[EP_X0FF]

MS sandbox description
http://www.microsoft.com/security/porta ... 9%09#tab=2

Written on Delphi, packed with PECompact + crypted.

It include small downloader Win32/Dimegup which contacts hxxp://networksecurityx.hopto.org (unavailable at the moment of post).
Main malware contains lots of encrypted strings, just dump it loaded to get them.

Sample courtesy of markusg.

https://www.virustotal.com/en/file/a704 ... /analysis/
https://www.virustotal.com/en/file/e33c ... /analysis/

[SomeUnusedName]

The sample you posted is known as URLZone and is banking malware.

[EP_X0FF]

Added to this list, thanks.

[Xylitol]

URLZone Zones in on Japan ~ https://www.fireeye.com/blog/threat-res ... _inon.html

[tildedennis]

More: https://www.proofpoint.com/us/threat-in ... rget-Japan

Attached is the most recent (that I'm aware of) Urlzone INJECTFILE targeting these .jp banks. Sourced from https://www.virustotal.com/en/file/898d ... /analysis/