7c27e594ef4e52b8c5b14db3517ede40

Sharing

Copy URL Twitter E-mail

General

Target

7c27e594ef4e52b8c5b14db3517ede40
Size

3.5MB
MD5

7c27e594ef4e52b8c5b14db3517ede40
SHA1

1bdacb2a0961ed5edaadd8ecbbe9fdbb523d9f1b
SHA256

ba3965c6506d07dab9fbf29fc177c9cbdd91c7d5b828dbfc0ad98f48a99c3ebf
SHA512

29abe2edb5bcca3288bbb56f347220264573955521e18ab5faac6e3da308b5db2a1298ca97b23af9362c7ea312976dc7a50127e414e7c7c862cfa4588f1026e7
SSDEEP

98304:bxoYqckE0srcc8Ce0fPoM/FMcHaLa2XqcPLLJ:b1uE5cc8C5B9JHJYBzl

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/crack/RegistryWasher.exe	aspack_v212_v242

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/crack/RegistryWasher.exe
unpack001/registrywasher-setup.exe

Files

7c27e594ef4e52b8c5b14db3517ede40
.rar
crack/RegistryWasher.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

@$xp$14Ecore@TCharSet
@$xp$15Ecore@TLoadType
@$xp$16Ecore@TLogOption
@$xp$16Ezlib@EZLibError
@$xp$16Regexpr@ERegExpr
@$xp$16Regexpr@TRegExpr
@$xp$17Ecore@TLogOptions
@$xp$17Ecore@TModuleType
@$xp$18Econsts@EConsts__1
@$xp$18Econsts@EConsts__2
@$xp$18Econsts@EConsts__3
@$xp$18Ecore@TShowOptions
@$xp$18Ecore@TWebSendMode
@$xp$18Etypes@TShowOption
@$xp$19Etargzip@TTGZWriter
@$xp$19Etypes@TMessageType
@$xp$20Ecore@TEmailSendMode
@$xp$20Elogmanager@TLogFile
@$xp$20Elogmanager@TLogItem
@$xp$20Exmlbuilder@TXMLItem
@$xp$20Regexpr@TSetOfREChar
@$xp$21Ecore@TForegroundType
@$xp$21Exmlbuilder@TXMLItems
@$xp$22Ecore@TBehaviourOption
@$xp$22Ecore@TCallStackOption
@$xp$22Ecore@TCustomizedTexts
@$xp$22Etargzip@TTGZExtractor
@$xp$22Exceptionlog@PCardinal
@$xp$23Ecore@TBehaviourOptions
@$xp$23Ecore@TCallStackOptions
@$xp$23Ecore@TCommonSendOption
@$xp$23Exceptionlog@TEurekaLog
@$xp$24Ecore@TCommonSendOptions
@$xp$24Elistview@TListViewItems
@$xp$24Exceptionlog@TModuleInfo
@$xp$24Exceptionlog@TRaiserType
@$xp$25Esockets@TSocketSendEvent
@$xp$25Ewebtools@TConnectionType
@$xp$26Ecore@TEurekaModuleOptions
@$xp$26Elistview@TListViewItemRec
@$xp$26Esockets@TEurekaClientSMTP
@$xp$26Esockets@TSocketErrorEvent
@$xp$27Esockets@EEurekaSocketError
@$xp$28Ecore@TExceptionDialogOption
@$xp$28Ecore@TTerminateBtnOperation
@$xp$28Esockets@TEurekaClientSocket
@$xp$29Ecore@TExceptionDialogOptions
@$xp$29Exceptionlog@PEurekaDebugInfo
@$xp$29Exceptionlog@TBeginThreadFunc
@$xp$29Exceptionlog@TEurekaDebugInfo
@$xp$29Exceptionlog@TEurekaStackList
@$xp$29Exceptionlog@TExceptionNotify
@$xp$30Exceptionlog@PEurekaModuleInfo
@$xp$30Exceptionlog@PEurekaThreadInfo
@$xp$30Exceptionlog@TCreateThreadFunc
@$xp$30Exceptionlog@TEurekaActionType
@$xp$30Exceptionlog@TEurekaModuleInfo
@$xp$30Exceptionlog@TEurekaModuleType
@$xp$30Exceptionlog@TEurekaThreadInfo
@$xp$31Exceptionlog@EFrozenApplication
@$xp$31Exceptionlog@TEurekaDebugDetail
@$xp$31Exceptionlog@TEurekaModulesList
@$xp$31Regexpr@TRegExprReplaceFunction
@$xp$32Exceptionlog@PEurekaFunctionInfo
@$xp$32Exceptionlog@TEurekaDebugDetails
@$xp$32Exceptionlog@TEurekaFunctionInfo
@$xp$32Exceptionlog@TEurekaLogErrorCode
@$xp$32Exceptionlog@TExceptionErrorProc
@$xp$33Exceptionlog@EurekaLogNotPresents
@$xp$33Exceptionlog@TEurekaFunctionsList
@$xp$33Exceptionlog@TExceptionActionProc
@$xp$33Exceptionlog@TExceptionNotifyProc
@$xp$33Exceptionlog@TPasswordRequestProc
@$xp$34Exceptionlog@TExceptionErrorNotify
@$xp$34Regexpr@TRegExprInvertCaseFunction
@$xp$35Ewebtools@TInternetProgressFunction
@$xp$35Exceptionlog@EEurekaLogGeneralError
@$xp$35Exceptionlog@TCustomDataRequestProc
@$xp$35Exceptionlog@TEurekaExceptionRecord
@$xp$35Exceptionlog@TExceptionActionNotify
@$xp$35Exceptionlog@TPasswordRequestNotify
@$xp$36Exceptionlog@TEurekaExtraInformation
@$xp$37Exceptionlog@TCustomDataRequestNotify
@$xp$37Exceptionlog@TCustomFieldsRequestProc
@$xp$38Exceptionlog@TAttachedFilesRequestProc
@$xp$39Exceptionlog@TCustomFieldsRequestNotify
@$xp$40Exceptionlog@TAttachedFilesRequestNotify
@@Errorunit@Finalize
@@Errorunit@Initialize
@@Programdata@Finalize
@@Programdata@Initialize
@@Registryexclusionsform@Finalize
@@Registryexclusionsform@Initialize
@@Startupaddprogram@Finalize
@@Startupaddprogram@Initialize
@@Taboutusfrm@Finalize
@@Taboutusfrm@Initialize
@@Taddremprograms@Finalize
@@Taddremprograms@Initialize
@@Tbackuprestorefrm@Finalize
@@Tbackuprestorefrm@Initialize
@@Tbhomanagerfrm@Finalize
@@Tbhomanagerfrm@Initialize
@@Tbhoobjects@Finalize
@@Tbhoobjects@Initialize
@@Tbuynowfrm@Finalize
@@Tbuynowfrm@Initialize
@@Tconfigureform@Finalize
@@Tconfigureform@Initialize
@@Tdeepregscan@Finalize
@@Tdeepregscan@Initialize
@@Tdevicedrivers@Finalize
@@Tdevicedrivers@Initialize
@@Tdriveexclusionsform@Finalize
@@Tdriveexclusionsform@Initialize
@@Tdrivesframe@Finalize
@@Tdrivesframe@Initialize
@@Tfileextensions@Finalize
@@Tfileextensions@Initialize
@@Tfilesections@Finalize
@@Tfilesections@Initialize
@@Tfilesoperations@Finalize
@@Tfilesoperations@Initialize
@@Tfontlocation@Finalize
@@Tfontlocation@Initialize
@@Thankyoufrm@Finalize
@@Thankyoufrm@Initialize
@@Thelpres@Finalize
@@Thelpres@Initialize
@@Thistorylist@Finalize
@@Thistorylist@Initialize
@@Tinvalidfilespath@Finalize
@@Tinvalidfilespath@Initialize
@@Tipsoftheday@Finalize
@@Tipsoftheday@Initialize
@@Tlcidbypass@Finalize
@@Tlcidbypass@Initialize
@@Tmainscreen@Finalize
@@Tmainscreen@Initialize
@@Tmscheduler@Finalize
@@Tmscheduler@Initialize
@@Toptionsfrm@Finalize
@@Toptionsfrm@Initialize
@@Tregexp@Finalize
@@Tregexp@Initialize
@@Tregistrybackup@Finalize
@@Tregistrybackup@Initialize
@@Tregistrybypass@Finalize
@@Tregistrybypass@Initialize
@@Tregistrydefragmenterfrm@Finalize
@@Tregistrydefragmenterfrm@Initialize
@@Tregistryintegrity@Finalize
@@Tregistryintegrity@Initialize
@@Tregistrysearch@Finalize
@@Tregistrysearch@Initialize
@@Trepaircounter@Finalize
@@Trepaircounter@Initialize
@@Tscanregistryfrm@Finalize
@@Tscanregistryfrm@Initialize
@@Tsearchregistryfrm@Finalize
@@Tsearchregistryfrm@Initialize
@@Tsharedprograms@Finalize
@@Tsharedprograms@Initialize
@@Tsoftlocation@Finalize
@@Tsoftlocation@Initialize
@@Tsoundandappevents@Finalize
@@Tsoundandappevents@Initialize
@@Tsplashscreen@Finalize
@@Tsplashscreen@Initialize
@@Tstartupinfo@Finalize
@@Tstartupinfo@Initialize
@@Tstartupmanagerfrm@Finalize
@@Tstartupmanagerfrm@Initialize
@@Tstartupprograms@Finalize
@@Tstartupprograms@Initialize
@@Tsystemsettingserrors@Finalize
@@Tsystemsettingserrors@Initialize
@@Twindowsservices@Finalize
@@Twindowsservices@Initialize
@Ebase64@Base64Decode$qqrpxvuipv
@Ebase64@Base64DecodeString$qqrx17System@AnsiString
@Ebase64@Base64Encode$qqrpxvuipv
@Ebase64@Base64EncodeString$qqrx17System@AnsiString
@Ebase64@Base64EncodeToString$qqrpxvui
@Ebase64@CalcDecodedSize$qqrpxvui
@Ebase64@CalcEncodedSize$qqrui
@Ebase64@Finalization$qqrv
@Ebase64@initialization$qqrv
@Econsts@EMsgs
@Econsts@EShowOptions
@Econsts@EVals
@Econsts@EurekaLogCurrentVersion
@Econsts@Finalization$qqrv
@Econsts@initialization$qqrv
@Ecore@ConvertAddress$qqrui
@Ecore@CriticalError
@Ecore@ExtractStringsEx$qqrrx29System@%Set$tc$iuc$0$iuc$255%17System@AnsiStringp16Classes@TStrings
@Ecore@Finalization$qqrv
@Ecore@GetEurekaLogLabel$qqrv
@Ecore@GetGMT$qqrv
@Ecore@GetGMTDateTime$qqr16System@TDateTime
@Ecore@GetLongNameFromShort$qqr17System@AnsiString
@Ecore@GetModifiedDate$qqr17System@AnsiString
@Ecore@GetWorkingFile$qqrr17System@AnsiStringoo
@Ecore@IntoIDE$qqrv
@Ecore@IsReadableFile$qqrx17System@AnsiString
@Ecore@IsValidBlockAddr$qqruiui
@Ecore@IsWritableFile$qqrx17System@AnsiString
@Ecore@LastEurekaVersion
@Ecore@PosEx$qqrx17System@AnsiStringt1i
@Ecore@QuickStringReplace$qqrx17System@AnsiStringt1t1
@Ecore@RADDir$qqrv
@Ecore@RADRegistryKey$qqrv
@Ecore@ReadKey$qqrui17System@AnsiStringt2
@Ecore@SafeExec$qqrpqqrv$v17System@AnsiString
@Ecore@SupportsEx$qqrx35System@%DelphiInterface$t8IUnknown%rx5_GUIDpv
@Ecore@TEurekaModuleOptions@
@Ecore@TEurekaModuleOptions@$bctr$qqr17System@AnsiStringo
@Ecore@TEurekaModuleOptions@$bdtr$qqrv
@Ecore@TEurekaModuleOptions@Assign$qqrp26Ecore@TEurekaModuleOptions
@Ecore@TEurekaModuleOptions@Changed$qqrp14System@TObject
@Ecore@TEurekaModuleOptions@DisableSharedDataWrite$qqrv
@Ecore@TEurekaModuleOptions@EnableSharedDataWrite$qqrv
@Ecore@TEurekaModuleOptions@GetCustomizedTexts$qqr19Etypes@TMessageType
@Ecore@TEurekaModuleOptions@LoadFromStream$qqrp15Classes@TStream
@Ecore@TEurekaModuleOptions@OutputFile$qqr17System@AnsiString
@Ecore@TEurekaModuleOptions@OutputLogFile$qqr17System@AnsiString
@Ecore@TEurekaModuleOptions@SaveToSharedData$qqrv
@Ecore@TEurekaModuleOptions@SaveToStream$qqrp15Classes@TStream
@Ecore@TEurekaModuleOptions@SetActivateHandle$qqrxo
@Ecore@TEurekaModuleOptions@SetActivateLog$qqrxo
@Ecore@TEurekaModuleOptions@SetActive$qqrxo
@Ecore@TEurekaModuleOptions@SetAppendLogs$qqrxo
@Ecore@TEurekaModuleOptions@SetAttachedFiles$qqrx17System@AnsiString
@Ecore@TEurekaModuleOptions@SetAutoCloseDialogSecs$qqrxi
@Ecore@TEurekaModuleOptions@SetAutoCrashMinutes$qqrxi
@Ecore@TEurekaModuleOptions@SetAutoCrashNumber$qqrxi
@Ecore@TEurekaModuleOptions@SetAutoCrashOperation$qqrx28Ecore@TTerminateBtnOperation
@Ecore@TEurekaModuleOptions@SetBehaviourOptions$qqrx50System@%Set$t22Ecore@TBehaviourOption$iuc$0$iuc$6%
@Ecore@TEurekaModuleOptions@SetCallStackOptions$qqrx50System@%Set$t22Ecore@TCallStackOption$iuc$0$iuc$4%
@Ecore@TEurekaModuleOptions@SetCommonSendOptions$qqrx51System@%Set$t23Ecore@TCommonSendOption$iuc$0$iuc$9%
@Ecore@TEurekaModuleOptions@SetCustomizedTexts$qqr19Etypes@TMessageType17System@AnsiString
@Ecore@TEurekaModuleOptions@SetEMailAddresses$qqrx17System@AnsiString
@Ecore@TEurekaModuleOptions@SetEMailMessage$qqrx17System@AnsiString
@Ecore@TEurekaModuleOptions@SetEMailSendMode$qqrx20Ecore@TEmailSendMode
@Ecore@TEurekaModuleOptions@SetEMailSubject$qqrx17System@AnsiString
@Ecore@TEurekaModuleOptions@SetErrorsNumberToSave$qqrxi
@Ecore@TEurekaModuleOptions@SetErrorsNumberToShowTerminateBtn$qqrxi
@Ecore@TEurekaModuleOptions@SetExceptionClassName$qqrpx19Classes@TStringList
@Ecore@TEurekaModuleOptions@SetExceptionDialogOptions$qqrx56System@%Set$t28Ecore@TExceptionDialogOption$iuc$0$iuc$7%
@Ecore@TEurekaModuleOptions@SetExceptionMessage$qqrpx19Classes@TStringList
@Ecore@TEurekaModuleOptions@SetForegroundTab$qqrx21Ecore@TForegroundType
@Ecore@TEurekaModuleOptions@SetFreezeActivate$qqrxo
@Ecore@TEurekaModuleOptions@SetFreezeMessage$qqrx17System@AnsiString
@Ecore@TEurekaModuleOptions@SetFreezeTimeout$qqrxi
@Ecore@TEurekaModuleOptions@SetHTMLLayout$qqrx17System@AnsiString
@Ecore@TEurekaModuleOptions@SetLogOptions$qqrx44System@%Set$t16Ecore@TLogOption$iuc$0$iuc$5%
@Ecore@TEurekaModuleOptions@SetModuleName$qqrx17System@AnsiString
@Ecore@TEurekaModuleOptions@SetOutputPath$qqrx17System@AnsiString
@Ecore@TEurekaModuleOptions@SetSMTPFrom$qqrx17System@AnsiString
@Ecore@TEurekaModuleOptions@SetSMTPHost$qqrx17System@AnsiString
@Ecore@TEurekaModuleOptions@SetSMTPPassword$qqrx17System@AnsiString
@Ecore@TEurekaModuleOptions@SetSMTPPort$qqrxus
@Ecore@TEurekaModuleOptions@SetSMTPUserID$qqrx17System@AnsiString
@Ecore@TEurekaModuleOptions@SetSaveLogFile$qqrxo
@Ecore@TEurekaModuleOptions@SetShowOptions$qqrrx47System@%Set$t18Etypes@TShowOption$iuc$0$iuc$32%
@Ecore@TEurekaModuleOptions@SetShowTerminateBtn$qqrxo
@Ecore@TEurekaModuleOptions@SetSupportURL$qqrx17System@AnsiString
@Ecore@TEurekaModuleOptions@SetTerminateBtnOperation$qqrx28Ecore@TTerminateBtnOperation
@Ecore@TEurekaModuleOptions@SetToDefaultOptions$qqrv
@Ecore@TEurekaModuleOptions@SetWebPassword$qqrx17System@AnsiString
@Ecore@TEurekaModuleOptions@SetWebPort$qqrxi
@Ecore@TEurekaModuleOptions@SetWebSendMode$qqrx18Ecore@TWebSendMode
@Ecore@TEurekaModuleOptions@SetWebURL$qqrx17System@AnsiString
@Ecore@TEurekaModuleOptions@SetWebUserID$qqrx17System@AnsiString
@Ecore@TEurekaModuleOptions@StoreSharedData$qqrv
@Ecore@initialization$qqrv
@Eencrypt@Decrypt$qqrpxvpvui
@Eencrypt@Encrypt$qqrpxvpvui
@Eencrypt@Finalization$qqrv
@Eencrypt@InitKey$qqrx17System@AnsiString
@Eencrypt@initialization$qqrv
@Ehook@Finalization$qqrv
@Ehook@GetFunctionSize$qqruiui
@Ehook@HookDllProcedureEx$qqr17System@AnsiStringt1t1pv
@Ehook@HookProcedureEx$qqrpvt117System@AnsiString
@Ehook@HookVirtualMethod$qqrp17System@TMetaClassipv
@Ehook@JumpToMem$qqrpvt1
@Ehook@TryHookDllProcedureEx$qqrpx17System@AnsiStringxi17System@AnsiStringt3pvrpvo
@Ehook@UnhookProcedure$qqrpv
@Ehook@UnhookVirtualMethod$qqrp17System@TMetaClassi
@Ehook@initialization$qqrv
@Elang@Finalization$qqrv
@Elang@UserCharSet$qqrv
@Elang@initialization$qqrv
@Elistview@DrawBmp$qqruiuiiiii
@Elistview@Finalization$qqrv
@Elistview@TListViewItems@
@Elistview@TListViewItems@$bctr$qqrui
@Elistview@TListViewItems@$bdtr$qqrv
@Elistview@TListViewItems@AddRow$qqrpx17System@AnsiStringxiipvo17System@AnsiString
@Elistview@TListViewItems@Clear$qqrv
@Elistview@TListViewItems@ClickOnItem$qqrirx14Windows@TPointo
@Elistview@TListViewItems@Delete$qqri
@Elistview@TListViewItems@DeleteItem$qqri
@Elistview@TListViewItems@DrawItem$qqriuioo
@Elistview@TListViewItems@DrawList$qqrui
@Elistview@TListViewItems@GetItem$qqri
@Elistview@TListViewItems@GetItemParam$qqri
@Elistview@TListViewItems@InitializeData$qqrv
@Elistview@TListViewItems@InsertItem$qqrp26Elistview@TListViewItemReci
@Elistview@TListViewItems@RedrawItems$qqrii
@Elistview@TListViewItems@SetRedrawState$qqro
@Elistview@initialization$qqrv
@Elogmanager@Finalization$qqrv
@Elogmanager@TLogFile@
@Elogmanager@TLogFile@$bctr$qqrx17System@AnsiStringo
@Elogmanager@TLogFile@$bdtr$qqrv
@Elogmanager@TLogFile@Append$qqrx17System@AnsiStringi
@Elogmanager@TLogFile@FindItem$qqrpx17System@AnsiStringxit1xi
@Elogmanager@TLogFile@FindItemValue$qqrx17System@AnsiStringi
@Elogmanager@TLogFile@GetCount$qqrv
@Elogmanager@TLogFile@GetItem$qqri
@Elogmanager@TLogFile@GetItem_CPU$qqri
@Elogmanager@TLogFile@GetItem_CPUXML$qqri
@Elogmanager@TLogFile@GetItem_CallStack$qqri
@Elogmanager@TLogFile@GetItem_CallStackXML$qqri
@Elogmanager@TLogFile@GetItem_Generals$qqri
@Elogmanager@TLogFile@GetItem_GeneralsXML$qqri
@Elogmanager@TLogFile@GetItem_Modules$qqri
@Elogmanager@TLogFile@GetItem_ModulesXML$qqri
@Elogmanager@TLogFile@GetItem_Reproduce$qqri
@Elogmanager@TLogFile@GetItem_ReproduceXML$qqri
@Elogmanager@TLogFile@GetItem_XML$qqri
@Elogmanager@TLogFile@GetLogVersion$qqri
@Elogmanager@TLogFile@GetText$qqrv
@Elogmanager@TLogFile@GetXML$qqrv
@Elogmanager@TLogFile@LoadFromStream$qqrp15Classes@TStream
@Elogmanager@TLogFile@ParseBuffer$qqrpc
@Elogmanager@TLogFile@Save$qqrv
@Elogmanager@TLogFile@SaveToStream$qqrp15Classes@TStream
@Elogmanager@TLogFile@SaveXMLCopy$qqrx17System@AnsiString
@Elogmanager@TLogFile@SectionIndex$qqrx17System@AnsiStringio
@Elogmanager@TLogItem@
@Elogmanager@TLogItem@$bctr$qqri
@Elogmanager@TLogItem@AddHeader$qqrx17System@AnsiString
@Elogmanager@TLogItem@AddItem$qqrx17System@AnsiStringt1o
@Elogmanager@TLogItem@Clear$qqrv
@Elogmanager@TLogItem@GetString$qqrv
@Elogmanager@initialization$qqrv
@Esockets@EEurekaSocketError@
@Esockets@Finalization$qqrv
@Esockets@GetMXServerFromEmail$qqrx17System@AnsiStringui
@Esockets@TEurekaClientSMTP@
@Esockets@TEurekaClientSMTP@GetText$qqrpxusxi
@Esockets@TEurekaClientSMTP@Open$qqrv
@Esockets@TEurekaClientSMTP@SendCommand$qqr17System@AnsiStringpxusxi
@Esockets@TEurekaClientSocket@
@Esockets@TEurekaClientSocket@$bctr$qqrx17System@AnsiStringusoui
@Esockets@TEurekaClientSocket@$bdtr$qqrv
@Esockets@TEurekaClientSocket@Close$qqrv
@Esockets@TEurekaClientSocket@Error$qqrx17System@AnsiStringpx14System@TVarRecxi
@Esockets@TEurekaClientSocket@GetFullText$qqrv
@Esockets@TEurekaClientSocket@LookupName$qqrx17System@AnsiString
@Esockets@TEurekaClientSocket@Open$qqrv
@Esockets@TEurekaClientSocket@ReceiveBuf$qqrpvi
@Esockets@TEurekaClientSocket@ReceiveFullText$qqrv
@Esockets@TEurekaClientSocket@ReceiveText$qqrv
@Esockets@TEurekaClientSocket@SendBuf$qqrpvi
@Esockets@TEurekaClientSocket@SendText$qqrx17System@AnsiString
@Esockets@initialization$qqrv
@Etargzip@ExtractGZipStream$qqrpx21Classes@TMemoryStreamt1
@Etargzip@Finalization$qqrv
@Etargzip@TTGZExtractor@
@Etargzip@TTGZExtractor@$bctr$qqrx17System@AnsiStringt1
@Etargzip@TTGZWriter@
@Etargzip@TTGZWriter@$bctr$qqrx17System@AnsiString
@Etargzip@TTGZWriter@$bdtr$qqrv
@Etargzip@TTGZWriter@AddFile$qqrx17System@AnsiStringt1
@Etargzip@TTGZWriter@AddStream$qqrp15Classes@TStreamx17System@AnsiString16System@TDateTime
@Etargzip@initialization$qqrv
@Etypes@Finalization$qqrv
@Etypes@initialization$qqrv
@Ewebtools@CheckInternetConnection$qqrv
@Ewebtools@ElaborateURL$qqr17System@AnsiStringr17System@AnsiStringt2t2t2t2rus
@Ewebtools@FTPUploadFiles$qqrx17System@AnsiStringt1t1t1usp16Classes@TStringst6pqqr25Ewebtools@TConnectionTypeuiui$vr17System@AnsiString
@Ewebtools@Finalization$qqrv
@Ewebtools@GetHTMLPage$qqrx17System@AnsiStringr17System@AnsiString
@Ewebtools@HTTPUploadFiles$qqrx17System@AnsiStringt1t1t1usop16Classes@TStringst7t7t7pqqr25Ewebtools@TConnectionTypeuiui$vr17System@AnsiString
@Ewebtools@SetProxyAuthenticationData$qqrx17System@AnsiStringt1
@Ewebtools@SetProxyServer$qqrx17System@AnsiStringus
@Ewebtools@initialization$qqrv
@Exceptionlog@AttachedFilesRequest
@Exceptionlog@CallStackToStrings$qqrp29Exceptionlog@TEurekaStackListp16Classes@TStrings
@Exceptionlog@CurrentEurekaLogOptions$qqrv
@Exceptionlog@CustomDataRequest
@Exceptionlog@CustomFieldsRequest
@Exceptionlog@EEurekaLogGeneralError@
@Exceptionlog@EFrozenApplication@
@Exceptionlog@EurekaLogNotPresents@
@Exceptionlog@EurekaLogSendEmail$qqrx17System@AnsiStringt1t1t1
@Exceptionlog@ExceptionActionNotify
@Exceptionlog@ExceptionErrorNotify
@Exceptionlog@ExceptionNotify
@Exceptionlog@FastMM_LogStackTrace$qqrpuiuipcooo
@Exceptionlog@Finalization$qqrv
@Exceptionlog@ForceApplicationTermination$qqr28Ecore@TTerminateBtnOperation
@Exceptionlog@GenerateHTML$qqrx17System@AnsiStringo
@Exceptionlog@GetCallStackByLevels$qqrii
@Exceptionlog@GetCompilationDate$qqruior16System@TDateTime
@Exceptionlog@GetCurrentCallStack$qqrv
@Exceptionlog@GetEurekaLogModuleVersion$qqrui
@Exceptionlog@GetLastEurekaLogErrorCode$qqrv
@Exceptionlog@GetLastEurekaLogErrorMsg$qqrv
@Exceptionlog@GetLastExceptionAddress$qqrv
@Exceptionlog@GetLastExceptionCallStack$qqrv
@Exceptionlog@GetLastExceptionObject$qqrv
@Exceptionlog@HookedCreateThread$qqspvuit1t1uirui
@Exceptionlog@HookedExitThread$qqsui
@Exceptionlog@HookedRaise$qqrv
@Exceptionlog@HookedResumeThread$qqsui
@Exceptionlog@HookedRtlUnwind$qqrv
@Exceptionlog@HookedUnhandledExceptionFilter$qqspv
@Exceptionlog@HookedWriteFile$qqsipxvuiruipv
@Exceptionlog@IsEurekaLogActive$qqrv
@Exceptionlog@IsEurekaLogActiveInThread$qqrui
@Exceptionlog@IsEurekaLogInstalled$qqrv
@Exceptionlog@IsEurekaLogModule$qqrui
@Exceptionlog@PasswordRequest
@Exceptionlog@SaveScreenshot$qqrx17System@AnsiString
@Exceptionlog@SaveScreenshotToStream$qqrp15Classes@TStream
@Exceptionlog@SetCustomErrorMessage$qqrx17System@AnsiString
@Exceptionlog@SetEurekaLogInThread$qqruio
@Exceptionlog@SetEurekaLogState$qqro
@Exceptionlog@ShowLastExceptionData$qqrv
@Exceptionlog@StandardEurekaError$qqrx17System@AnsiString
@Exceptionlog@StandardEurekaNotify$qqrp14System@TObjectpv
@Exceptionlog@TEurekaFunctionsList@
@Exceptionlog@TEurekaFunctionsList@$bdtr$qqrv
@Exceptionlog@TEurekaFunctionsList@Clear$qqrv
@Exceptionlog@TEurekaFunctionsList@Delete$qqri
@Exceptionlog@TEurekaFunctionsList@GetItem$qqri
@Exceptionlog@TEurekaLog@
@Exceptionlog@TEurekaLog@$bctr$qqrp18Classes@TComponent
@Exceptionlog@TEurekaLog@$bdtr$qqrv
@Exceptionlog@TEurekaModulesList@
@Exceptionlog@TEurekaModulesList@$bdtr$qqrv
@Exceptionlog@TEurekaModulesList@Clear$qqrv
@Exceptionlog@TEurekaModulesList@Delete$qqri
@Exceptionlog@TEurekaModulesList@GetItem$qqri
@Exceptionlog@TEurekaStackList@
@Exceptionlog@TEurekaStackList@$bdtr$qqrv
@Exceptionlog@TEurekaStackList@AddFrom$qqrp29Exceptionlog@TEurekaDebugInfo
@Exceptionlog@TEurekaStackList@Clear$qqrv
@Exceptionlog@TEurekaStackList@Delete$qqri
@Exceptionlog@TEurekaStackList@GetItem$qqri
@Exceptionlog@initialization$qqrv
@Exmlbuilder@Finalization$qqrv
@Exmlbuilder@TXMLItem@
@Exmlbuilder@TXMLItem@$bctr$qqr17System@AnsiString
@Exmlbuilder@TXMLItem@$bdtr$qqrv
@Exmlbuilder@TXMLItem@AddField$qqrx17System@AnsiStringt1
@Exmlbuilder@TXMLItem@AddItem$qqrx17System@AnsiString
@Exmlbuilder@TXMLItem@AppendXMLText$qqrr17System@AnsiString
@Exmlbuilder@TXMLItem@EncodedString$qqrx17System@AnsiString
@Exmlbuilder@TXMLItem@GetXMLText$qqrv
@Exmlbuilder@TXMLItem@SaveXMLToFile$qqrx17System@AnsiString
@Exmlbuilder@TXMLItem@SetValue$qqrx17System@AnsiString
@Exmlbuilder@TXMLItems@
@Exmlbuilder@TXMLItems@$bdtr$qqrv
@Exmlbuilder@TXMLItems@AddItem$qqrx17System@AnsiString
@Exmlbuilder@TXMLItems@GetItem$qqri
@Exmlbuilder@initialization$qqrv
@Ezlib@EZLibError@
@Ezlib@Finalization$qqrv
@Ezlib@ZCompress$qqrpxvirpvri
@Ezlib@ZDecompress$qqrpxvirpvri
@Ezlib@_z_errmsg
@Ezlib@adler32$qqripxci
@Ezlib@compressBound$qqri
@Ezlib@crc32$qqruipvui
@Ezlib@deflate$qqrr17Ezlib@TZStreamReci
@Ezlib@deflateEnd$qqrr17Ezlib@TZStreamRec
@Ezlib@deflateInit_$qqrr17Ezlib@TZStreamRecipci
@Ezlib@inflate$qqrr17Ezlib@TZStreamReci
@Ezlib@inflateBack$qqrr17Ezlib@TZStreamRecpvt2t2t2
@Ezlib@inflateBackEnd$qqrr17Ezlib@TZStreamRec
@Ezlib@inflateBackInit_$qqrr17Ezlib@TZStreamRecipvpci
@Ezlib@inflateEnd$qqrr17Ezlib@TZStreamRec
@Ezlib@inflateInit_$qqrr17Ezlib@TZStreamRecpci
@Ezlib@inflateReset$qqrr17Ezlib@TZStreamRec
@Ezlib@initialization$qqrv
@Regexpr@ERegExpr@
@Regexpr@ExecRegExpr$qqrx17System@AnsiStringt1
@Regexpr@Finalization$qqrv
@Regexpr@QuoteRegExprMetaChars$qqrx17System@AnsiString
@Regexpr@RegExprInvertCaseFunction
@Regexpr@RegExprLinePairedSeparator
@Regexpr@RegExprLineSeparators
@Regexpr@RegExprModifierG

Sections

.text
Size: 240KB - Virtual size: 692KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 32KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 560KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 528KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mackt
Size: 11KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
crack/下载说明.htm
.html .js polyglot
crack/安装说明.txt
crack/非常世纪资源网.url
.url
registrywasher-setup.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot
非常世纪资源网.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 240KB - Virtual size: 692KB

.data Size: 32KB - Virtual size: 192KB

.tls Size: 4KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 44KB

.edata Size: 560KB - Virtual size: 560KB

.reloc Size: - Virtual size: 1.2MB

.rsrc Size: 528KB - Virtual size: 528KB

.mackt Size: 11KB - Virtual size: 40KB

.aspack Size: 10KB - Virtual size: 12KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 36KB - Virtual size: 35KB

DATA Size: 1024B - Virtual size: 584B

BSS Size: - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 2KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 240KB - Virtual size: 692KB

.data
Size: 32KB - Virtual size: 192KB

.tls
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 44KB

.edata
Size: 560KB - Virtual size: 560KB

.reloc
Size: - Virtual size: 1.2MB

.rsrc
Size: 528KB - Virtual size: 528KB

.mackt
Size: 11KB - Virtual size: 40KB

.aspack
Size: 10KB - Virtual size: 12KB

.adata
Size: - Virtual size: 4KB

CODE
Size: 36KB - Virtual size: 35KB

DATA
Size: 1024B - Virtual size: 584B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 10KB - Virtual size: 10KB