8eab116f7922f12be347469b5689984f7c63546c7a9cff8a070490884b5209fb

Sharing

Copy URL

Twitter E-mail

General

Target

8eab116f7922f12be347469b5689984f7c63546c7a9cff8a070490884b5209fb
Size

88KB
MD5

20cfdac609033ee49fdf70a6b99e8330
SHA1

d6e42cbe1d2971ae3bd2967af3aa3008ca07c0f0
SHA256

8eab116f7922f12be347469b5689984f7c63546c7a9cff8a070490884b5209fb
SHA512

7024fd1ad7e8d87124f14bc21ef54efdc885f8fb229a076c4712227f7cf0c23f88e7ce300705e5e43cfe177a803542f5fa56d151f3e7ad6063b967b1c8a6cdbc
SSDEEP

1536:LCoDIcneCJVXOXpN9hbo3t26xRd4jQLvpD4dyRj0v:LCt0JVwpNo926xRSjQF4dyRj0v

Score

N/A

Malware Config

Signatures

Files

8eab116f7922f12be347469b5689984f7c63546c7a9cff8a070490884b5209fb
.dll windows x86

18438b94f59558df0ccc5c606c53510d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rtl60.bpl

@System@initialization$qqrv
@System@Finalization$qqrv
@System@UnregisterModule$qqrp17System@TLibModule
@System@RegisterModule$qqrp17System@TLibModule
@System@FindHInstance$qqrpv
@System@@VarClear$qqrr14System@Variant
@System@@WStrFromPWChar$qqrr17System@WideStringpb
@System@@WStrClr$qqrpv
@System@@LStrCmp$qqrv
@System@@LStrFromPChar$qqrr17System@AnsiStringpc
@System@@LStrAsg$qqrpvpxv
@System@@LStrClr$qqrpv
@System@@HandleFinally$qqrv
@System@TObject@Dispatch$qqrpv
@System@TObject@BeforeDestruction$qqrv
@System@TObject@AfterConstruction$qqrv
@System@TObject@DefaultHandler$qqrpv
@System@TObject@SafeCallException$qqrp14System@TObjectpv
@System@TObject@$bdtr$qqrv
@System@TObject@FreeInstance$qqrv
@System@TObject@NewInstance$qqrp17System@TMetaClass
@System@IsMemoryManagerSet$qqrv
@System@SetMemoryManager$qqrrx21System@TMemoryManager
@System@IsMultiThread
@System@IsConsole
@System@ExitProc
@System@CmdLine
@System@IsLibrary
@System@MainInstance
@$xp$17System@IInvokable
@Types@initialization$qqrv
@Types@Finalization$qqrv
@Sysconst@initialization$qqrv
@Sysconst@Finalization$qqrv
@Sysutils@initialization$qqrv
@Sysutils@Finalization$qqrv
@Sysutils@AnsiUpperCase$qqrx17System@AnsiString
@Varutils@initialization$qqrv
@Varutils@Finalization$qqrv
@Variants@initialization$qqrv
@Variants@Finalization$qqrv
@Rtlconsts@initialization$qqrv
@Rtlconsts@Finalization$qqrv
@Typinfo@initialization$qqrv
@Typinfo@Finalization$qqrv
@Typinfo@DotSep
@Typinfo@BooleanIdents
@Activex@initialization$qqrv
@Activex@Finalization$qqrv
@Classes@initialization$qqrv
@Classes@Finalization$qqrv
@Classes@TComponent@$bdtr$qqrv
@Classes@TPersistent@$bdtr$qqrv
@Comconst@initialization$qqrv
@Comconst@Finalization$qqrv
@Comobj@initialization$qqrv
@Comobj@Finalization$qqrv
@Math@initialization$qqrv
@Math@Finalization$qqrv
@Dateutils@initialization$qqrv
@Dateutils@Finalization$qqrv
@Msxml@initialization$qqrv
@Msxml@Finalization$qqrv

dbrtl60.bpl

@Dbconsts@initialization$qqrv
@Dbconsts@Finalization$qqrv
@Fmtbcd@initialization$qqrv
@Fmtbcd@Finalization$qqrv

xmlrtl60.bpl

@Msxmldom@initialization$qqrv
@Msxmldom@Finalization$qqrv
@Xmldom@initialization$qqrv
@Xmldom@Finalization$qqrv
@Xmlintf@initialization$qqrv
@Xmlintf@Finalization$qqrv
@Xmlschematags@initialization$qqrv
@Xmlschematags@Finalization$qqrv
@Xmlschema@initialization$qqrv
@Xmlschema@Finalization$qqrv
@Xmldoc@initialization$qqrv
@Xmldoc@Finalization$qqrv

soaprtl60.bpl

@Soapconst@initialization$qqrv
@Soapconst@Finalization$qqrv
@Intfinfo@initialization$qqrv
@Intfinfo@Finalization$qqrv
@Webnode@initialization$qqrv
@Webnode@Finalization$qqrv
@Invrules@initialization$qqrv
@Invrules@Finalization$qqrv
@Invokeregistry@initialization$qqrv
@Invokeregistry@Finalization$qqrv
@Invokeregistry@TRemotableTypeRegistry@RegisterXSClass$qqrp17System@TMetaClass17System@WideStringt2
@Invokeregistry@TRemotable@$bdtr$qqrv
@Invokeregistry@TRemotable@$bctr$qqrv
@Invokeregistry@TInvokableClassRegistry@RegisterInvokeOptions$qqrp17Typinfo@TTypeInfox32Invokeregistry@TIntfInvokeOption
@Invokeregistry@TInvokableClassRegistry@RegisterDefaultSOAPAction$qqrp17Typinfo@TTypeInfox17System@WideString
@Invokeregistry@TInvokableClassRegistry@RegisterInterface$qqrp17Typinfo@TTypeInfox17System@WideStringt2
@Invokeregistry@RemClassRegistry$qqrv
@Invokeregistry@InvRegistry$qqrv
@$xp$25Invokeregistry@TRemotable
@Invokeregistry@TRemotable@
@Opconvert@initialization$qqrv
@Opconvert@Finalization$qqrv
@Wsdlintf@initialization$qqrv
@Wsdlintf@Finalization$qqrv
@Wsdlbind@initialization$qqrv
@Wsdlbind@Finalization$qqrv
@Wsdlitems@initialization$qqrv
@Wsdlitems@Finalization$qqrv
@Wsdlnode@initialization$qqrv
@Wsdlnode@Finalization$qqrv
@Soaphttptrans@initialization$qqrv
@Soaphttptrans@Finalization$qqrv
@Httputil@initialization$qqrv
@Httputil@Finalization$qqrv
@Soapenv@initialization$qqrv
@Soapenv@Finalization$qqrv
@Soapdomconv@initialization$qqrv
@Soapdomconv@Finalization$qqrv
@Encddecd@initialization$qqrv
@Encddecd@Finalization$qqrv
@Typetrans@initialization$qqrv
@Typetrans@Finalization$qqrv
@Optosoapdomcustom@initialization$qqrv
@Optosoapdomcustom@Finalization$qqrv
@Xsbuiltins@initialization$qqrv
@Xsbuiltins@Finalization$qqrv
@Optosoapdomconv@initialization$qqrv
@Optosoapdomconv@Finalization$qqrv
@Rio@initialization$qqrv
@Rio@Finalization$qqrv
@Rio@TRIO@$bdtr$qqrv
@Soaphttpclient@initialization$qqrv
@Soaphttpclient@Finalization$qqrv
@Soaphttpclient@THTTPRIO@SetWSDLLocation$qqr17System@AnsiString
@Soaphttpclient@THTTPRIO@SetURL$qqr17System@AnsiString
@Soaphttpclient@THTTPRIO@SetService$qqr17System@AnsiString
@Soaphttpclient@THTTPRIO@SetPortValue$qqr17System@AnsiString
@Soaphttpclient@THTTPRIO@$bdtr$qqrv
@Soaphttpclient@THTTPRIO@$bctr$qqrp18Classes@TComponent
@Soaphttpclient@THTTPRIO@

borlndmm

ord2

kernel32

FreeLibrary
GetCommandLineA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetVersion
HeapAlloc
HeapFree
LoadLibraryA

cc3260mt

@$bdele$qpv
@_CatchCleanup$qv
@_InitTermAndUnexPtrs$qv
@_ThrowExceptionLDTC$qpvt1t1t1uiuiuipuct1
__ErrorExit
__ErrorMessage
__Return_unwind
___CRTL_MEM_GetBorMemPtrs
___CRTL_MEM_UseBorMM
___CRTL_TLS_Alloc
___CRTL_TLS_ExitThread
___CRTL_TLS_Free
___CRTL_TLS_GetValue
___CRTL_TLS_InitThread
___CRTL_TLS_SetValue
____ExceptionHandler
__argv_default_expand
__free_heaps
__handle_exitargv
__handle_setargv
__handle_wexitargv
__handle_wsetargv
__startupd
__wargv_default_expand
_free
_malloc
_memcpy

Exports

Exports

___CPPdebugHook
getRegFileOnline
sendFileToWebserviceByDll

Sections

.text
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

18438b94f59558df0ccc5c606c53510d

Headers

File Characteristics

Imports

rtl60.bpl

dbrtl60.bpl

xmlrtl60.bpl

soaprtl60.bpl

borlndmm

kernel32

cc3260mt

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 8KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 9KB - Virtual size: 12KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 4KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 13KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 8KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 9KB - Virtual size: 12KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 4KB

.rmnet
Size: 56KB - Virtual size: 60KB