f2a9698abee88e2bb72376e9d98f4293b817f1ec0cb8a3343b491fe3313dcb04

Sharing

Copy URL

Twitter E-mail

General

Target

f2a9698abee88e2bb72376e9d98f4293b817f1ec0cb8a3343b491fe3313dcb04
Size

44KB
MD5

a24fa36658238151dfeaf1538a151b4a
SHA1

f82d3e4e2fe364f294da6b06de839e8d5cc28f24
SHA256

f2a9698abee88e2bb72376e9d98f4293b817f1ec0cb8a3343b491fe3313dcb04
SHA512

f623278540753c28698c0710be3fc9f2ebdc112b292aa42ee1cdc852d73004c8050df19b6b1b0971571e3067e0abf769e98d4310ff59d69f4f084359e3e1a80a
SSDEEP

768:I2nPAZhOhvjuMDmpMwxJYJsBIBCE1eyWc:ZPAZhOEMDrJ8YX1e8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f2a9698abee88e2bb72376e9d98f4293b817f1ec0cb8a3343b491fe3313dcb04

Files

f2a9698abee88e2bb72376e9d98f4293b817f1ec0cb8a3343b491fe3313dcb04
.dll windows x86

d7648a42bd69281408ea222cb11a77c0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

vcl120.bpl

@Consts@initialization$qqrv
@Consts@Finalization$qqrv
@Graphics@initialization$qqrv
@Graphics@Finalization$qqrv
@Graphutil@initialization$qqrv
@Graphutil@Finalization$qqrv
@Stdctrls@initialization$qqrv
@Stdctrls@Finalization$qqrv
@Toolwin@initialization$qqrv
@Toolwin@Finalization$qqrv
@Printers@initialization$qqrv
@Printers@Finalization$qqrv
@Comstrs@initialization$qqrv
@Comstrs@Finalization$qqrv
@Extctrls@initialization$qqrv
@Extctrls@Finalization$qqrv
@Listactns@initialization$qqrv
@Listactns@Finalization$qqrv
@Comctrls@initialization$qqrv
@Comctrls@Finalization$qqrv
@Dialogs@initialization$qqrv
@Dialogs@Finalization$qqrv
@Stdactns@initialization$qqrv
@Stdactns@Finalization$qqrv
@Menus@initialization$qqrv
@Menus@Finalization$qqrv
@Controls@initialization$qqrv
@Controls@Finalization$qqrv
@Themes@initialization$qqrv
@Themes@Finalization$qqrv
@Imglist@initialization$qqrv
@Imglist@Finalization$qqrv
@Actnlist@initialization$qqrv
@Actnlist@Finalization$qqrv
@Forms@initialization$qqrv
@Forms@Finalization$qqrv
@Clipbrd@initialization$qqrv
@Clipbrd@Finalization$qqrv
@Mask@initialization$qqrv
@Mask@Finalization$qqrv
@Buttons@initialization$qqrv
@Buttons@Finalization$qqrv

rtl120.bpl

@System@initialization$qqrv
@System@Finalization$qqrv
@System@UnregisterModule$qqrp17System@TLibModule
@System@RegisterModule$qqrp17System@TLibModule
@System@FindHInstance$qqrpv
@System@@PackageUnload$qqrpx23System@PackageInfoTablep17System@TLibModule
@System@@PackageLoad$qqrpx23System@PackageInfoTablep17System@TLibModule
@System@@HandleFinally$qqrv
@System@SetRaiseList$qqrpv
@System@RaiseList$qqrv
@System@IsMemoryManagerSet$qqrv
@System@SetMemoryManager$qqrrx23System@TMemoryManagerEx
@System@IsMultiThread
@System@IsConsole
@System@ExitProc
@System@CmdLine
@System@IsLibrary
@System@MainInstance
@System@ExceptionAcquired
@System@RaiseExceptObjProc
@System@ExceptObjProc
@Sysconst@initialization$qqrv
@Sysconst@Finalization$qqrv
@Types@initialization$qqrv
@Types@Finalization$qqrv
@Rtlconsts@initialization$qqrv
@Rtlconsts@Finalization$qqrv
@Character@initialization$qqrv
@Character@Finalization$qqrv
@Math@initialization$qqrv
@Math@Finalization$qqrv
@Strutils@initialization$qqrv
@Strutils@Finalization$qqrv
@Imagehlp@initialization$qqrv
@Imagehlp@Finalization$qqrv
@Sysutils@initialization$qqrv
@Sysutils@Finalization$qqrv
@Varutils@initialization$qqrv
@Varutils@Finalization$qqrv
@Variants@initialization$qqrv
@Variants@Finalization$qqrv
@Activex@initialization$qqrv
@Activex@Finalization$qqrv
@Typinfo@initialization$qqrv
@Typinfo@Finalization$qqrv
@Typinfo@DotSep
@Typinfo@BooleanIdents
@Classes@initialization$qqrv
@Classes@Finalization$qqrv
@Classes@RegisterComponents$qqrx20System@UnicodeStringpp17System@TMetaClassxi
@Syncobjs@initialization$qqrv
@Syncobjs@Finalization$qqrv
@Comconst@initialization$qqrv
@Comconst@Finalization$qqrv
@Comobj@initialization$qqrv
@Comobj@Finalization$qqrv
@Contnrs@initialization$qqrv
@Contnrs@Finalization$qqrv
@Dateutils@initialization$qqrv
@Dateutils@Finalization$qqrv
@Inifiles@initialization$qqrv
@Inifiles@Finalization$qqrv
@Registry@initialization$qqrv
@Registry@Finalization$qqrv
@Maskutils@initialization$qqrv
@Maskutils@Finalization$qqrv
@Helpintfs@initialization$qqrv
@Helpintfs@Finalization$qqrv
@Uxtheme@initialization$qqrv
@Uxtheme@Finalization$qqrv
@Dwmapi@initialization$qqrv
@Dwmapi@Finalization$qqrv
@Flatsb@initialization$qqrv
@Flatsb@Finalization$qqrv
@Multimon@initialization$qqrv
@Multimon@Finalization$qqrv
@Strhlpr@initialization$qqrv
@Strhlpr@Finalization$qqrv
@Strhlpr@UnicodeFree$qqrr20System@UnicodeString
@Strhlpr@UnicodeAssign$qqrr20System@UnicodeStringt1
@Strhlpr@UnicodeFromPChar$qqrr20System@UnicodeStringpc
@Varhlpr@initialization$qqrv
@Varhlpr@Finalization$qqrv
@Widestrutils@initialization$qqrv
@Widestrutils@Finalization$qqrv
@Widestrings@initialization$qqrv
@Widestrings@Finalization$qqrv
@Zlib@initialization$qqrv
@Zlib@Finalization$qqrv
@Ansistrings@initialization$qqrv
@Ansistrings@Finalization$qqrv

vclimg120.bpl

@Pnglang@initialization$qqrv
@Pnglang@Finalization$qqrv
@Pngimage@initialization$qqrv
@Pngimage@Finalization$qqrv
@Jconsts@initialization$qqrv
@Jconsts@Finalization$qqrv
@Jpeg@initialization$qqrv
@Jpeg@Finalization$qqrv

vcldb120.bpl

@Vdbconsts@initialization$qqrv
@Vdbconsts@Finalization$qqrv
@Dbpwdlg@initialization$qqrv
@Dbpwdlg@Finalization$qqrv
@Dblogdlg@initialization$qqrv
@Dblogdlg@Finalization$qqrv
@Dbctrls@initialization$qqrv
@Dbctrls@Finalization$qqrv

dbrtl120.bpl

@Dbconsts@initialization$qqrv
@Dbconsts@Finalization$qqrv
@Sqltimst@initialization$qqrv
@Sqltimst@Finalization$qqrv
@Dbcommontypes@initialization$qqrv
@Dbcommontypes@Finalization$qqrv
@Fmtbcd@initialization$qqrv
@Fmtbcd@Finalization$qqrv
@Db@initialization$qqrv
@Db@Finalization$qqrv

rvpkgcb2009.bpl

@Rvstyle@Finalization$qqrv
@Rvstyle@initialization$qqrv
@Dlines@Finalization$qqrv
@Dlines@initialization$qqrv
@Rvscroll@Finalization$qqrv
@Rvscroll@initialization$qqrv
@Rvitem@Finalization$qqrv
@Rvitem@initialization$qqrv
@Rvfuncs@Finalization$qqrv
@Rvfuncs@initialization$qqrv
@Rvfmisc@Finalization$qqrv
@Rvfmisc@initialization$qqrv
@Crvdata@Finalization$qqrv
@Crvdata@initialization$qqrv
@Rvrvdata@Finalization$qqrv
@Rvrvdata@initialization$qqrv
@Crvfdata@Finalization$qqrv
@Crvfdata@initialization$qqrv
@Rvback@Finalization$qqrv
@Rvback@initialization$qqrv
@Ptrvdata@Finalization$qqrv
@Ptrvdata@initialization$qqrv
@Ptblrv@Finalization$qqrv
@Ptblrv@initialization$qqrv
@Crvpp@Finalization$qqrv
@Crvpp@initialization$qqrv
@Rvervdata@Finalization$qqrv
@Rvervdata@initialization$qqrv
@Rvedit@Finalization$qqrv
@Rvedit@initialization$qqrv
@Rvundo@Finalization$qqrv
@Rvundo@initialization$qqrv
@Rvuni@Finalization$qqrv
@Rvuni@initialization$qqrv
@Richview@Finalization$qqrv
@Richview@initialization$qqrv
@Rvclasses@Finalization$qqrv
@Rvclasses@initialization$qqrv
@Rvdatalist@Finalization$qqrv
@Rvdatalist@initialization$qqrv
@Rvtable@Finalization$qqrv
@Rvtable@initialization$qqrv
@Rvtinplace@Finalization$qqrv
@Rvtinplace@initialization$qqrv
@Rvctrldata@Finalization$qqrv
@Rvctrldata@initialization$qqrv
@Rvrtf@Finalization$qqrv
@Rvrtf@initialization$qqrv
@Rvrtfprops@Finalization$qqrv
@Rvrtfprops@initialization$qqrv
@Rvstr@Finalization$qqrv
@Rvstr@initialization$qqrv
@Rvrtferr@Finalization$qqrv
@Rvrtferr@initialization$qqrv
@Rvmapwht@Finalization$qqrv
@Rvmapwht@initialization$qqrv
@Ctrlimg@Finalization$qqrv
@Ctrlimg@initialization$qqrv
@Rvmarker@Finalization$qqrv
@Rvmarker@initialization$qqrv
@Rvxptheme@Finalization$qqrv
@Rvxptheme@initialization$qqrv
@Rvresize@Finalization$qqrv
@Rvresize@initialization$qqrv
@Rvdragdrop@Finalization$qqrv
@Rvdragdrop@initialization$qqrv
@Rvthread@Finalization$qqrv
@Rvthread@initialization$qqrv
@Rvwordpaint@Finalization$qqrv
@Rvwordpaint@initialization$qqrv
@Rvlinear@Finalization$qqrv
@Rvlinear@initialization$qqrv
@Rvanimate@Finalization$qqrv
@Rvanimate@initialization$qqrv
@Rvpopup@Finalization$qqrv
@Rvpopup@initialization$qqrv
@Rvseqitem@Finalization$qqrv
@Rvseqitem@initialization$qqrv
@Rvlabelitem@Finalization$qqrv
@Rvlabelitem@initialization$qqrv
@Rvnote@Finalization$qqrv
@Rvnote@initialization$qqrv
@Rvsubdata@Finalization$qqrv
@Rvsubdata@initialization$qqrv
@Rvdocparams@Finalization$qqrv
@Rvdocparams@initialization$qqrv
@Rvtypes@Finalization$qqrv
@Rvtypes@initialization$qqrv
@Rvwingrin@Finalization$qqrv
@Rvwingrin@initialization$qqrv
@Rvgrin@Finalization$qqrv
@Rvgrin@initialization$qqrv
@Rvzip@Finalization$qqrv
@Rvzip@initialization$qqrv
@Rvfloatingbox@Finalization$qqrv
@Rvfloatingbox@initialization$qqrv
@Rvfloatingpos@Finalization$qqrv
@Rvfloatingpos@initialization$qqrv
@Rvfontcache@Finalization$qqrv
@Rvfontcache@initialization$qqrv
@Rvselectionhandles@initialization$qqrv
@Rvselectionhandles@Finalization$qqrv
@Rvsidenote@Finalization$qqrv
@Rvsidenote@initialization$qqrv
@Rvthumbmaker@Finalization$qqrv
@Rvthumbmaker@initialization$qqrv
@Rvdocx@Finalization$qqrv
@Rvdocx@initialization$qqrv
@Rvgrhandler@Finalization$qqrv
@Rvgrhandler@initialization$qqrv
@Rvfielditems@Finalization$qqrv
@Rvfielditems@initialization$qqrv
@Rvuniscribe@Finalization$qqrv
@Rvuniscribe@initialization$qqrv
@Rvuniscribegrin@Finalization$qqrv
@Rvuniscribegrin@initialization$qqrv
@Rvgdiplusgrin@initialization$qqrv
@Rvgdiplusgrin@Finalization$qqrv
@Rvgrcache@Finalization$qqrv
@Rvgrcache@initialization$qqrv
@Rvdatarootprops@Finalization$qqrv
@Rvdatarootprops@initialization$qqrv
@Rvdatarootpropsex@Finalization$qqrv
@Rvdatarootpropsex@initialization$qqrv
@Rveditrootprops@Finalization$qqrv
@Rveditrootprops@initialization$qqrv
@Rvthumbcache@Finalization$qqrv
@Rvthumbcache@initialization$qqrv
@Rveventhandlers@Finalization$qqrv
@Rveventhandlers@initialization$qqrv
@Rvlinebreak@Finalization$qqrv
@Rvlinebreak@initialization$qqrv
@Rvhtmlsave@Finalization$qqrv
@Rvhtmlsave@initialization$qqrv
@Rvstrfuncs@Finalization$qqrv
@Rvstrfuncs@initialization$qqrv
@Rvsymbolstrfuncs@Finalization$qqrv
@Rvsymbolstrfuncs@initialization$qqrv
@Rvdocxsavefuncs@Finalization$qqrv
@Rvdocxsavefuncs@initialization$qqrv
@Rvrtfsave@Finalization$qqrv
@Rvrtfsave@initialization$qqrv
@Rvfilefuncs@Finalization$qqrv
@Rvfilefuncs@initialization$qqrv
@Rvtextsave@Finalization$qqrv
@Rvtextsave@initialization$qqrv
@Rvclipboard@Finalization$qqrv
@Rvclipboard@initialization$qqrv
@Rvkeyboardfuncs@Finalization$qqrv
@Rvkeyboardfuncs@initialization$qqrv
@Rvcontrols@Finalization$qqrv
@Rvcontrols@initialization$qqrv
@Rvctextfuncs@Finalization$qqrv
@Rvctextfuncs@initialization$qqrv
@Rvmarkdown@Finalization$qqrv
@Rvmarkdown@initialization$qqrv
@Rvmarkdownsave@Finalization$qqrv
@Rvmarkdownsave@initialization$qqrv
@Rvmarkdownparser@Finalization$qqrv
@Rvmarkdownparser@initialization$qqrv
@Rvmarkdowndocument@Finalization$qqrv
@Rvmarkdowndocument@initialization$qqrv
@Rvmarkdowninlineparser@Finalization$qqrv
@Rvmarkdowninlineparser@initialization$qqrv
@Rvmarkdowninlinestruct@Finalization$qqrv
@Rvmarkdowninlinestruct@initialization$qqrv
@Rvmarkdownload@Finalization$qqrv
@Rvmarkdownload@initialization$qqrv
@Rvmarkdownfuncs@Finalization$qqrv
@Rvmarkdownfuncs@initialization$qqrv
@Rvsavesharedimages@Finalization$qqrv
@Rvsavesharedimages@initialization$qqrv
@Rvdocxsave@Finalization$qqrv
@Rvdocxsave@initialization$qqrv
@Rvxmldoc@Finalization$qqrv
@Rvxmldoc@initialization$qqrv
@Rvhtmlloadfuncs@Finalization$qqrv
@Rvhtmlloadfuncs@initialization$qqrv
@Rvzlib@Finalization$qqrv
@Rvzlib@initialization$qqrv
@Rvhfsavingdata@Finalization$qqrv
@Rvhfsavingdata@initialization$qqrv
@Rvdocxreader@Finalization$qqrv
@Rvdocxreader@initialization$qqrv
@Rvdocxreadfuncs@Finalization$qqrv
@Rvdocxreadfuncs@initialization$qqrv
@Rvdefreadprops@Finalization$qqrv
@Rvdefreadprops@initialization$qqrv
@Rvmessages@Finalization$qqrv
@Rvmessages@initialization$qqrv
@Rvcolorfuncs@Finalization$qqrv
@Rvcolorfuncs@initialization$qqrv
@Rvcoordfuncs@Finalization$qqrv
@Rvcoordfuncs@initialization$qqrv
@Rvgrinvcl@Finalization$qqrv
@Rvgrinvcl@initialization$qqrv
@Rvconsts@initialization$qqrv
@Rvconsts@Finalization$qqrv
@Rvhtmlreadprops@Finalization$qqrv
@Rvhtmlreadprops@initialization$qqrv
@Rvhtmltypes@Finalization$qqrv
@Rvhtmltypes@initialization$qqrv
@Rvhtmlreader@Finalization$qqrv
@Rvhtmlreader@initialization$qqrv
@Rvhtmlreadtags@Finalization$qqrv
@Rvhtmlreadtags@initialization$qqrv
@Rvcssreader@Finalization$qqrv
@Rvcssreader@initialization$qqrv
@Rvhtmlload@Finalization$qqrv
@Rvhtmlload@initialization$qqrv
@Rvhtmlsaveprops@Finalization$qqrv
@Rvhtmlsaveprops@initialization$qqrv

rvdbpkgcb2009.bpl

@Dbrv@Finalization$qqrv
@Dbrv@initialization$qqrv

richviewactionscb2009.bpl

@Rvcolortransform@Finalization$qqrv
@Rvcolortransform@initialization$qqrv

srvpkgcb2009.bpl

@Sclrview@Finalization$qqrv
@Sclrview@initialization$qqrv
@Srvcontrol@Finalization$qqrv
@Srvcontrol@initialization$qqrv
@Srvctrl@Finalization$qqrv
@Srvctrl@initialization$qqrv
@Srvtoolbar@Finalization$qqrv
@Srvtoolbar@initialization$qqrv
@Srvtabset@Finalization$qqrv
@Srvtabset@initialization$qqrv
@Srvsbar@Finalization$qqrv
@Srvsbar@initialization$qqrv
@Srvskinmanager@Finalization$qqrv
@Srvskinmanager@initialization$qqrv
@Srvzoompanel@Finalization$qqrv
@Srvzoompanel@initialization$qqrv

dbsrvpkgcb2009.bpl

@Dbsrve@Finalization$qqrv
@Dbsrve@TDBSRichViewEdit@
@Dbsrve@initialization$qqrv

borlndmm

ord2

kernel32

FreeLibrary
GetCommandLineW
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetVersion
HeapAlloc
HeapFree
LoadLibraryA

cc3290mt

@$bdele$qpv
@_InitTermAndUnexPtrs$qv
@__GetTypeInfo$qpvt1t1
@__getExceptVarRec$qv
@setExceptionFuncAddr$qpqp17_EXCEPTION_RECORDpp4tpid$pvppqqrp17_EXCEPTION_RECORD$v
@setRaiseListFuncAddr$qpvt1
__ErrorExit
__ErrorMessage
___CRTL_MEM_GetBorMemPtrs
___CRTL_MEM_UseBorMM
___CRTL_TLS_Alloc
___CRTL_TLS_ExitThread
___CRTL_TLS_Free
___CRTL_TLS_GetValue
___CRTL_TLS_InitThread
___CRTL_TLS_SetValue
____ExceptionHandler
__argv_default_expand
__free_heaps
__handle_exitargv
__handle_setargv
__handle_wexitargv
__handle_wsetargv
__startupd
__wargv_default_expand
_free
_malloc
_memcpy

xmlrtl120.bpl

@Xmlintf@initialization$qqrv
@Xmlintf@Finalization$qqrv
@Xmldoc@initialization$qqrv
@Xmldoc@Finalization$qqrv

Exports

Exports

@@Dbsrvpkgcb2009_dsgn@Finalize
@@Dbsrvpkgcb2009_dsgn@Initialize
@Srvdbreg@Finalization$qqrv
@Srvdbreg@Register$qqrv
@Srvdbreg@initialization$qqrv
Finalize
Initialize
___CPPdebugHook

Sections

.text
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7648a42bd69281408ea222cb11a77c0

Headers

File Characteristics

Imports

vcl120.bpl

rtl120.bpl

vclimg120.bpl

vcldb120.bpl

dbrtl120.bpl

rvpkgcb2009.bpl

rvdbpkgcb2009.bpl

richviewactionscb2009.bpl

srvpkgcb2009.bpl

dbsrvpkgcb2009.bpl

borlndmm

kernel32

cc3290mt

xmlrtl120.bpl

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 12KB

.data Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 25KB - Virtual size: 28KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 4KB

.text
Size: 9KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 25KB - Virtual size: 28KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 4KB