jsldatabaseinterface@Initialize
@@Jslkey@Finalize
@@Jslkey@Initialize
@@Jsllog@Finalize
@@Jsllog@Initialize
@@Jslmailposter@Finalize
@@Jslmailposter@Initialize
@@Jslmsexcel@Finalize
@@Jslmsexcel@Initialize
@@Jslmssql@Finalize
@@Jslmssql@Initialize
@@Jslobject@Finalize
@@Jslobject@Initialize
@@Jslobjectio@Finalize
@@Jslobjectio@Initialize
@@Jslparams@Finalize
@@Jslparams@Initialize
@@Jslsocket@Finalize
@@Jslsocket@Initialize
@@Jslsqlite@Finalize
@@Jslsqlite@Initialize
@@Jsltreenode@Finalize
@@Jsltreenode@Initialize
@@Perfgrap@Finalize
@@Perfgrap@Initialize
@@Vtpropertyeditor@Finalize
@@Vtpropertyeditor@Initialize
@AddTextToItems$qp16Classes@TStrings20System@UnicodeStringo
@AppendOnOSStartup$q20System@UnicodeStringt1t1
@CreateNewUuid$qv
@Cspin@TCSpinButton@
@Cspin@TCSpinButton@$bctr$qqrp18Classes@TComponent
@Cspin@TCSpinButton@$bdtr$qqrv
@Cspin@TCSpinButton@AdjustSize$qqrrit1
@Cspin@TCSpinButton@BtnClick$qqrp14System@TObject
@Cspin@TCSpinButton@BtnMouseDown$qqrp14System@TObject21Controls@TMouseButton46System@%Set$t18Classes@Classes__1$iuc$0$iuc$8%ii
@Cspin@TCSpinButton@CreateButton$qqrv
@Cspin@TCSpinButton@Dispatch$qqrpv
@Cspin@TCSpinButton@GetDownGlyph$qqrv
@Cspin@TCSpinButton@GetUpGlyph$qqrv
@Cspin@TCSpinButton@KeyDown$qqrrus46System@%Set$t18Classes@Classes__1$iuc$0$iuc$8%
@Cspin@TCSpinButton@Loaded$qqrv
@Cspin@TCSpinButton@SetBounds$qqriiii
@Cspin@TCSpinButton@SetDownGlyph$qqrp16Graphics@TBitmap
@Cspin@TCSpinButton@SetFocusBtn$qqrp23Cspin@TTimerSpeedButton
@Cspin@TCSpinButton@SetUpGlyph$qqrp16Graphics@TBitmap
@Cspin@TCSpinButton@WMGetDlgCode$qqrr20Messages@TWMNoParams
@Cspin@TCSpinButton@WMKillFocus$qqrr21Messages@TWMKillFocus
@Cspin@TCSpinButton@WMSetFocus$qqrr20Messages@TWMSetFocus
@Cspin@TCSpinButton@WMSize$qqrr16Messages@TWMSize
@Cspin@TCSpinEdit@
@Cspin@TCSpinEdit@$bctr$qqrp18Classes@TComponent
@Cspin@TCSpinEdit@$bdtr$qqrv
@Cspin@TCSpinEdit@CMEnter$qqrr20Messages@TWMNoParams
@Cspin@TCSpinEdit@CMExit$qqrr20Messages@TWMNoParams
@Cspin@TCSpinEdit@CheckValue$qqrl
@Cspin@TCSpinEdit@CreateParams$qqrr22Controls@TCreateParams
@Cspin@TCSpinEdit@CreateWnd$qqrv
@Cspin@TCSpinEdit@Dispatch$qqrpv
@Cspin@TCSpinEdit@DownClick$qqrp14System@TObject
@Cspin@TCSpinEdit@GetChildren$qqrynpqqrp18Classes@TComponent$vp18Classes@TComponent
@Cspin@TCSpinEdit@GetMinHeight$qqrv
@Cspin@TCSpinEdit@GetValue$qqrv
@Cspin@TCSpinEdit@IsValidChar$qqrb
@Cspin@TCSpinEdit@KeyDown$qqrrus46System@%Set$t18Classes@Classes__1$iuc$0$iuc$8%
@Cspin@TCSpinEdit@KeyPress$qqrrb
@Cspin@TCSpinEdit@SetEditRect$qqrv
@Cspin@TCSpinEdit@SetValue$qqrl
@Cspin@TCSpinEdit@UpClick$qqrp14System@TObject
@Cspin@TCSpinEdit@WMCut$qqrr20Messages@TWMNoParams
@Cspin@TCSpinEdit@WMPaste$qqrr20Messages@TWMNoParams
@Cspin@TCSpinEdit@WMSize$qqrr16Messages@TWMSize
@Cspin@TTimerSpeedButton@
@Cspin@TTimerSpeedButton@$bctr$qqrp18Classes@TComponent
@Cspin@TTimerSpeedButton@$bdtr$qqrv
@Cspin@TTimerSpeedButton@MouseDown$qqr21Controls@TMouseButton46System@%Set$t18Classes@Classes__1$iuc$0$iuc$8%ii
@Cspin@TTimerSpeedButton@MouseUp$qqr21Controls@TMouseButton46System@%Set$t18Classes@Classes__1$iuc$0$iuc$8%ii
@Cspin@TTimerSpeedButton@Paint$qqrv
@Cspin@TTimerSpeedButton@TimerExpired$qqrp14System@TObject
@Datecn@CnData
@Datecn@CnDateOfDateStr$qqr16System@TDateTime
@Datecn@CnDateOfDateStrPH$qqr16System@TDateTime
@Datecn@CnDay$qqr16System@TDateTime
@Datecn@CnDayOfDate$qqr16System@TDateTime
@Datecn@CnDayOfDate$qqr16System@TDateTimeio
@Datecn@CnDayOfDate$qqriii
@Datecn@CnDayOfDateJr$qqr16System@TDateTime
@Datecn@CnDayOfDateJr$qqr16System@TDateTimei
@Datecn@CnDayOfDatePH$qqr16System@TDateTime
@Datecn@CnMonth$qqr16System@TDateTime
@Datecn@CnMonthOfDate$qqr16System@TDateTime
@Datecn@CnMonthOfDate$qqr16System@TDateTimei
@Datecn@CnSkyStemOfYear$qqr16System@TDateTime
@Datecn@CnSolarTerm$qqr16System@TDateTime
@Datecn@CnanimalOfYear$qqr16System@TDateTime
@Datecn@Constellation$qqr16System@TDateTime
@Datecn@Constellation$qqr16System@TDateTimei
@Datecn@DaysNumberOfDate$qqr16System@TDateTime
@Datecn@Finalization$qqrv
@Datecn@GetAnimal$qqr16System@TDateTime
@Datecn@GetCnDateToDate$qqr16System@TDateTime
@Datecn@GetCnDateToDate$qqrususus
@Datecn@GetDays$qqr16System@TDateTime
@Datecn@GetLunarHolDay$qqr16System@TDateTime
@Datecn@GetLunarHolDay$qqr16System@TDateTimei
@Datecn@Holiday$qqr16System@TDateTimei
@Datecn@OtherHoliday$qqrii
@Datecn@gLunarHolDay
@Datecn@initialization$qqrv
@Datecn@l_GetLunarHolDay$qqrususus
@DeleteOnOSStartup$q20System@UnicodeString
@DisplayText$q15System@Currencyi
@DisplayText$q16System@TDateTimei
@DisplayText$q20System@UnicodeString
@DisplayText$qi
@DisplayText$qo15System@Currencyi20System@UnicodeString
@DisplayText$qo16System@TDateTimei
@DisplayText$qo20System@UnicodeString
@DisplayText$qodi20System@UnicodeString
@DisplayText$qoi20System@UnicodeString
@DisplayText$qoj20System@UnicodeString
@DisplayText$qoui20System@UnicodeString
@Editvalue@Finalization$qqrv
@Editvalue@Register$qqrv
@Editvalue@TEditValue@
@Editvalue@TEditValue@$bctr$qqrp18Classes@TComponent
@Editvalue@TEditValue@CreateParams$qqrr22Controls@TCreateParams
@Editvalue@TEditValue@DeleteKey$qqrus
@Editvalue@TEditValue@DeleteSelection$qqrv
@Editvalue@TEditValue@DoEnter$qqrv
@Editvalue@TEditValue@DoExit$qqrv
@Editvalue@TEditValue@FormatText$qqrg
@Editvalue@TEditValue@GetAsCurrency$qqrv
@Editvalue@TEditValue@GetAsFloat$qqrv
@Editvalue@TEditValue@GetAsInteger$qqrv
@Editvalue@TEditValue@GetValue$qqrv
@Editvalue@TEditValue@InvalidEntry$qqrv
@Editvalue@TEditValue@KeyDown$qqrrus46System@%Set$t18Classes@Classes__1$iuc$0$iuc$8%
@Editvalue@TEditValue@KeyPress$qqrrb
@Editvalue@TEditValue@KeyUp$qqrrus46System@%Set$t18Classes@Classes__1$iuc$0$iuc$8%
@Editvalue@TEditValue@MouseDown$qqr21Controls@TMouseButton46System@%Set$t18Classes@Classes__1$iuc$0$iuc$8%ii
@Editvalue@TEditValue@Remove1000$qqr20System@UnicodeString
@Editvalue@TEditValue@SetAlignment$qqr18Classes@TAlignment
@Editvalue@TEditValue@SetAsCurrency$qqr15System@Currency
@Editvalue@TEditValue@SetAsFloat$qqrg
@Editvalue@TEditValue@SetAsInteger$qqri
@Editvalue@TEditValue@SetDecimals$qqrzc
@Editvalue@TEditValue@SetMaxValue$qqrg
@Editvalue@TEditValue@SetMinValue$qqrg
@Editvalue@TEditValue@SetNumberFormat$qqr23Editvalue@TNumberFormat
@Editvalue@TEditValue@SetValue$qqrg
@Editvalue@TEditValue@WMCopy$qqrr17Messages@TMessage
@Editvalue@TEditValue@WMCut$qqrr17Messages@TMessage
@Editvalue@TEditValue@WMPaste$qqrr17Messages@TMessage
@Editvalue@initialization$qqrv
@EvalExpression$q20System@UnicodeString
@ExecFor$q20System@UnicodeStringo
@ExistsOnOSStartup$q20System@UnicodeString
@ExtractDirFileExt$q20System@UnicodeStringr20System@UnicodeStringt2t2
@FormatString$q20System@UnicodeStringe
@GetBroadcastAddress$q20System@UnicodeStringt1
@GetComplieDateTime$qv
@GetComputerNameA$qv
@GetFileDateTime$q20System@UnicodeStringr16System@TDateTimet2t2
@GetFileIconIndex$q20System@UnicodeStringrit2r20System@UnicodeStringt2
@GetFileInfo$q20System@UnicodeStringrjr16System@TDateTimeri
@GetFileReleaseVersion$q20System@UnicodeString
@GetFileSize$q20System@UnicodeStringrui
@GetFileVersion$q20System@UnicodeStringrit2t2t2
@GetFileVersionText$q20System@UnicodeString
@GetFirstLine$q20System@UnicodeString
@GetFirstPinyin$q20System@UnicodeString
@GetFirstString$qx20System@UnicodeStringt1
@GetLogonName$qv
@GetPYString$q20System@UnicodeString
@GetRemoteMAC$q27System@%AnsiStringT$us$i0$%
@GetSystemImages$qp19Controls@TImageListt1
@GetTagValue$qp14System@TObject
@GetTempDirectory$qv
@GetTempFileNameA$q20System@UnicodeString
@GetUniqueFileName$q20System@UnicodeString
@GetUniqueFileName$q20System@UnicodeStringt1
@HzToPinyin$qx20System@UnicodeStringo
@IIF$qo20System@UnicodeStringt2
@IMEEngine@$bctr$qv
@IMEEngine@$bdtr$qv
@IMEEngine@GetJMorphResult$qululpxb
@IMEEngine@IsReady$qv
@IMEEngine@SetIMEEngine$qpxb
@IMEEngine@UnsetIMEEngine$qv
@JSL_Library@fsAccountOrder@
@JSL_Library@fsAccountOrder@$bctr$qqrv
@JSL_Library@fsAccountOrder@$bdtr$qqrv
@JSL_Library@fsAccountOrder@Assign$qqrp19Classes@TPersistent
@JSL_Library@fsAccountOrder@Finalize$qv
@JSL_Library@fsAccountOrder@G_Period$xqqrv
@JSL_Library@fsAccountOrder@GetHeaders$qp16Classes@TStringsi
@JSL_Library@fsAccountOrder@GetKeyField$qi
@JSL_Library@fsAccountOrder@GetNewObject$xqi
@JSL_Library@fsAccountOrder@GetSqlParams$qip24JSL_Library@jslSqlParams
@JSL_Library@fsAccountOrder@GetSqlText$qi
@JSL_Library@fsAccountOrder@GetStrings$qp16Classes@TStringsiynpqi14System@Variantrir20System@UnicodeStringrpvii$i
@JSL_Library@fsAccountOrder@Initialize$qv
@JSL_Library@fsAccountOrder@ReadXlsSheet$q14System@Variantiiynpqi14System@Variantrir20System@UnicodeStringrpvii$i
@JSL_Library@fsAccountOrder@ReadXmlNode$q44System@%DelphiInterface$t16Xmlintf@IXMLNode%
@JSL_Library@fsAccountOrder@SI_ACQUIT_ORDER_AREA
@JSL_Library@fsAccountOrder@SI_CAPTION_BY_TRADING
@JSL_Library@fsAccountOrder@SI_EXISTS_ID
@JSL_Library@fsAccountOrder@SI_TRADING_LIST
@JSL_Library@fsAccountOrder@SetStrings$qp16Classes@TStringsiynpqi14System@Variantrir20System@UnicodeStringpvii$i
@JSL_Library@fsAccountOrder@TextReplace$q20System@UnicodeString
@JSL_Library@fsAccountOrder@VTCompareNode$qip21JSL_Library@jslObjectt2ip29Virtualtrees@TBaseVirtualTreeriynpqi14System@Variantrir20System@UnicodeStringrpvii$i
@JSL_Library@fsAccountOrder@VTDisplayText$qii25Virtualtrees@TVSTTextTyper20System@UnicodeStringynpqi14System@Variantrir20System@UnicodeStringrpvii$i
@JSL_Library@fsAccountOrder@ValueByFields$qi
@JSL_Library@fsAccountOrder@WriteXlsSheet$q14System@Variantiiynpqi14System@Variantrir20System@UnicodeStringpvii$i
@JSL_Library@fsAccountOrder@WriteXmlNode$q44System@%DelphiInterface$t16Xmlintf@IXMLNode%
@JSL_Library@fsAccountOrder@XLST_DETAIL_1
@JSL_Library@fsAccountOrder@XLST_DETAIL_2
@JSL_Library@fsAccountOrder@XLST_MASTER_1
@JSL_Library@fsAccountOrder@XLST_MASTER_2
@JSL_Library@fsAccountOrder@XlsheetDiscern$q14System@Varianti
@JSL_Library@fsAccountOrder@ioAcquitOrderArea$qr16System@TDateTimet1
@JSL_Library@fsAccountOrder@ioAppend$qo
@JSL_Library@fsAccountOrder@ioExistsID$q20System@UnicodeString
@JSL_Library@fsAccountOrder@ioLoadBy$q16System@TDateTimet1p13Classes@TListt3p16Classes@TStrings
@JSL_Library@fsAccountOrder@ioLoadCaptionByTrading$qp16Classes@TStrings20System@UnicodeString
@JSL_Library@fsAccountOrder@ioLoadTradings$qp16Classes@TStringsi
@JSL_Library@fsAccountOrder@ioOrderArea$qr16System@TDateTimet1
@JSL_Library@fsAccountOrder@ioVirement$qp26JSL_Library@fsAccountOrdert1
@JSL_Library@fsAccountSpecial@
@JSL_Library@fsAccountSpecial@$bctr$qqrv
@JSL_Library@fsAccountSpecial@$bdtr$qqrv
@JSL_Library@fsAccountSpecial@Assign$qqrp19Classes@TPersistent
@JSL_Library@fsAccountSpecial@Finalize$qv
@JSL_Library@fsAccountSpecial@GetHeaders$qp16Classes@TStringsi
@JSL_Library@fsAccountSpecial@GetKeyField$qi
@JSL_Library@fsAccountSpecial@GetNewObject$xqi
@JSL_Library@fsAccountSpecial@GetSqlParams$qip24JSL_Library@jslSqlParams
@JSL_Library@fsAccountSpecial@GetSqlText$qi
@JSL_Library@fsAccountSpecial@GetStrings$qp16Classes@TStringsiynpqi14System@Variantrir20System@UnicodeStringrpvii$i
@JSL_Library@fsAccountSpecial@Initialize$qv
@JSL_Library@fsAccountSpecial@ReadXlsSheet$q14System@Variantiiynpqi14System@Variantrir20System@UnicodeStringrpvii$i
@JSL_Library@fsAccountSpecial@ReadXmlNode$q44System@%DelphiInterface$t16Xmlintf@IXMLNode%
@JSL_Library@fsAccountSpecial@SI_LOADBY_SELLER
@JSL_Library@fsAccountSpecial@SI_LOADBY_SPECIAL
@JSL_Library@fsAccountSpecial@SetStrings$qp16Classes@TStringsiynpqi14System@Variantrir20System@UnicodeStringpvii$i
@JSL_Library@fsAccountSpecial@TextReplace$q20System@UnicodeString
@JSL_Library@fsAccountSpecial@VTCompareNode$qip21JSL_Library@jslObjectt2ip29Virtualtrees@TBaseVirtualTreeriynpqi14System@Variantrir20System@UnicodeStringrpvii$i
@JSL_Library@fsAccountSpecial@VTDisplayText$qii25Virtualtrees@TVSTTextTyper20System@UnicodeStringynpqi14System@Variantrir20System@UnicodeStringrpvii$i
@JSL_Library@fsAccountSpecial@ValueByFields$qi
@JSL_Library@fsAccountSpecial@WriteXlsSheet$q14System@Variantiiynpqi14System@Variantrir20System@UnicodeStringpvii$i
@JSL_Library@fsAccountSpecial@WriteXmlNode$q44System@%DelphiInterface$t16Xmlintf@IXMLNode%
@JSL_Library@fsAccountSpecial@XLST_DETAIL_1
@JSL_Library@fsAccountSpecial@XLST_DETAIL_2
@JSL_Library@fsAccountSpecial@XLST_MASTER_1
@JSL_Library@fsAccountSpecial@XLST_MASTER_2
@JSL_Library@fsAccountSpecial@XlsheetDiscern$q14System@Varianti
@JSL_Library@fsAccountSpecial@ioLoadBy$qv
@JSL_Library@fsAccountSpecial@ioLoadBySeller$qv
@JSL_Library@fsAccountSubject@
@JSL_Library@fsAccountSubject@$bctr$qqrv
@JSL_Library@fsAccountSubject@$bdtr$qqrv
@JSL_Library@fsAccountSubject@Assign$qqrp19Classes@TPersistent
@JSL_Library@fsAccountSubject@Finalize$qv
@JSL_Library@fsAccountSubject@GetHeaders$qp16Classes@TStringsi
@JSL_Library@fsAccountSubject@GetKeyField$qi
@JSL_Library@fsAccountSubject@GetNewObject$xqi
@JSL_Library@fsAccountSubject@GetSqlParams$qip24JSL_Library@jslSqlParams
@JSL_Library@fsAccountSubject@GetSqlText$qi
@JSL_Library@fsAccountSubject@GetStrings$qp16Classes@TStringsiynpqi14System@Variantrir20System@UnicodeStringrpvii$i
@JSL_Library@fsAccountSubject@Initialize$qv
@JSL_Library@fsAccountSubject@ReadXlsSheet$q14System@Variantiiynpqi14System@Variantrir20System@UnicodeStringrpvii$i
@JSL_Library@fsAccountSubject@ReadXmlNode$q44System@%DelphiInterface$t16Xmlintf@IXMLNode%
@JSL_Library@fsAccountSubject@SI_CHANGE_CAPTION
@JSL_Library@fsAccountSubject@SetStrings$qp16Classes@TStringsiynpqi14System@Variantrir20System@UnicodeStringpvii$i
@JSL_Library@fsAccountSubject@TextReplace$q20System@UnicodeString
@JSL_Library@fsAccountSubject@VTCompareNode$qip21JSL_Library@jslObjectt2ip29Virtualtrees@TBaseVirtualTreeriynpqi14System@Variantrir20System@UnicodeStringrpvii$i
@JSL_Library@fsAccountSubject@VTDisplayText$qii25Virtualtrees@TVSTTextTyper20System@UnicodeStringynpqi14System@Variantrir20System@UnicodeStringrpvii$i
@JSL_Library@fsAccountSubject@ValueByFields$qi
@JSL_Library@fsAccountSubject@WriteXlsSheet$q14System@Variantiiynpqi14System@Variantrir20System@UnicodeStringpvii$i
@JSL_Library@fsAccountSubject@WriteXmlNode$q44System@%DelphiInterface$t16Xmlintf@IXMLNode%
@JSL_Library@fsAccountSubject@XLST_DETAIL_1
@JSL_Library@fsAccountSubject@XLST_DETAIL_2
@JSL_Library@fsAccountSubject@XLST_MASTER_1
@JSL_Library@fsAccountSubject@XLST_MASTER_2
@JSL_Library@fsAccountSubject@XlsheetDiscern$q14System@Varianti
@JSL_Library@fsAccountSubject@ioChangeCaption$q20System@UnicodeString
@JSL_Library@fsAccountTitle@
@JSL_Library@fsAccountTitle@$bctr$qqrv
@JSL_Library@fsAccountTitle@$bdtr$qqrv
@JSL_Library@fsAccountTitle@Assign$qqrp19Classes@TPersistent
@JSL_Library@fsAccountTitle@Finalize$qv
@JSL_Library@fsAccountTitle@G_Style$xqqrv
@JSL_Library@fsAccountTitle@GetHeaders$qp16Classes@TStringsi
@JSL_Library@fsAccountTitle@GetKeyField$qi
@JSL_Library@fsAccountTitle@GetNewObject$xqi
@JSL_Library@fsAccountTitle@GetSqlParams$qip24JSL_Library@jslSqlParams
@JSL_Library@fsAccountTitle@GetSqlText$qi
@JSL_Library@fsAccountTitle@GetStrings$qp16Classes@TStringsiynpqi14System@Variantrir20System@UnicodeStringrpvii$i
@JSL_Library@fsAccountTitle@Initialize$qv
@JSL_Library@fsAccountTitle@ReadXlsSheet$q14System@Variantiiynpqi14System@Variantrir20System@UnicodeStringrpvii$i
@JSL_Library@fsAccountTitle@ReadXmlNode$q44System@%DelphiInterface$t16Xmlintf@IXMLNode%
@JSL_Library@fsAccountTitle@SetStrings$qp16Classes@TStringsiynpqi14System@Variantrir20System@UnicodeStringpvii$i
@JSL_Library@fsAccountTitle@TextReplace$q20System@UnicodeString
@JSL_Library@fsAccountTitle@VTCompareNode$qip21JSL_Library@jslObjectt2ip29Virtualtrees@TBaseVirtualTreeriynpqi14System@Variantrir20System@UnicodeStringrpvii$i
@JSL_Library@fsAccountTitle@VTDisplayText$qii25Virtualtrees@TVSTTextTyper20System@UnicodeStringynpqi14System@Variantrir20System@UnicodeStringrpvii$i
@JSL_Library@fsAccountTitle@ValueByFields$qi
@JSL_Library@fsAccountTitle@WriteXlsSheet$q14System@Variantiiynpqi14System@Variantrir20System@UnicodeStringpvii$i
@JSL_Library@fsAccountTitle@WriteXmlNode$q44System@%DelphiInterface$t16Xmlintf@IXMLNode%
@JSL_Library@fsAccountTitle@XLST_DETAIL_1
@JSL_Library@fsAccountTitle@XLST_DETAIL_2
@JSL_Library@fsAccountTitle@XLST_MASTER_1
@JSL_Library@fsAccountTitle@XLST_MASTER_2
@JSL_Library@fsAccountTitle@XlsheetDiscern$q14System@Varianti
@JSL_Library@fsAccountTitle@ioBalance$q20System@UnicodeStringr15System@Currencyro
@JSL_Library@fsAdjunct@
@JSL_Library@fsAdjunct@$bctr$qqrv
@JSL_Library@fsAdjunct@$bdtr$qqrv
@JSL_Library@fsAdjunct@Assign$qqrp19Classes@TPersistent
@JSL_Library@fsAdjunct@Finalize$qv
@JSL_Library@fsAdjunct@G_ImportTime$xqqrv
@JSL_Library@fsAdjunct@GetHeaders$qp16Classes@TStringsi
@JSL_Library@fsAdjunct@GetKeyField$qi
@JSL_Library@fsAdjunct@GetNewObject$xqi
@JSL_Library@fsAdjunct@GetSqlParams$qip24JSL_Library@jslSqlParams
@JSL_Library@fsAdjunct@GetSqlText$qi
@JSL_Library@fsAdjunct@GetStrings$qp16Classes@TStringsiynpqi14System@Variantrir20System@UnicodeStringrpvii$i
@JSL_Library@fsAdjunct@Initialize$qv
@JSL_Library@fsAdjunct@SI_CHANGE_ENDREMINDED
@JSL_Library@fsAdjunct@SI_CHANGE_STARTREMINDED
@JSL_Library@fsAdjunct@SI_LOADBY_MISSION
@JSL_Library@fsAdjunct@SI_LOAD_BY_DOSSIER
@JSL_Library@fsAdjunct@S_ImportTime$qqr16System@TDateTime
@JSL_Library@fsAdjunct@SetStrings$qp16Classes@TStringsiynpqi14System@Variantrir20System@UnicodeStringpvii$i
@JSL_Library@fsAdjunct@TextReplace$q20System@UnicodeString
@JSL_Library@fsAdjunct@VTCompareNode$qip21JSL_Library@jslObjectt2ip29Virtualtrees@TBaseVirtualTreeriynpqi14System@Variantrir20System@UnicodeStringrpvii$i
@JSL_Library@fsAdjunct@VTDisplayText$qii25Virtualtrees@TVSTTextTyper20System@UnicodeStringynpqi14System@Variantrir20System@UnicodeStringrpvii$i
@JSL_Library@fsAdjunct@ValueByFields$qi
@JSL_Library@fsAdjunct@ioLoadBy$qi
@JSL_Library@fsArchive@
@JSL_Library@fsArchive@$bctr$qqrv
@JSL_Library@fsArchive@$bdtr$qqrv
@JSL_Library@fsArchive@Assign$qqrp19Classes@TPersistent
@JSL_Library@fsArchive@DT_RTF
@JSL_Library@fsArchive@DT_TEXT
@JSL_Library@fsArchive@DT_WHOLEPAGE
@JSL_Library@fsArchive@Finalize$qv
@JSL_Library@fsArchive@GetHeaders$qp16Classes@TStringsi
@JSL_Library@fsArchive@GetKeyField$qi
@JSL_Library@fsArchive@GetNewObject$xqi
@JSL_Library@fsArchive@GetSqlParams$qip24JSL_Library@jslSqlParams
@JSL_Library@fsArchive@GetSqlText$qi
@JSL_Library@fsArchive@GetStrings$qp16Classes@TStringsiynpqi14System@Variantrir20System@UnicodeStringrpvii$i
@JSL_Library@fsArchive@Initialize$qv
@JSL_Library@fsArchive@ReadXlsSheet$q14System@Variantiiynpqi14System@Variantrir20System@UnicodeStringrpvii$i

Sections

.text
Size: 1.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 107KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 80KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 458KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Init4.sql
Readme.txt
TipOfDay.txt
Update3.sql
rpts/XLST_D2dAccount.xls
.xls windows office2003
rpts/新云软件.url
.url
sqlite3.dll
.dll windows:4 windows x86 arch:x86

16892521697dfbd272f03ce06f9c1433

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
ExitProcess
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameA
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedIncrement
IsDBCSLeadByteEx
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LockFile
LockFileEx
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFile
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile

user32

EnumThreadWindows
MessageBoxA
wsprintfA

Exports

Exports

___CPPdebugHook
_sqlite3_aggregate_context
_sqlite3_aggregate_count
_sqlite3_auto_extension
_sqlite3_backup_finish
_sqlite3_backup_init
_sqlite3_backup_pagecount
_sqlite3_backup_remaining
_sqlite3_backup_step
_sqlite3_bind_blob
_sqlite3_bind_double
_sqlite3_bind_int
_sqlite3_bind_int64
_sqlite3_bind_null
_sqlite3_bind_parameter_count
_sqlite3_bind_parameter_index
_sqlite3_bind_parameter_name
_sqlite3_bind_text
_sqlite3_bind_text16
_sqlite3_bind_value
_sqlite3_bind_zeroblob
_sqlite3_blob_bytes
_sqlite3_blob_close
_sqlite3_blob_open
_sqlite3_blob_read
_sqlite3_blob_write
_sqlite3_busy_handler
_sqlite3_busy_timeout
_sqlite3_changes
_sqlite3_clear_bindings
_sqlite3_close
_sqlite3_collation_needed
_sqlite3_collation_needed16
_sqlite3_column_blob
_sqlite3_column_bytes
_sqlite3_column_bytes16
_sqlite3_column_count
_sqlite3_column_database_name
_sqlite3_column_database_name16
_sqlite3_column_decltype
_sqlite3_column_decltype16
_sqlite3_column_double
_sqlite3_column_int
_sqlite3_column_int64
_sqlite3_column_name
_sqlite3_column_name16
_sqlite3_column_origin_name
_sqlite3_column_origin_name16
_sqlite3_column_table_name
_sqlite3_column_table_name16
_sqlite3_column_text
_sqlite3_column_text16
_sqlite3_column_type
_sqlite3_column_value
_sqlite3_commit_hook
_sqlite3_complete
_sqlite3_complete16
_sqlite3_config
_sqlite3_context_db_handle
_sqlite3_create_collation
_sqlite3_create_collation16
_sqlite3_create_collation_v2
_sqlite3_create_function
_sqlite3_create_function16
_sqlite3_create_module
_sqlite3_create_module_v2
_sqlite3_data_count
_sqlite3_db_config
_sqlite3_db_handle
_sqlite3_db_mutex
_sqlite3_db_status
_sqlite3_declare_vtab
_sqlite3_enable_load_extension
_sqlite3_enable_shared_cache
_sqlite3_errcode
_sqlite3_errmsg
_sqlite3_errmsg16
_sqlite3_exec
_sqlite3_expired
_sqlite3_extended_errcode
_sqlite3_extended_result_codes
_sqlite3_file_control
_sqlite3_finalize
_sqlite3_free
_sqlite3_free_table
_sqlite3_get_autocommit
_sqlite3_get_auxdata
_sqlite3_get_table
_sqlite3_global_recover
_sqlite3_initialize
_sqlite3_interrupt
_sqlite3_key
_sqlite3_last_insert_rowid
_sqlite3_libversion
_sqlite3_libversion_number
_sqlite3_limit
_sqlite3_load_extension
_sqlite3_malloc
_sqlite3_memory_alarm
_sqlite3_memory_highwater
_sqlite3_memory_used
_sqlite3_mprintf
_sqlite3_mutex_alloc
_sqlite3_mutex_enter
_sqlite3_mutex_free
_sqlite3_mutex_leave
_sqlite3_mutex_try
_sqlite3_next_stmt
_sqlite3_open
_sqlite3_open16
_sqlite3_open_v2
_sqlite3_os_end
_sqlite3_os_init
_sqlite3_overload_function
_sqlite3_prepare
_sqlite3_prepare16
_sqlite3_prepare16_v2
_sqlite3_prepare_v2
_sqlite3_profile
_sqlite3_progress_handler
_sqlite3_randomness
_sqlite3_realloc
_sqlite3_rekey
_sqlite3_release_memory
_sqlite3_reset
_sqlite3_reset_auto_extension
_sqlite3_result_blob
_sqlite3_result_double
_sqlite3_result_error
_sqlite3_result_error16
_sqlite3_result_error_code
_sqlite3_result_error_nomem
_sqlite3_result_error_toobig
_sqlite3_result_int
_sqlite3_result_int64
_sqlite3_result_null
_sqlite3_result_text
_sqlite3_result_text16
_sqlite3_result_text16be
_sqlite3_result_text16le
_sqlite3_result_value
_sqlite3_result_zeroblob
_sqlite3_rollback_hook
_sqlite3_set_authorizer
_sqlite3_set_auxdata
_sqlite3_shutdown
_sqlite3_sleep
_sqlite3_snprintf
_sqlite3_soft_heap_limit
_sqlite3_sql
_sqlite3_status
_sqlite3_step
_sqlite3_stmt_status
_sqlite3_table_column_metadata
_sqlite3_test_control
_sqlite3_thread_cleanup
_sqlite3_threadsafe
_sqlite3_total_changes
_sqlite3_trace
_sqlite3_transfer_bindings
_sqlite3_update_hook
_sqlite3_user_data
_sqlite3_value_blob
_sqlite3_value_bytes
_sqlite3_value_bytes16
_sqlite3_value_double
_sqlite3_value_int
_sqlite3_value_int64
_sqlite3_value_numeric_type
_sqlite3_value_text
_sqlite3_value_text16
_sqlite3_value_text16be
_sqlite3_value_text16le
_sqlite3_value_type
_sqlite3_version
_sqlite3_vfs_find
_sqlite3_vfs_register
_sqlite3_vfs_unregister
_sqlite3_vmprintf
_sqlite3_win32_mbcs_to_utf8

Sections

.text
Size: 375KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 5.8MB

.data Size: 107KB - Virtual size: 1.0MB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 8KB - Virtual size: 28KB

.didata Size: 512B - Virtual size: 4KB

.edata Size: 80KB - Virtual size: 84KB

.rsrc Size: 458KB - Virtual size: 2.3MB

.reloc Size: - Virtual size: 416KB

.aspack Size: 22KB - Virtual size: 24KB

.adata Size: - Virtual size: 4KB

16892521697dfbd272f03ce06f9c1433

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 375KB - Virtual size: 376KB

.data Size: 52KB - Virtual size: 56KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 6KB - Virtual size: 8KB

.rsrc Size: 5KB - Virtual size: 8KB

.reloc Size: 11KB - Virtual size: 12KB

.text
Size: 1.8MB - Virtual size: 5.8MB

.data
Size: 107KB - Virtual size: 1.0MB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 8KB - Virtual size: 28KB

.didata
Size: 512B - Virtual size: 4KB

.edata
Size: 80KB - Virtual size: 84KB

.rsrc
Size: 458KB - Virtual size: 2.3MB

.reloc
Size: - Virtual size: 416KB

.aspack
Size: 22KB - Virtual size: 24KB

.adata
Size: - Virtual size: 4KB

.text
Size: 375KB - Virtual size: 376KB

.data
Size: 52KB - Virtual size: 56KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 5KB - Virtual size: 8KB

.reloc
Size: 11KB - Virtual size: 12KB