jd145.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 39/72 Related 2368
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 315.50 KB (323072 bytes)
Compile time: 2018-03-21 12:06:59
MD5: 2d8b481844219e8195b119c69fe6de8c
SHA1: 69190aa4d5b7f96029837213fef0b7c9fe963cdd
SHA256: 616e5e0196d3e92240d87f73f315e4f273ccc968bc01954956593a99a7ded377
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2019-01-22 08:42:08
Last submission: 2019-01-22 08:42:08
Filename detected: - jd145.exe (1)
URL file hosting
hXXp://cdn-10049480.file.myqcloud.com/jd/jd145.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2019-01-20 10:05:04 [39/72] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x4e235 320512 cd1eb23deea3d97b1f58899da9527fd0 626f1b794d9f412b64c5ea75bab2155242e413b2
.rsrc 0x52000 0x58e 1536 42a86f3233f9bdef6183d9d59c041c8e b680f549df43ea97a58b63eaa593998904446053
.reloc 0x54000 0xc 512 ab5bb31af8ce3d84329f0443fcfbaf97 1b9c37734f0ffee2a66dca69b1c0f699f9e8b127
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Temporary
update.exe.tmp
FIle type: XML
System.Xml
FIle type: Text
{0}{1:yyyy_MM_dd}.txt
user.txt
FIle type: Library
WININET.dll
mscoree.dll
IP Found
6.10.0.218
2.4.0.3
192.168.0.100
URL(s)
https://chongzhi.jd.com/iframe_fast.action
http://mf.91yunma.cn/business/jd_oil
https://gia.jd.com/y.html?v=0.8555373791015113&o=
https://pcashier.jd.com/async/queryOrderState?&paySign=
https://newcz.m.jd.com/newcz/detail.action?orderId=
https://passport.jd.com/uc/qrCodeTicketValidation?t=
https://passport.jd.com/uc/showAuthCode?r=0.365890534049248&version=2015
http://mf.91yunma.cn/api/jd/index
https://jiayouka.jd.com/card/skuinfolist
https://passport.jd.com/new/login.aspx
https://jiayouka.jd.com/order/createOrderSingleProduct
https://authcode.jd.com/verify/image?a=1&acid=
http://newcz.m.jd.com/newcz/list.action
http://wpa.b.qq.com/cgi/wpa.php?ln=1&key=XzgwMDE4NTU5Nl80ODA0NjhfODAwMTg1NTk2XzJf
https://chongzhi.jd.com/order/order_autoDetail.action?orderId=
https://plogin.m.jd.com/cgi-bin/m/authcode?mod=login&v=0.20053524600930372
https://jiayouka.jd.com/order/createOrderSinopec
https://passport.jd.com/uc/loginService?uuid=
https://chongzhi.jd.com/order/order_confirm.action?skuId=
https://jiayouka.jd.com/card/singleCardInfo
http://huafei.91yunma.cn/home/register
https://jiayouka.jd.com/order?t=2
https://jiayouka.jd.com/order/confirm?sku=
https://www.jd.com/
http://rdm.91yunma.cn/api/upgrade/jd
https://pcashier.jd.com/weixin/getWeixinImageURL?orderId=
https://pcashier.jd.com/weixin/redirectWeixin
https://pay-pal.jd.com/api/pay/pc/v1/coupon?callback=jQuery947144152&appCode=
https://passport.jd.com/uc/login
https://qr.m.jd.com/check?callback=jQuery947144152&appid=133&token=
https://payrisk.jd.com/m.html
https://plogin.m.jd.com/cgi-bin/m/domlogin
http://jiayouka.jd.com/order/detail/
http://mf.91yunma.cn/login/sso?uid=
https://wlmonitor.m.jd.com/web_login_report?
https://chongzhi.jd.com/json/order/cancel_cancelOrder.action?orderId=
https://passport.jd.com/new/misc/js/login2016.js?v=201702221137
http://huafei.91yunma.cn/home/reset_pwd
https://gia.jd.com/fcf.html?
https://jiayouka.jd.com/card/sinopecCardInfo
https://jiayouka.jd.com/card/singleSkuInfoList
https://chongzhi.jd.com/json/order/search_searchPhone.action?mobile=
https://gia.jd.com/r.html?
https://pcashier.jd.com/pcashier/getCashierAgencyChannels
https://plogin.m.jd.com/user/login.action?appid=100
https://chongzhi.jd.com/json/order/search_searchSkuId.action?ISP=1&area=
https://order.jd.com/center/list.action
https://chongzhi.jd.com/order/order_createOrder.action
https://home.jd.com/
http://payrisk.jd.com/fcf.html?g=
https://qr.m.jd.com/show?appid=133&size=147&t=
https://mapi.m.jd.com/config/display.action?_format_=json&domain=https%3A%2F%2Fplogin.m.jd.com%2Fuser%2Flogin.action%3Fappid%3D100

#infosec #automation

TheSystem Itself @ 2019-01-22 08:42:10