ae52b9ff1a4792745638492e526143a302c1dd6c8a10794508314282a77d7f16[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ae52b9ff1a4792745638492e526143a302c1dd6c8a10794508314282a77d7f16.exe.zip
Size

922KB
MD5

56b29c5ae128184809119bc36513aade
SHA1

7acb7f024b7bf01fe0ee17d1efe6c936e4ace899
SHA256

cb2f0533469bc29815a3498067510ab2506c7204e08da6ad63148b1e2e6ed249
SHA512

0edaf3ccb26b35a49fb9ad849e41dd38446ac10a7a2422121cf4edd654e8e4d02cfee0978fe78315bee2208ddc5f92fba7716d633c0fb930022ea5f556bd40ae
SSDEEP

24576:TDvxTFswlwmHp3fmI9I/c+eju8/PkxMFFD0:TDpi4J3fmgAcRju8/sGFFg

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ae52b9ff1a4792745638492e526143a302c1dd6c8a10794508314282a77d7f16.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ae52b9ff1a4792745638492e526143a302c1dd6c8a10794508314282a77d7f16.exe
unpack002/out.upx

Files

ae52b9ff1a4792745638492e526143a302c1dd6c8a10794508314282a77d7f16.exe.zip
.zip

Password: infected
ae52b9ff1a4792745638492e526143a302c1dd6c8a10794508314282a77d7f16.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 918KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

@$xp$22Adomxmldom@Tox4DOMAttr
@$xp$22Adomxmldom@Tox4DOMNode
@$xp$22Adomxmldom@Tox4DOMText
@$xp$25Adomxmldom@Iox4DOMNodeRef
@$xp$25Adomxmldom@Tox4DOMComment
@$xp$25Adomxmldom@Tox4DOMElement
@$xp$26Adomxmldom@PParseErrorInfo
@$xp$26Adomxmldom@TParseErrorInfo
@$xp$26Adomxmldom@Tox4DOMDocument
@$xp$26Adomxmldom@Tox4DOMNodeList
@$xp$27Adomxmldom@Tox4DOMInterface
@$xp$27Adomxmldom@Tox4DOMNodeClass
@$xp$30Adomxmldom@Tox4DOMCDATASection
@$xp$30Adomxmldom@Tox4DOMDocumentType
@$xp$30Adomxmldom@Tox4DOMNamedNodeMap
@$xp$31Adomxmldom@Tox4DOMCharacterData
@$xp$32Adomxmldom@Tox4DOMImplementation
@$xp$32Adomxmldom@Tox4DOMXPathNamespace
@$xp$33Adomxmldom@Tox4DOMEntityReference
@$xp$34Adomxmldom@Tox4DOMDocumentFragment
@$xp$38Adomxmldom@Tox4DOMDocumentTypeChildren
@$xp$39Adomxmldom@Tox4DOMImplementationFactory
@$xp$39Adomxmldom@Tox4DOMProcessingInstruction
@$xp$40Adomxmldom@Tox4OnXPathLookupNamespaceURI
@@Array_source@Finalize
@@Array_source@Initialize
@@Basethread_source@Finalize
@@Basethread_source@Initialize
@@Datacache_source@Finalize
@@Datacache_source@Initialize
@@Drivenode_source@Finalize
@@Drivenode_source@Initialize
@@Drivetreemapnode_source@Finalize
@@Drivetreemapnode_source@Initialize
@@Filenode_source@Finalize
@@Filenode_source@Initialize
@@Filesystemnode_source@Finalize
@@Filesystemnode_source@Initialize
@@Filetreemapnode_source@Finalize
@@Filetreemapnode_source@Initialize
@@Filter_source@Finalize
@@Filter_source@Initialize
@@Filterthread_source@Finalize
@@Filterthread_source@Initialize
@@Foldernode_source@Finalize
@@Foldernode_source@Initialize
@@Foldertreemapnode_source@Finalize
@@Foldertreemapnode_source@Initialize
@@Freespacenode_source@Finalize
@@Freespacenode_source@Initialize
@@Freespacetreemapnode_source@Finalize
@@Freespacetreemapnode_source@Initialize
@@Frmabout_source@Finalize
@@Frmabout_source@Initialize
@@Frmconfig_source@Finalize
@@Frmconfig_source@Initialize
@@Frmconsole_source@Finalize
@@Frmconsole_source@Initialize
@@Frmexport_source@Finalize
@@Frmexport_source@Initialize
@@Frmhelp_source@Finalize
@@Frmhelp_source@Initialize
@@Frmmain_source@Finalize
@@Frmmain_source@Initialize
@@Frmstart_source@Finalize
@@Frmstart_source@Initialize
@@Frmview_source@Finalize
@@Frmview_source@Initialize
@@Ntfs_source@Finalize
@@Ntfs_source@Initialize
@@Shell_source@Finalize
@@Shell_source@Initialize
@@Snifthread_source@Finalize
@@Snifthread_source@Initialize
@@Tooltip_source@Finalize
@@Tooltip_source@Initialize
@@Treemapnode_source@Finalize
@@Treemapnode_source@Initialize
@@Unknownspacenode_source@Finalize
@@Unknownspacenode_source@Initialize
@@Unknownspacetreemapnode_source@Finalize
@@Unknownspacetreemapnode_source@Initialize
@@Utils_source@Finalize
@@Utils_source@Initialize
@@Watchthread_source@Finalize
@@Watchthread_source@Initialize
@Adomxmldom@Finalization$qqrv
@Adomxmldom@OnOx4XPathLookupNamespaceURI
@Adomxmldom@OpenXML4Factory
@Adomxmldom@Tox4DOMAttr@
@Adomxmldom@Tox4DOMAttr@GetNativeAttribute$qqrv
@Adomxmldom@Tox4DOMAttr@get_name$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMAttr@get_ownerElement$qqsr46System@%DelphiInterface$t18Xmldom@IDOMElement%
@Adomxmldom@Tox4DOMAttr@get_specified$qqsrus
@Adomxmldom@Tox4DOMAttr@get_value$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMAttr@set_value$qqsx20System@UnicodeString
@Adomxmldom@Tox4DOMCDATASection@
@Adomxmldom@Tox4DOMCharacterData@
@Adomxmldom@Tox4DOMCharacterData@GetNativeCharacterData$qqrv
@Adomxmldom@Tox4DOMCharacterData@appendData$qqsx20System@UnicodeString
@Adomxmldom@Tox4DOMCharacterData@deleteData$qqsii
@Adomxmldom@Tox4DOMCharacterData@get_data$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMCharacterData@get_length$qqsri
@Adomxmldom@Tox4DOMCharacterData@insertData$qqsix20System@UnicodeString
@Adomxmldom@Tox4DOMCharacterData@replaceData$qqsiix20System@UnicodeString
@Adomxmldom@Tox4DOMCharacterData@set_data$qqsx20System@UnicodeString
@Adomxmldom@Tox4DOMCharacterData@substringData$qqsiir20System@UnicodeString
@Adomxmldom@Tox4DOMComment@
@Adomxmldom@Tox4DOMDocument@
@Adomxmldom@Tox4DOMDocument@$bctr$qqrp32Adomxmldom@Tox4DOMImplementationp30Adomcore_4_3@TDomDocumentXPatho
@Adomxmldom@Tox4DOMDocument@$bdtr$qqrv
@Adomxmldom@Tox4DOMDocument@GetNativeDocument$qqrv
@Adomxmldom@Tox4DOMDocument@RemoveWhiteSpaceNodes$qqrv
@Adomxmldom@Tox4DOMDocument@asyncLoadState$qqsri
@Adomxmldom@Tox4DOMDocument@createAttribute$qqsx20System@UnicodeStringr43System@%DelphiInterface$t15Xmldom@IDOMAttr%
@Adomxmldom@Tox4DOMDocument@createAttributeNS$qqsx20System@UnicodeStringt1r43System@%DelphiInterface$t15Xmldom@IDOMAttr%
@Adomxmldom@Tox4DOMDocument@createCDATASection$qqsx20System@UnicodeStringr51System@%DelphiInterface$t23Xmldom@IDOMCDATASection%
@Adomxmldom@Tox4DOMDocument@createComment$qqsx20System@UnicodeStringr46System@%DelphiInterface$t18Xmldom@IDOMComment%
@Adomxmldom@Tox4DOMDocument@createDocumentFragment$qqsr55System@%DelphiInterface$t27Xmldom@IDOMDocumentFragment%
@Adomxmldom@Tox4DOMDocument@createElement$qqsx20System@UnicodeStringr46System@%DelphiInterface$t18Xmldom@IDOMElement%
@Adomxmldom@Tox4DOMDocument@createElementNS$qqsx20System@UnicodeStringt1r46System@%DelphiInterface$t18Xmldom@IDOMElement%
@Adomxmldom@Tox4DOMDocument@createEntityReference$qqsx20System@UnicodeStringr54System@%DelphiInterface$t26Xmldom@IDOMEntityReference%
@Adomxmldom@Tox4DOMDocument@createProcessingInstruction$qqsx20System@UnicodeStringt1r60System@%DelphiInterface$t32Xmldom@IDOMProcessingInstruction%
@Adomxmldom@Tox4DOMDocument@createTextNode$qqsx20System@UnicodeStringr43System@%DelphiInterface$t15Xmldom@IDOMText%
@Adomxmldom@Tox4DOMDocument@getElementById$qqsx20System@UnicodeStringr46System@%DelphiInterface$t18Xmldom@IDOMElement%
@Adomxmldom@Tox4DOMDocument@getElementsByTagName$qqsx20System@UnicodeStringr47System@%DelphiInterface$t19Xmldom@IDOMNodeList%
@Adomxmldom@Tox4DOMDocument@getElementsByTagNameNS$qqsx20System@UnicodeStringt1r47System@%DelphiInterface$t19Xmldom@IDOMNodeList%
@Adomxmldom@Tox4DOMDocument@get_Encoding$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMDocument@get_Standalone$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMDocument@get_Version$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMDocument@get_async$qqsro
@Adomxmldom@Tox4DOMDocument@get_doctype$qqsr51System@%DelphiInterface$t23Xmldom@IDOMDocumentType%
@Adomxmldom@Tox4DOMDocument@get_documentElement$qqsr46System@%DelphiInterface$t18Xmldom@IDOMElement%
@Adomxmldom@Tox4DOMDocument@get_domImplementation$qqsr53System@%DelphiInterface$t25Xmldom@IDOMImplementation%
@Adomxmldom@Tox4DOMDocument@get_errorCode$qqsri
@Adomxmldom@Tox4DOMDocument@get_filepos$qqsri
@Adomxmldom@Tox4DOMDocument@get_line$qqsri
@Adomxmldom@Tox4DOMDocument@get_linepos$qqsri
@Adomxmldom@Tox4DOMDocument@get_preserveWhiteSpace$qqsro
@Adomxmldom@Tox4DOMDocument@get_reason$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMDocument@get_resolveExternals$qqsro
@Adomxmldom@Tox4DOMDocument@get_srcText$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMDocument@get_url$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMDocument@get_validate$qqsro
@Adomxmldom@Tox4DOMDocument@get_xml$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMDocument@importNode$qqs43System@%DelphiInterface$t15Xmldom@IDOMNode%usr43System@%DelphiInterface$t15Xmldom@IDOMNode%
@Adomxmldom@Tox4DOMDocument@load$qqsx17System@OleVariantrus
@Adomxmldom@Tox4DOMDocument@loadFromStream$qqspx15Classes@TStreamrus
@Adomxmldom@Tox4DOMDocument@loadFromStream$qqsx34System@%DelphiInterface$t7IStream%rus
@Adomxmldom@Tox4DOMDocument@loadxml$qqsx17System@WideStringrus
@Adomxmldom@Tox4DOMDocument@save$qqsx17System@OleVariant
@Adomxmldom@Tox4DOMDocument@saveToStream$qqspx15Classes@TStream
@Adomxmldom@Tox4DOMDocument@saveToStream$qqsx34System@%DelphiInterface$t7IStream%
@Adomxmldom@Tox4DOMDocument@set_Encoding$qqsx20System@UnicodeString
@Adomxmldom@Tox4DOMDocument@set_OnAsyncLoad$qqspx14System@TObjectynpqqrp14System@TObjecti$v
@Adomxmldom@Tox4DOMDocument@set_Standalone$qqsx20System@UnicodeString
@Adomxmldom@Tox4DOMDocument@set_Version$qqsx20System@UnicodeString
@Adomxmldom@Tox4DOMDocument@set_async$qqso
@Adomxmldom@Tox4DOMDocument@set_documentElement$qqsx46System@%DelphiInterface$t18Xmldom@IDOMElement%
@Adomxmldom@Tox4DOMDocument@set_preserveWhiteSpace$qqso
@Adomxmldom@Tox4DOMDocument@set_resolveExternals$qqso
@Adomxmldom@Tox4DOMDocument@set_validate$qqso
@Adomxmldom@Tox4DOMDocumentFragment@
@Adomxmldom@Tox4DOMDocumentType@
@Adomxmldom@Tox4DOMDocumentType@$bctr$qqrp21Adomcore_4_3@TDomNodep26Adomxmldom@Tox4DOMDocument
@Adomxmldom@Tox4DOMDocumentType@$bdtr$qqrv
@Adomxmldom@Tox4DOMDocumentType@GetNativeDocumentType$qqrv
@Adomxmldom@Tox4DOMDocumentType@get_childNodes$qqsr47System@%DelphiInterface$t19Xmldom@IDOMNodeList%
@Adomxmldom@Tox4DOMDocumentType@get_entities$qqsr51System@%DelphiInterface$t23Xmldom@IDOMNamedNodeMap%
@Adomxmldom@Tox4DOMDocumentType@get_internalSubset$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMDocumentType@get_name$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMDocumentType@get_notations$qqsr51System@%DelphiInterface$t23Xmldom@IDOMNamedNodeMap%
@Adomxmldom@Tox4DOMDocumentType@get_publicId$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMDocumentType@get_systemId$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMDocumentType@hasChildNodes$qqsrus
@Adomxmldom@Tox4DOMDocumentTypeChildren@
@Adomxmldom@Tox4DOMDocumentTypeChildren@$bctr$qqrp30Adomxmldom@Tox4DOMDocumentType
@Adomxmldom@Tox4DOMDocumentTypeChildren@get_item$qqsir43System@%DelphiInterface$t15Xmldom@IDOMNode%
@Adomxmldom@Tox4DOMDocumentTypeChildren@get_length$qqsri
@Adomxmldom@Tox4DOMElement@
@Adomxmldom@Tox4DOMElement@CheckNamespaceAware$qqrv
@Adomxmldom@Tox4DOMElement@GetNativeElement$qqrv
@Adomxmldom@Tox4DOMElement@_AddRef$qqsv
@Adomxmldom@Tox4DOMElement@_Release$qqsv
@Adomxmldom@Tox4DOMElement@getAttribute$qqsx20System@UnicodeStringr20System@UnicodeString
@Adomxmldom@Tox4DOMElement@getAttributeNS$qqsx20System@UnicodeStringt1r20System@UnicodeString
@Adomxmldom@Tox4DOMElement@getAttributeNode$qqsx20System@UnicodeStringr43System@%DelphiInterface$t15Xmldom@IDOMAttr%
@Adomxmldom@Tox4DOMElement@getAttributeNodeNS$qqsx20System@UnicodeStringt1r43System@%DelphiInterface$t15Xmldom@IDOMAttr%
@Adomxmldom@Tox4DOMElement@getElementsByTagName$qqsx20System@UnicodeStringr47System@%DelphiInterface$t19Xmldom@IDOMNodeList%
@Adomxmldom@Tox4DOMElement@getElementsByTagNameNS$qqsx20System@UnicodeStringt1r47System@%DelphiInterface$t19Xmldom@IDOMNodeList%
@Adomxmldom@Tox4DOMElement@get_tagName$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMElement@hasAttribute$qqsx20System@UnicodeStringrus
@Adomxmldom@Tox4DOMElement@hasAttributeNS$qqsx20System@UnicodeStringt1rus
@Adomxmldom@Tox4DOMElement@normalize$qqsv
@Adomxmldom@Tox4DOMElement@removeAttribute$qqsx20System@UnicodeString
@Adomxmldom@Tox4DOMElement@removeAttributeNS$qqsx20System@UnicodeStringt1
@Adomxmldom@Tox4DOMElement@removeAttributeNode$qqsx43System@%DelphiInterface$t15Xmldom@IDOMAttr%r43System@%DelphiInterface$t15Xmldom@IDOMAttr%
@Adomxmldom@Tox4DOMElement@setAttribute$qqsx20System@UnicodeStringt1
@Adomxmldom@Tox4DOMElement@setAttributeNS$qqsx20System@UnicodeStringt1t1
@Adomxmldom@Tox4DOMElement@setAttributeNode$qqsx43System@%DelphiInterface$t15Xmldom@IDOMAttr%r43System@%DelphiInterface$t15Xmldom@IDOMAttr%
@Adomxmldom@Tox4DOMElement@setAttributeNodeNS$qqsx43System@%DelphiInterface$t15Xmldom@IDOMAttr%r43System@%DelphiInterface$t15Xmldom@IDOMAttr%
@Adomxmldom@Tox4DOMEntityReference@
@Adomxmldom@Tox4DOMImplementation@
@Adomxmldom@Tox4DOMImplementation@$bctr$qqrv
@Adomxmldom@Tox4DOMImplementation@$bdtr$qqrv
@Adomxmldom@Tox4DOMImplementation@FreeDocument$qqrrp25Adomcore_4_3@TDomDocument
@Adomxmldom@Tox4DOMImplementation@GetNativeDOMImpl$qqrv
@Adomxmldom@Tox4DOMImplementation@InitParserAgent$qqrv
@Adomxmldom@Tox4DOMImplementation@ParseErrorHandler$qqrp14System@TObjectp22Adomcore_4_3@TDomErrorro
@Adomxmldom@Tox4DOMImplementation@createDocument$qqsx20System@UnicodeStringt151System@%DelphiInterface$t23Xmldom@IDOMDocumentType%r47System@%DelphiInterface$t19Xmldom@IDOMDocument%
@Adomxmldom@Tox4DOMImplementation@createDocumentType$qqsx20System@UnicodeStringt1t1r51System@%DelphiInterface$t23Xmldom@IDOMDocumentType%
@Adomxmldom@Tox4DOMImplementation@hasFeature$qqrx20System@UnicodeStringt1
@Adomxmldom@Tox4DOMImplementation@loadFromStream$qqrpx15Classes@TStreampx26Adomxmldom@Tox4DOMDocumentr26Adomxmldom@TParseErrorInfo
@Adomxmldom@Tox4DOMImplementation@loadxml$qqrx17System@WideStringpx26Adomxmldom@Tox4DOMDocumentr26Adomxmldom@TParseErrorInfo
@Adomxmldom@Tox4DOMImplementation@xpathLookupNamespaceURI$qqrpx29Adomcore_4_3@TXPathExpressionx17System@WideStringr17System@WideString
@Adomxmldom@Tox4DOMImplementationFactory@
@Adomxmldom@Tox4DOMImplementationFactory@DOMImplementation$qqrv
@Adomxmldom@Tox4DOMImplementationFactory@Description$qqrv
@Adomxmldom@Tox4DOMInterface@
@Adomxmldom@Tox4DOMInterface@SafeCallException$qqrp14System@TObjectpv
@Adomxmldom@Tox4DOMInterface@_AddRef$qqsv
@Adomxmldom@Tox4DOMInterface@_Release$qqsv
@Adomxmldom@Tox4DOMNamedNodeMap@
@Adomxmldom@Tox4DOMNamedNodeMap@$bctr$qqrp29Adomcore_4_3@TDomNamedNodeMapp22Adomxmldom@Tox4DOMNode
@Adomxmldom@Tox4DOMNamedNodeMap@CheckNamespaceAware$qqrv
@Adomxmldom@Tox4DOMNamedNodeMap@getNamedItem$qqsx20System@UnicodeStringr43System@%DelphiInterface$t15Xmldom@IDOMNode%
@Adomxmldom@Tox4DOMNamedNodeMap@getNamedItemNS$qqsx20System@UnicodeStringt1r43System@%DelphiInterface$t15Xmldom@IDOMNode%
@Adomxmldom@Tox4DOMNamedNodeMap@get_item$qqsir43System@%DelphiInterface$t15Xmldom@IDOMNode%
@Adomxmldom@Tox4DOMNamedNodeMap@get_length$qqsri
@Adomxmldom@Tox4DOMNamedNodeMap@removeNamedItem$qqsx20System@UnicodeStringr43System@%DelphiInterface$t15Xmldom@IDOMNode%
@Adomxmldom@Tox4DOMNamedNodeMap@removeNamedItemNS$qqsx20System@UnicodeStringt1r43System@%DelphiInterface$t15Xmldom@IDOMNode%
@Adomxmldom@Tox4DOMNamedNodeMap@setNamedItem$qqsx43System@%DelphiInterface$t15Xmldom@IDOMNode%r43System@%DelphiInterface$t15Xmldom@IDOMNode%
@Adomxmldom@Tox4DOMNamedNodeMap@setNamedItemNS$qqsx43System@%DelphiInterface$t15Xmldom@IDOMNode%r43System@%DelphiInterface$t15Xmldom@IDOMNode%
@Adomxmldom@Tox4DOMNode@
@Adomxmldom@Tox4DOMNode@$bctr$qqrp21Adomcore_4_3@TDomNodep26Adomxmldom@Tox4DOMDocument
@Adomxmldom@Tox4DOMNode@$bdtr$qqrv
@Adomxmldom@Tox4DOMNode@AllocParser$qqrv
@Adomxmldom@Tox4DOMNode@EnsureUndefXmlnsIfNeeded$qqrp21Adomcore_4_3@TDomNode
@Adomxmldom@Tox4DOMNode@GetNativeNode$qqrv
@Adomxmldom@Tox4DOMNode@appendChild$qqsx43System@%DelphiInterface$t15Xmldom@IDOMNode%r43System@%DelphiInterface$t15Xmldom@IDOMNode%
@Adomxmldom@Tox4DOMNode@cloneNode$qqsusr43System@%DelphiInterface$t15Xmldom@IDOMNode%
@Adomxmldom@Tox4DOMNode@get_attributes$qqsr51System@%DelphiInterface$t23Xmldom@IDOMNamedNodeMap%
@Adomxmldom@Tox4DOMNode@get_childNodes$qqsr47System@%DelphiInterface$t19Xmldom@IDOMNodeList%
@Adomxmldom@Tox4DOMNode@get_firstChild$qqsr43System@%DelphiInterface$t15Xmldom@IDOMNode%
@Adomxmldom@Tox4DOMNode@get_lastChild$qqsr43System@%DelphiInterface$t15Xmldom@IDOMNode%
@Adomxmldom@Tox4DOMNode@get_localName$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMNode@get_namespaceURI$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMNode@get_nextSibling$qqsr43System@%DelphiInterface$t15Xmldom@IDOMNode%
@Adomxmldom@Tox4DOMNode@get_nodeName$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMNode@get_nodeType$qqsrus
@Adomxmldom@Tox4DOMNode@get_nodeValue$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMNode@get_ownerDocument$qqsr47System@%DelphiInterface$t19Xmldom@IDOMDocument%
@Adomxmldom@Tox4DOMNode@get_parentNode$qqsr43System@%DelphiInterface$t15Xmldom@IDOMNode%
@Adomxmldom@Tox4DOMNode@get_prefix$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMNode@get_previousSibling$qqsr43System@%DelphiInterface$t15Xmldom@IDOMNode%
@Adomxmldom@Tox4DOMNode@get_text$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMNode@get_xml$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMNode@hasChildNodes$qqsrus
@Adomxmldom@Tox4DOMNode@insertBefore$qqsx43System@%DelphiInterface$t15Xmldom@IDOMNode%t1r43System@%DelphiInterface$t15Xmldom@IDOMNode%
@Adomxmldom@Tox4DOMNode@normalize$qqsv
@Adomxmldom@Tox4DOMNode@removeChild$qqsx43System@%DelphiInterface$t15Xmldom@IDOMNode%r43System@%DelphiInterface$t15Xmldom@IDOMNode%
@Adomxmldom@Tox4DOMNode@replaceChild$qqsx43System@%DelphiInterface$t15Xmldom@IDOMNode%t1r43System@%DelphiInterface$t15Xmldom@IDOMNode%
@Adomxmldom@Tox4DOMNode@selectNode$qqsx17System@WideStringr43System@%DelphiInterface$t15Xmldom@IDOMNode%
@Adomxmldom@Tox4DOMNode@selectNodes$qqsx17System@WideStringr47System@%DelphiInterface$t19Xmldom@IDOMNodeList%
@Adomxmldom@Tox4DOMNode@set_nodeValue$qqs20System@UnicodeString
@Adomxmldom@Tox4DOMNode@set_text$qqsx20System@UnicodeString
@Adomxmldom@Tox4DOMNode@supports$qqrx20System@UnicodeStringt1
@Adomxmldom@Tox4DOMNode@transformNode$qqsx43System@%DelphiInterface$t15Xmldom@IDOMNode%r17System@WideString
@Adomxmldom@Tox4DOMNode@transformNode$qqsx43System@%DelphiInterface$t15Xmldom@IDOMNode%x47System@%DelphiInterface$t19Xmldom@IDOMDocument%
@Adomxmldom@Tox4DOMNodeList@
@Adomxmldom@Tox4DOMNodeList@$bctr$qqrp25Adomcore_4_3@TDomNodeListp22Adomxmldom@Tox4DOMNode
@Adomxmldom@Tox4DOMNodeList@$bctr$qqrp29Adomcore_4_3@TXPathExpressionp22Adomxmldom@Tox4DOMNode
@Adomxmldom@Tox4DOMNodeList@$bdtr$qqrv
@Adomxmldom@Tox4DOMNodeList@get_item$qqsir43System@%DelphiInterface$t15Xmldom@IDOMNode%
@Adomxmldom@Tox4DOMNodeList@get_length$qqsri
@Adomxmldom@Tox4DOMProcessingInstruction@
@Adomxmldom@Tox4DOMProcessingInstruction@GetNativeProcessingInstruction$qqrv
@Adomxmldom@Tox4DOMProcessingInstruction@get_data$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMProcessingInstruction@get_target$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMProcessingInstruction@set_data$qqsx20System@UnicodeString
@Adomxmldom@Tox4DOMText@
@Adomxmldom@Tox4DOMText@splitText$qqsir43System@%DelphiInterface$t15Xmldom@IDOMText%
@Adomxmldom@Tox4DOMXPathNamespace@
@Adomxmldom@Tox4DOMXPathNamespace@$bctr$qqrp21Adomcore_4_3@TDomNodep26Adomxmldom@Tox4DOMDocument
@Adomxmldom@Tox4DOMXPathNamespace@$bdtr$qqrv
@Adomxmldom@Tox4DOMXPathNamespace@GetNativeXPathNamespace$qqrv
@Adomxmldom@Tox4DOMXPathNamespace@get_localName$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMXPathNamespace@get_namespaceURI$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMXPathNamespace@get_nodeName$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMXPathNamespace@get_nodeValue$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMXPathNamespace@get_prefix$qqsr20System@UnicodeString
@Adomxmldom@Tox4DOMXPathNamespace@set_nodeValue$qqs20System@UnicodeString
@Adomxmldom@initialization$qqrv
@showCommandLineHelp$qv
__GetExceptDLLinfo
___CPPdebugHook
_frmAbout
_frmConfig
_frmConsole
_frmExport
_frmMain
_frmStart
_requestedScans

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 170KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 185KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 190KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.2MB

UPX1 Size: 918KB - Virtual size: 920KB

.rsrc Size: 33KB - Virtual size: 36KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.data Size: 170KB - Virtual size: 372KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 14KB - Virtual size: 16KB

.didata Size: 1024B - Virtual size: 4KB

.edata Size: 21KB - Virtual size: 24KB

.rsrc Size: 185KB - Virtual size: 188KB

.reloc Size: 190KB - Virtual size: 192KB

UPX0
Size: - Virtual size: 2.2MB

UPX1
Size: 918KB - Virtual size: 920KB

.rsrc
Size: 33KB - Virtual size: 36KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.data
Size: 170KB - Virtual size: 372KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 14KB - Virtual size: 16KB

.didata
Size: 1024B - Virtual size: 4KB

.edata
Size: 21KB - Virtual size: 24KB

.rsrc
Size: 185KB - Virtual size: 188KB

.reloc
Size: 190KB - Virtual size: 192KB