b7d95e7a7679c2821e4515958cf48a6b4595408cf98b1d11e995791a51876629

Sharing

Copy URL Twitter E-mail

General

Target

b7d95e7a7679c2821e4515958cf48a6b4595408cf98b1d11e995791a51876629
Size

116KB
MD5

b575a8a5500d9b2a9a8f23fddbb39324
SHA1

8044283efd90c08e39d794e342ce7cd21c27638c
SHA256

b7d95e7a7679c2821e4515958cf48a6b4595408cf98b1d11e995791a51876629
SHA512

c6dd5d4aa79cedb2849499dd4492049f7860dca9dabfbcc5eb63ef0f6f83e5c44428678502a1773b57f035bc205aa6bc2796bcd527f3497c17a7e69c75c867c7
SSDEEP

1536:rnuAgPOMm/d271raCLlQ2YL0MrxMoGt2zSGmPIRz/2rw:rnxh/d2BlQ5txMoZSGmPe/T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7d95e7a7679c2821e4515958cf48a6b4595408cf98b1d11e995791a51876629

Files

b7d95e7a7679c2821e4515958cf48a6b4595408cf98b1d11e995791a51876629
.dll windows:5 windows x86

8048da65ced5f400b28a6cb0a7b2d5b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

rtl140.bpl

@System@initialization$qqrv
@System@Finalization$qqrv
@System@TInterfacedObject@_Release$qqsv
@System@TInterfacedObject@_AddRef$qqsv
@System@TInterfacedObject@QueryInterface$qqsrx5_GUIDpv
@System@TInterfacedObject@NewInstance$qqrv
@System@TInterfacedObject@BeforeDestruction$qqrv
@System@TInterfacedObject@AfterConstruction$qqrv
@System@@IntfAddRef$qqrx45System@%DelphiInterface$t17System@IInterface%
@System@@IntfCopy$qqrr45System@%DelphiInterface$t17System@IInterface%x45System@%DelphiInterface$t17System@IInterface%
@System@@IntfClear$qqrr45System@%DelphiInterface$t17System@IInterface%
@System@RegisterModule$qqrp17System@TLibModule
@System@@DynArrayClear$qqrrpvpv
@System@@DynArraySetLength$qqrv
@System@@DynArrayHigh$qqrv
@System@@DynArrayLength$qqrv
@System@@UStrCatN$qqrv
@System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2
@System@@UStrFromWChar$qqrr20System@UnicodeStringb
@System@@UStrToPWChar$qqrx20System@UnicodeString
@System@@UStrArrayClr$qqrpvi
@System@@UStrClr$qqrpv
@System@@Assert$qqrx20System@UnicodeStringt1i
@System@@RunError$qqruc
@System@@Halt0$qqrv
@System@@StartLib$qqrv
@System@@DoneExcept$qqrv
@System@@RaiseExcept$qqrv
@System@@HandleFinally$qqrv
@System@@HandleOnException$qqrv
@System@@BeforeDestruction$qqrp14System@TObjectzc
@System@@AfterConstruction$qqrp14System@TObject
@System@@ClassDestroy$qqrp14System@TObject
@System@@ClassCreate$qqrp17System@TMetaClasso
@System@TObject@Dispatch$qqrpv
@System@TObject@BeforeDestruction$qqrv
@System@TObject@AfterConstruction$qqrv
@System@TObject@DefaultHandler$qqrpv
@System@TObject@ToString$qqrv
@System@TObject@SafeCallException$qqrp14System@TObjectpv
@System@TObject@GetHashCode$qqrv
@System@TObject@Equals$qqrp14System@TObject
@System@TObject@$bdtr$qqrv
@System@TObject@$bctr$qqrv
@System@TObject@FreeInstance$qqrv
@System@TObject@NewInstance$qqrv
@System@@FillChar$qqrpvib
@System@@AbstractError$qqrv
@System@Sqrt$qqrxg
@System@Sin$qqrxg
@System@Cos$qqrxg
@System@Move$qqrpxvpvi
@$xp$24System@TInterfacedObject
@System@TInterfacedObject@
@$xp$18System@IEnumerable
@$xp$17System@IInterface
@$xp$14System@TObject
@System@TObject@
@$xp$14System@Variant
@$xp$6Double
@$xp$7Pointer
@$xp$11System@Byte
@$xp$7Integer
@$xp$11System@Char
@$xp$7Boolean
@Sysutils@initialization$qqrv
@Sysutils@Finalization$qqrv
@Sysutils@TEncoding@$bcdtr$qqrv
@Sysutils@TLanguages@$bcdtr$qqrv
@Sysutils@FreeAndNil$qqrpv
@Sysutils@Exception@$bcdtr$qqrv
@Sysutils@Exception@$bcctr$qqrv
@Sysutils@Exception@$bctr$qqrp20System@TResStringRec
@Sysutils@Exception@$bctr$qqrx20System@UnicodeString
@Sysutils@OutOfMemoryError$qqrv
@Sysutils@Format$qqrx20System@UnicodeStringpx14System@TVarRecxi
@Sysutils@BoolToStr$qqroo
@Sysutils@TEncoding@$bcctr$qqrv
@Sysutils@EArgumentOutOfRangeException@
@Sysutils@Exception@
@Sysutils@TLanguages@$bcctr$qqrv
@Rtlconsts@_SArgumentOutOfRange
@Math@Max$qqrxdxd
@Math@Max$qqrxixi
@Math@Min$qqrxgxg
@Math@Min$qqrxdxd
@Math@Min$qqrxixi
@Math@Floor$qqrxg
@Math@Ceil$qqrxg
@Classes@initialization$qqrv
@Classes@Finalization$qqrv
@Classes@TThread@$bcdtr$qqrv
@Classes@TThread@$bcctr$qqrv
@Classes@TStringList@$bctr$qqrv
@Classes@TInterfacedPersistent@QueryInterface$qqsrx5_GUIDpv
@Classes@TInterfacedPersistent@_Release$qqsv
@Classes@TInterfacedPersistent@_AddRef$qqsv
@Classes@TInterfacedPersistent@AfterConstruction$qqrv
@Classes@TPersistent@DefineProperties$qqrp14Classes@TFiler
@Classes@TPersistent@AssignTo$qqrp19Classes@TPersistent
@Classes@TPersistent@Assign$qqrp19Classes@TPersistent
@Classes@TPersistent@$bdtr$qqrv
@$xp$19Classes@TStringList
@Classes@TStringList@
@$xp$29Classes@TInterfacedPersistent
@Classes@TInterfacedPersistent@
@Typinfo@initialization$qqrv
@Typinfo@Finalization$qqrv
@Variants@initialization$qqrv
@Variants@Finalization$qqrv
@Varutils@initialization$qqrv
@Varutils@Finalization$qqrv
@Registry@initialization$qqrv
@Registry@Finalization$qqrv
@Inifiles@initialization$qqrv
@Inifiles@Finalization$qqrv
@Ioutils@initialization$qqrv
@Ioutils@Finalization$qqrv
@Ioutils@TPath@$bcctr$qqrv
@Ioutils@TPath@$bcdtr$qqrv
@Syncobjs@initialization$qqrv
@Syncobjs@Finalization$qqrv
@Syncobjs@TCriticalSection@Leave$qqrv
@Syncobjs@TCriticalSection@Enter$qqrv
@Syncobjs@TCriticalSection@$bctr$qqrv
@$xp$25Syncobjs@TCriticalSection
@Syncobjs@TCriticalSection@
@Timespan@TTimeSpan@$bcctr$qqrv
@Timespan@TTimeSpan@$bcdtr$qqrv
@Uxtheme@initialization$qqrv
@Uxtheme@Finalization$qqrv
@Multimon@initialization$qqrv
@Multimon@Finalization$qqrv
@Helpintfs@initialization$qqrv
@Helpintfs@Finalization$qqrv
@Flatsb@initialization$qqrv
@Flatsb@Finalization$qqrv
@$xp$44Generics_collections@TCollectionNotification
@Generics_collections@TArray@
@Generics_defaults@_LookupVtableInfo$qqr42Generics_defaults@TDefaultGenericInterfacep17Typinfo@TTypeInfoi
@Rtti@initialization$qqrv
@Rtti@Finalization$qqrv
@Varconv@initialization$qqrv
@Varconv@Finalization$qqrv
@Convutils@initialization$qqrv
@Convutils@Finalization$qqrv
@Varcmplx@initialization$qqrv
@Varcmplx@Finalization$qqrv
@Comobj@initialization$qqrv
@Comobj@Finalization$qqrv

kernel32

TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
OutputDebugStringW
GetVersionExW
FreeLibrary

vcl140.bpl

@Menus@initialization$qqrv
@Menus@Finalization$qqrv
@Actnlist@initialization$qqrv
@Actnlist@Finalization$qqrv
@Graphics@initialization$qqrv
@Graphics@Finalization$qqrv
@Themes@initialization$qqrv
@Themes@Finalization$qqrv
@Controls@initialization$qqrv
@Controls@Finalization$qqrv
@Forms@initialization$qqrv
@Forms@Finalization$qqrv
@Dialogs@initialization$qqrv
@Dialogs@Finalization$qqrv
@Comctrls@initialization$qqrv
@Comctrls@Finalization$qqrv
@Graphutil@initialization$qqrv
@Graphutil@Finalization$qqrv
@Extctrls@initialization$qqrv
@Extctrls@Finalization$qqrv
@Printers@initialization$qqrv
@Printers@Finalization$qqrv
@Clipbrd@initialization$qqrv
@Clipbrd@Finalization$qqrv

appbase.bpl

@Fsapplc@initialization$qqrv
@Fsapplc@Finalization$qqrv
@Fsapplc@TAppSystem@RegisterService$qqrrx5_GUIDx45System@%DelphiInterface$t17System@IInterface%
@Fsapplc@TAppSystem@RegisterCreator$qqr20System@UnicodeStringpqqrp14System@TObject$p14System@TObject
@Fsapplc@AppSys
@Fsstrs@initialization$qqrv
@Fsstrs@Finalization$qqrv
@Fssettings@initialization$qqrv
@Fssettings@Finalization$qqrv
@Udhk@initialization$qqrv
@Udhk@Finalization$qqrv

baselib.bpl

@Fslib@initialization$qqrv
@Fslib@Finalization$qqrv
@Regularexpressions@initialization$qqrv
@Regularexpressions@Finalization$qqrv
@Cfgvnt@initialization$qqrv
@Cfgvnt@Finalization$qqrv
@Sevenzip@initialization$qqrv
@Sevenzip@Finalization$qqrv
@Fsmui@initialization$qqrv
@Fsmui@Finalization$qqrv
@Fsoem@initialization$qqrv
@Fsoem@Finalization$qqrv
@Bmxcarddef@initialization$qqrv
@Bmxcarddef@Finalization$qqrv
@Fssocket@initialization$qqrv
@Fssocket@Finalization$qqrv

nativexml401.bpl

@Nativexml@initialization$qqrv
@Nativexml@Finalization$qqrv
@Sddebug@initialization$qqrv
@Sddebug@Finalization$qqrv

inet140.bpl

@Sockets@initialization$qqrv
@Sockets@Finalization$qqrv

geometry.bpl

@Cadtypes@initialization$qqrv
@Cadtypes@Finalization$qqrv

vclimg140.bpl

@Gifimg@initialization$qqrv
@Gifimg@Finalization$qqrv
@Pngimage@initialization$qqrv
@Pngimage@Finalization$qqrv
@Jpeg@initialization$qqrv
@Jpeg@Finalization$qqrv

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 32B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8048da65ced5f400b28a6cb0a7b2d5b9

Headers

File Characteristics

Imports

rtl140.bpl

kernel32

vcl140.bpl

appbase.bpl

baselib.bpl

nativexml401.bpl

inet140.bpl

geometry.bpl

vclimg140.bpl

Sections

.text Size: 90KB - Virtual size: 89KB

.itext Size: 1024B - Virtual size: 936B

.data Size: 512B - Virtual size: 72B

.bss Size: - Virtual size: 32B

.idata Size: 11KB - Virtual size: 11KB

.reloc Size: 7KB - Virtual size: 7KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 90KB - Virtual size: 89KB

.itext
Size: 1024B - Virtual size: 936B

.data
Size: 512B - Virtual size: 72B

.bss
Size: - Virtual size: 32B

.idata
Size: 11KB - Virtual size: 11KB

.reloc
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 5KB - Virtual size: 5KB