jd156.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 39/71 Related 2135
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 322.50 KB (330240 bytes)
Compile time: 2018-04-23 15:07:53
MD5: 852a30a2b95611a520cce3c6ff904ca3
SHA1: 24ddcc661fa45933a57645f3a4011991bb181878
SHA256: 4f5392011c892663b2e33352d9793aff749d3de3dba49df52b6979c65f5f3773
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2019-01-22 08:12:07
Last submission: 2019-01-22 08:12:07
Filename detected: - jd156.exe (1)
URL file hosting
hXXp://cdn-10049480.file.myqcloud.com/jd/jd156.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2019-01-20 12:38:36 [39/71] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x4fe1b 327680 687a4e2e9ac5160e0dce580009c427e7 4e0d3b487f1d9b777020ba9f396cfdc04df6ea50
.rsrc 0x52000 0x58e 1536 15e6fd6db24be55236ba6ee6c1ede918 847b08a4f561d17b5853363934cbb8ce7ee42f56
.reloc 0x54000 0xc 512 af671597ef5b0f612152925d3b8249f2 8b01f4a16843d3239828ced99508d9d4bed8017a
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Temporary
update.exe.tmp
FIle type: XML
System.Xml
FIle type: Text
user.txt
{0}{1:yyyy_MM_dd}.txt
FIle type: Library
WININET.dll
mscoree.dll
IP Found
6.10.0.218
2.4.0.3
192.168.0.100
URL(s)
https://chongzhi.jd.com/iframe_fast.action
https://pcashier.jd.com/async/queryOrderState?&paySign=
https://newcz.m.jd.com/newcz/detail.action?orderId=
http://huafei.91yunma.cn/home/register
https://passport.jd.com/uc/showAuthCode?r=0.365890534049248&version=2015
http://mf.91yunma.cn/api/jd/index
https://jiayouka.jd.com/card/skuinfolist
https://passport.jd.com/new/login.aspx
https://jiayouka.jd.com/order/createOrderSingleProduct
https://authcode.jd.com/verify/image?a=1&acid=
http://newcz.m.jd.com/newcz/list.action
http://wpa.b.qq.com/cgi/wpa.php?ln=1&key=XzgwMDE4NTU5Nl80ODA0NjhfODAwMTg1NTk2XzJf
https://chongzhi.jd.com/order/order_autoDetail.action?orderId=
https://jiayouka.jd.com/order?t=2
https://jiayouka.jd.com/order/createOrderSinopec
https://passport.jd.com/uc/loginService?uuid=
https://gia.jd.com/y.html?v=0.8555373791015113&o=
https://jiayouka.jd.com/card/singleCardInfo
https://passport.jd.com/uc/qrCodeTicketValidation?t=
https://plogin.m.jd.com/cgi-bin/m/authcode?mod=login&v=0.20053524600930372
https://jiayouka.jd.com/order/confirm?sku=
https://www.jd.com/
http://rdm.91yunma.cn/api/upgrade/jd
https://pcashier.jd.com/weixin/getWeixinImageURL?orderId=
https://chongzhi.jd.com/json/order/search_searchSkuId.action?ISP=
https://pcashier.jd.com/weixin/redirectWeixin
https://pay-pal.jd.com/api/pay/pc/v1/coupon?callback=jQuery947144152&appCode=
https://passport.jd.com/uc/login
https://qr.m.jd.com/check?callback=jQuery947144152&appid=133&token=
https://payrisk.jd.com/m.html
https://qr.m.jd.com/show?appid=133&size=147&t=
http://jiayouka.jd.com/order/detail/
https://jiayouka.jd.com/card/sendVoiceCode
http://mf.91yunma.cn/login/sso?uid=
https://wlmonitor.m.jd.com/web_login_report?
https://chongzhi.jd.com/json/order/cancel_cancelOrder.action?orderId=
https://passport.jd.com/new/misc/js/login2016.js?v=201702221137
http://huafei.91yunma.cn/home/reset_pwd
https://gia.jd.com/fcf.html?
https://jiayouka.jd.com/card/sinopecCardInfo
https://jiayouka.jd.com/card/singleSkuInfoList
https://chongzhi.jd.com/json/order/search_searchPhone.action?mobile=
https://gia.jd.com/r.html?
https://pcashier.jd.com/pcashier/getCashierAgencyChannels
https://plogin.m.jd.com/user/login.action?appid=100
https://chongzhi.jd.com/order/order_confirm.action?skuId=
https://order.jd.com/center/list.action
https://chongzhi.jd.com/order/order_createOrder.action
https://home.jd.com/
http://payrisk.jd.com/fcf.html?g=
https://plogin.m.jd.com/cgi-bin/m/domlogin
https://mapi.m.jd.com/config/display.action?_format_=json&domain=https%3A%2F%2Fplogin.m.jd.com%2Fuser%2Flogin.action%3Fappid%3D100

#infosec #automation

TheSystem Itself @ 2019-01-22 08:12:09