73e9559cd3200546ece7d76adb70b07cb75eced99aa1a5bf370e480f9bdfc811

Sharing

Copy URL Twitter E-mail

General

Target

73e9559cd3200546ece7d76adb70b07cb75eced99aa1a5bf370e480f9bdfc811
Size

94KB
MD5

00d43a88eebd5cda4c1b67d0b00fb755
SHA1

66ca30c904ff82c07ba2dde26ff317f024dd07c8
SHA256

73e9559cd3200546ece7d76adb70b07cb75eced99aa1a5bf370e480f9bdfc811
SHA512

27f19e5bb8432a6d286379f9f81ebe91e27e51cfb787fea936b41087f26cce28f580b8016ad428eec41f4c2ebd4761ba705ca8b37d049bb5d925f08a30a2ab32
SSDEEP

1536:h5sG1CgRH0Hmdd3xKNr/YqlnrUV7gJBG5x8xNp+Zw:z1CgRLdS/YqlnrzBGAp+Zw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73e9559cd3200546ece7d76adb70b07cb75eced99aa1a5bf370e480f9bdfc811

Files

73e9559cd3200546ece7d76adb70b07cb75eced99aa1a5bf370e480f9bdfc811
.dll windows:5 windows x86

8f0c22e8df4dde0915c727d151f8a46e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

rtl140.bpl

@System@initialization$qqrv
@System@Finalization$qqrv
@System@Utf8ToAnsi$qqrx31System@%AnsiStringT$us$i65535$%
@System@AnsiToUtf8$qqrx20System@UnicodeString
@System@TInterfacedObject@_Release$qqsv
@System@TInterfacedObject@_AddRef$qqsv
@System@TInterfacedObject@QueryInterface$qqsrx5_GUIDpv
@System@TInterfacedObject@NewInstance$qqrv
@System@TInterfacedObject@BeforeDestruction$qqrv
@System@TInterfacedObject@AfterConstruction$qqrv
@System@@IntfCopy$qqrr45System@%DelphiInterface$t17System@IInterface%x45System@%DelphiInterface$t17System@IInterface%
@System@@IntfClear$qqrr45System@%DelphiInterface$t17System@IInterface%
@System@RegisterModule$qqrp17System@TLibModule
@System@@DynArrayClear$qqrrpvpv
@System@@DynArraySetLength$qqrv
@System@@DynArrayHigh$qqrv
@System@@DynArrayLength$qqrv
@System@@FinalizeArray$qqrpvt1ui
@System@@FinalizeRecord$qqrpvt1
@System@Pos$qqrx20System@UnicodeStringt1
@System@@UStrCopy$qqrx20System@UnicodeStringii
@System@@UStrEqual$qqrv
@System@@UStrCatN$qqrv
@System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2
@System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrLen$qqrx20System@UnicodeString
@System@@LStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus
@System@@UStrFromWArray$qqrr20System@UnicodeStringpbi
@System@@UStrFromPWChar$qqrr20System@UnicodeStringpb
@System@@UStrFromWChar$qqrr20System@UnicodeStringb
@System@@UStrToPWChar$qqrx20System@UnicodeString
@System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrArrayClr$qqrpvi
@System@@UStrClr$qqrpv
@System@@UStrAddRef$qqrpv
@System@@LStrToPChar$qqrx27System@%AnsiStringT$us$i0$%
@System@@EnsureUnicodeString$qqrr20System@UnicodeString
@System@@LStrArrayClr$qqrpvi
@System@@LStrClr$qqrpv
@System@@RunError$qqruc
@System@@Halt0$qqrv
@System@@StartLib$qqrv
@System@@TryFinallyExit$qqrv
@System@@DoneExcept$qqrv
@System@@RaiseExcept$qqrv
@System@@HandleFinally$qqrv
@System@@HandleAnyException$qqrv
@System@@BeforeDestruction$qqrp14System@TObjectzc
@System@@AfterConstruction$qqrp14System@TObject
@System@@ClassDestroy$qqrp14System@TObject
@System@@ClassCreate$qqrp17System@TMetaClasso
@System@TObject@Dispatch$qqrpv
@System@TObject@BeforeDestruction$qqrv
@System@TObject@AfterConstruction$qqrv
@System@TObject@DefaultHandler$qqrpv
@System@TObject@ToString$qqrv
@System@TObject@SafeCallException$qqrp14System@TObjectpv
@System@TObject@GetHashCode$qqrv
@System@TObject@Equals$qqrp14System@TObject
@System@TObject@Free$qqrv
@System@TObject@$bdtr$qqrv
@System@TObject@$bctr$qqrv
@System@TObject@FreeInstance$qqrv
@System@TObject@NewInstance$qqrv
@System@@FillChar$qqrpvib
@System@@AbstractError$qqrv
@System@Move$qqrpxvpvi
@$xp$12System@PByte
@$xp$17System@UTF8String
@$xp$24System@TInterfacedObject
@System@TInterfacedObject@
@$xp$18System@IEnumerable
@$xp$17System@IInterface
@$xp$14System@TObject
@System@TObject@
@$xp$13System@string
@$xp$8LongBool
@$xp$9PAnsiChar
@$xp$8Cardinal
@$xp$11System@Word
@$xp$11System@Byte
@$xp$7Integer
@$xp$7Boolean
@Sysutils@initialization$qqrv
@Sysutils@Finalization$qqrv
@Sysutils@TEncoding@GetUnicode$qqrv
@Sysutils@TEncoding@GetBytes$qqrx20System@UnicodeString
@Sysutils@TEncoding@$bcdtr$qqrv
@Sysutils@TLanguages@$bcdtr$qqrv
@Sysutils@FreeAndNil$qqrpv
@Sysutils@StringReplace$qqrx20System@UnicodeStringt1t149System@%Set$t21Sysutils@Sysutils__55$iuc$0$iuc$1%
@Sysutils@Exception@$bcdtr$qqrv
@Sysutils@Exception@$bcctr$qqrv
@Sysutils@Exception@$bctr$qqrp20System@TResStringRec
@Sysutils@Exception@$bctr$qqrx20System@UnicodeString
@Sysutils@OutOfMemoryError$qqrv
@Sysutils@DateTimeToStr$qqrx16System@TDateTime
@Sysutils@Now$qqrv
@Sysutils@Format$qqrx20System@UnicodeStringpx14System@TVarRecxi
@Sysutils@StrPas$qqrpxb
@Sysutils@StrLComp$qqrpxbt1ui
@Sysutils@DirectoryExists$qqrx20System@UnicodeString
@Sysutils@FileExists$qqrx20System@UnicodeString
@Sysutils@FileClose$qqri
@Sysutils@FileWrite$qqripxvui
@Sysutils@FileCreate$qqrx20System@UnicodeString
@Sysutils@StrToInt$qqrx20System@UnicodeString
@Sysutils@IntToHex$qqrii
@Sysutils@IntToStr$qqrj
@Sysutils@IntToStr$qqri
@Sysutils@AnsiCompareText$qqrx20System@UnicodeStringt1
@Sysutils@UpperCase$qqrx20System@UnicodeString
@Sysutils@CharInSet$qqrbrx29System@%Set$tc$iuc$0$iuc$255%
@Sysutils@TEncoding@$bcctr$qqrv
@Sysutils@EArgumentOutOfRangeException@
@Sysutils@Exception@
@$xp$19Sysutils@PByteArray
@$xp$15Sysutils@TBytes
@Sysutils@TLanguages@$bcctr$qqrv
@Rtlconsts@_SArgumentOutOfRange
@Math@Max$qqrxixi
@Math@Min$qqrxixi
@Math@Ceil$qqrxg
@Classes@initialization$qqrv
@Classes@Finalization$qqrv
@Classes@TThread@$bcdtr$qqrv
@Classes@TThread@$bcctr$qqrv
@Typinfo@initialization$qqrv
@Typinfo@Finalization$qqrv
@Variants@initialization$qqrv
@Variants@Finalization$qqrv
@Variants@@VarFromInt$qqrr8TVarDataxixzc
@Variants@@VarToInteger$qqrrx8TVarData
@Variants@@VarClr$qqrr8TVarData
@Varutils@initialization$qqrv
@Varutils@Finalization$qqrv
@$xp$44Generics_collections@TCollectionNotification
@Generics_collections@TArray@
@Generics_defaults@_LookupVtableInfo$qqr42Generics_defaults@TDefaultGenericInterfacep17Typinfo@TTypeInfoi
@Inifiles@initialization$qqrv
@Inifiles@Finalization$qqrv
@Inifiles@TCustomIniFile@SectionExists$qqrx20System@UnicodeString
@Inifiles@TCustomIniFile@$bctr$qqrx20System@UnicodeString
@Inifiles@TIniFile@
@Ioutils@initialization$qqrv
@Ioutils@Finalization$qqrv
@Ioutils@TPath@$bcctr$qqrv
@Ioutils@TPath@$bcdtr$qqrv
@Syncobjs@initialization$qqrv
@Syncobjs@Finalization$qqrv
@Timespan@TTimeSpan@$bcctr$qqrv
@Timespan@TTimeSpan@$bcdtr$qqrv
@Rtti@initialization$qqrv
@Rtti@Finalization$qqrv
@Varconv@initialization$qqrv
@Varconv@Finalization$qqrv
@Convutils@initialization$qqrv
@Convutils@Finalization$qqrv
@Varcmplx@initialization$qqrv
@Varcmplx@Finalization$qqrv
@Registry@initialization$qqrv
@Registry@Finalization$qqrv
@Comobj@initialization$qqrv
@Comobj@Finalization$qqrv
@Uxtheme@initialization$qqrv
@Uxtheme@Finalization$qqrv
@Helpintfs@initialization$qqrv
@Helpintfs@Finalization$qqrv
@Multimon@initialization$qqrv
@Multimon@Finalization$qqrv
@Flatsb@initialization$qqrv
@Flatsb@Finalization$qqrv

kernel32

TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
Sleep
WaitForSingleObject
OutputDebugStringW
LeaveCriticalSection
InitializeCriticalSection
GetVersionExW
GetFileAttributesW
GetExitCodeProcess
GetCurrentProcess
FreeLibrary
EnterCriticalSection
DeleteCriticalSection
CopyFileW
CloseHandle
IsWow64Process

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHFileOperationW
ShellExecuteExW
ShellExecuteA

nativexml401.bpl

@Nativexml@initialization$qqrv
@Nativexml@Finalization$qqrv
@Nativexml@sdWideToUtf8$qqrx20System@UnicodeString
@Nativexml@TNativeXml@NodeNewTextType$qqr31System@%AnsiStringT$us$i65001$%t124Nativexml@TsdElementType
@Nativexml@TNativeXml@SetXmlFormat$qqrx24Nativexml@TXmlFormatType
@Nativexml@TNativeXml@GetRoot$qqrv
@Nativexml@TNativeXml@$bctr$qqrx31System@%AnsiStringT$us$i65001$%p18Classes@TComponent
@Nativexml@TsdNodeList@GetItems$qqri
@Nativexml@TsdContainerNode@NodeInsertNear$qqrp18Nativexml@TXmlNodet1o
@Nativexml@TXmlNode@NodeByName$qqrx31System@%AnsiStringT$us$i65001$%
@Nativexml@TXmlNode@AttributeAdd$qqrx31System@%AnsiStringT$us$i65001$%t1
@$xp$20Nativexml@TNativeXml
@Nativexml@TNativeXml@
@$xp$18Nativexml@TXmlNode
@Sddebug@initialization$qqrv
@Sddebug@Finalization$qqrv

appbase.bpl

@Fsapplc@initialization$qqrv
@Fsapplc@Finalization$qqrv
@Fsapplc@TAppSystem@RegisterService$qqrrx5_GUIDx45System@%DelphiInterface$t17System@IInterface%
@Fsapplc@TAppSystem@RegisterProc$qqr20System@UnicodeStringpqqrv$v
@Fsapplc@TAppSystem@RegisterProc$qqr20System@UnicodeStringpqqrrx14System@Variant$i
@Fsapplc@TAppSystem@RegisterCreator$qqr20System@UnicodeStringpqqrp14System@TObject$p14System@TObject
@Fsapplc@TAppSystem@LogMsg$qqr19Fsapplc@TAppMsgTypex20System@UnicodeString20System@UnicodeStringii
@Fsapplc@AppSys
@Fsstrs@initialization$qqrv
@Fsstrs@Finalization$qqrv
@Fssettings@initialization$qqrv
@Fssettings@Finalization$qqrv
@Udhk@initialization$qqrv
@Udhk@Finalization$qqrv

baselib.bpl

@Fslib@initialization$qqrv
@Fslib@Finalization$qqrv
@Regularexpressions@initialization$qqrv
@Regularexpressions@Finalization$qqrv
@Cfgvnt@initialization$qqrv
@Cfgvnt@Finalization$qqrv
@Sevenzip@initialization$qqrv
@Sevenzip@Finalization$qqrv
@Fsmui@initialization$qqrv
@Fsmui@Finalization$qqrv
@Fsoem@initialization$qqrv
@Fsoem@Finalization$qqrv
@Bmxcarddef@initialization$qqrv
@Bmxcarddef@Finalization$qqrv
@Fssocket@initialization$qqrv
@Fssocket@Finalization$qqrv

vcl140.bpl

@Graphics@initialization$qqrv
@Graphics@Finalization$qqrv
@Forms@initialization$qqrv
@Forms@Finalization$qqrv
@Actnlist@initialization$qqrv
@Actnlist@Finalization$qqrv
@Themes@initialization$qqrv
@Themes@Finalization$qqrv
@Controls@initialization$qqrv
@Controls@Finalization$qqrv
@Menus@initialization$qqrv
@Menus@Finalization$qqrv
@Dialogs@initialization$qqrv
@Dialogs@Finalization$qqrv
@Comctrls@initialization$qqrv
@Comctrls@Finalization$qqrv
@Graphutil@initialization$qqrv
@Graphutil@Finalization$qqrv
@Extctrls@initialization$qqrv
@Extctrls@Finalization$qqrv
@Printers@initialization$qqrv
@Printers@Finalization$qqrv
@Clipbrd@initialization$qqrv
@Clipbrd@Finalization$qqrv

inet140.bpl

@Sockets@initialization$qqrv
@Sockets@Finalization$qqrv

advapi32

QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle

geometry.bpl

@Cadtypes@initialization$qqrv
@Cadtypes@Finalization$qqrv

vclimg140.bpl

@Gifimg@initialization$qqrv
@Gifimg@Finalization$qqrv
@Pngimage@initialization$qqrv
@Pngimage@Finalization$qqrv
@Jpeg@initialization$qqrv
@Jpeg@Finalization$qqrv

rtoslib32

RtosPipeInfoGet60
RtosPipeOpenA60
RtosMsgQueueInfoGet60
RtosMsgQueueCreateA60
RtosObjectClose60
RtosObjectWait60
RtosObjectWrite60
RtosObjectRead60
RtosWaitForEvent40
RtosSetEvent40
RtosCloseEvent40
RtosCreateEventA40
RtosShmAddrGet50
RtosResultGetModuleW41
RtosResultGetTextW41
RtosSetMemoryConfigurationA40
RtosStartExW40
RtosRunning40
RtosStop40
RtosCommStop40
RtosCommStart40
RtosGetIdByNameA40
RtosLibDeinit40
RtosLibInit40
UploadVxWinDllVersion

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 248B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f0c22e8df4dde0915c727d151f8a46e

Headers

File Characteristics

Imports

rtl140.bpl

kernel32

shell32

nativexml401.bpl

appbase.bpl

baselib.bpl

vcl140.bpl

inet140.bpl

advapi32

geometry.bpl

vclimg140.bpl

rtoslib32

Sections

.text Size: 65KB - Virtual size: 65KB

.itext Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 216B

.bss Size: - Virtual size: 248B

.idata Size: 15KB - Virtual size: 15KB

.reloc Size: 5KB - Virtual size: 4KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 65KB - Virtual size: 65KB

.itext
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 216B

.bss
Size: - Virtual size: 248B

.idata
Size: 15KB - Virtual size: 15KB

.reloc
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 5KB - Virtual size: 5KB