jd138.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 37/68 Related 2708
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 298.50 KB (305664 bytes)
Compile time: 2018-03-06 11:09:59
MD5: 5ea928760bcbdc138627d94b58e029de
SHA1: d7c5ec340d4f199e0188622a8b51e57e69755cdd
SHA256: 4511cc4e3c6fb5318f314cf0fc8787e1eca7697a8607b89c95a6513ff968578e
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2019-01-22 08:57:06
Last submission: 2019-01-22 08:57:06
Filename detected: - jd138.exe (1)
URL file hosting
hXXp://cdn-10049480.file.myqcloud.com/jd/jd138.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2019-01-21 07:55:34 [37/68] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x49ec5 303104 6c2724ef726c8e6ca3a8343743bf76ee 7a38b2b6685bf18b52438605e1463e84194361eb
.rsrc 0x4c000 0x58e 1536 34d02f10ea3229257d3727a69de6a317 128b877a210554d61e084a3ffb0ebba088d3f148
.reloc 0x4e000 0xc 512 66e11154e1c92b15e2a34e416f2a3dec 0e5ea16d1836c64872e55246ed49ace2e1210f12
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Temporary
update.exe.tmp
FIle type: XML
System.Xml
FIle type: Text
{0}{1:yyyy_MM_dd}.txt
user.txt
FIle type: Library
WININET.dll
mscoree.dll
IP Found
6.10.0.218
2.4.0.3
192.168.0.100
URL(s)
https://chongzhi.jd.com/iframe_fast.action
https://pcashier.jd.com/async/queryOrderState?&paySign=
https://newcz.m.jd.com/newcz/detail.action?orderId=
https://passport.jd.com/uc/qrCodeTicketValidation?t=
https://passport.jd.com/uc/showAuthCode?r=0.365890534049248&version=2015
http://mf.91yunma.cn/api/jd/index
https://jiayouka.jd.com/card/skuinfolist
https://passport.jd.com/new/login.aspx
https://jiayouka.jd.com/order/createOrderSingleProduct
https://authcode.jd.com/verify/image?a=1&acid=
http://newcz.m.jd.com/newcz/list.action
http://wpa.b.qq.com/cgi/wpa.php?ln=1&key=XzgwMDE4NTU5Nl80ODA0NjhfODAwMTg1NTk2XzJf
https://chongzhi.jd.com/order/order_autoDetail.action?orderId=
https://plogin.m.jd.com/cgi-bin/m/authcode?mod=login&v=0.20053524600930372
https://jiayouka.jd.com/order/createOrderSinopec
https://passport.jd.com/uc/loginService?uuid=
https://gia.jd.com/y.html?v=0.8555373791015113&o=
https://jiayouka.jd.com/card/singleCardInfo
http://huafei.91yunma.cn/home/register
https://jiayouka.jd.com/order?t=2
https://jiayouka.jd.com/order/confirm?sku=
https://www.jd.com/
http://rdm.91yunma.cn/api/upgrade/jd
https://pcashier.jd.com/weixin/getWeixinImageURL?orderId=
https://pcashier.jd.com/weixin/redirectWeixin
https://pay-pal.jd.com/api/pay/pc/v1/coupon?callback=jQuery947144152&appCode=
https://passport.jd.com/uc/login
https://qr.m.jd.com/check?callback=jQuery947144152&appid=133&token=
https://payrisk.jd.com/m.html
https://plogin.m.jd.com/cgi-bin/m/domlogin
http://jiayouka.jd.com/order/detail/
http://mf.91yunma.cn/login/sso?uid=
https://wlmonitor.m.jd.com/web_login_report?
https://chongzhi.jd.com/json/order/cancel_cancelOrder.action?orderId=
https://passport.jd.com/new/misc/js/login2016.js?v=201702221137
http://huafei.91yunma.cn/home/reset_pwd
https://gia.jd.com/fcf.html?
https://jiayouka.jd.com/card/sinopecCardInfo
https://jiayouka.jd.com/card/singleSkuInfoList
https://qr.m.jd.com/show?appid=133&size=147&t=
https://gia.jd.com/r.html?
https://pcashier.jd.com/pcashier/getCashierAgencyChannels
https://plogin.m.jd.com/user/login.action?appid=100
https://chongzhi.jd.com/json/order/search_searchSkuId.action?ISP=1&area=
https://order.jd.com/center/list.action
https://chongzhi.jd.com/order/order_createOrder.action
https://home.jd.com/
http://payrisk.jd.com/fcf.html?g=
https://chongzhi.jd.com/order/order_confirm.action?skuId=
https://chongzhi.jd.com/json/order/search_searchPhone.action?mobile=
https://mapi.m.jd.com/config/display.action?_format_=json&domain=https%3A%2F%2Fplogin.m.jd.com%2Fuser%2Flogin.action%3Fappid%3D100

#infosec #automation

TheSystem Itself @ 2019-01-22 08:57:08