Static task
static1
Behavioral task
behavioral1
Sample
b11c68cf14c89812144548a93f4003d87c694f5035aefda68846d5b3ac8a6bf7.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
b11c68cf14c89812144548a93f4003d87c694f5035aefda68846d5b3ac8a6bf7.dll
Resource
win10v2004-20240221-en
windows10-2004-x64
General
-
Target
b11c68cf14c89812144548a93f4003d87c694f5035aefda68846d5b3ac8a6bf7
-
Size
187KB
-
MD5
6dbc9f4572e966ae12e0ee23c869943f
-
SHA1
628ba3bacf281450fa7d7c3c37e854a2e6ef11ab
-
SHA256
b11c68cf14c89812144548a93f4003d87c694f5035aefda68846d5b3ac8a6bf7
-
SHA512
578f6e38a954b888f8d3832854051a0eabdcdfc93fecb152aacde7d9e7cbde1f48da484fa628def4f0705aba17f154a9d24a1c1ce8073cdd520266e2249270ae
-
SSDEEP
3072:kQPCW0N5Q/HGIIlv4wbbwj99AHPEF1UmO8L2AwI8AvgeeMJl8Zg1J3NXPlSthwsO:PkQXfX5B/VbVq
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b11c68cf14c89812144548a93f4003d87c694f5035aefda68846d5b3ac8a6bf7
Files
-
b11c68cf14c89812144548a93f4003d87c694f5035aefda68846d5b3ac8a6bf7.dll windows:5 windows x86 arch:x86
d4b0c4843021d49c9da6b38441b50dec
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
Imports
rtl140.bpl
@System@initialization$qqrv
@System@Finalization$qqrv
@System@LoadResString$qqrp20System@TResStringRec
@System@TInterfacedObject@_Release$qqsv
@System@TInterfacedObject@_AddRef$qqsv
@System@TInterfacedObject@QueryInterface$qqsrx5_GUIDpv
@System@TInterfacedObject@NewInstance$qqrv
@System@TInterfacedObject@BeforeDestruction$qqrv
@System@TInterfacedObject@AfterConstruction$qqrv
@System@@IntfCast$qqrr45System@%DelphiInterface$t17System@IInterface%x45System@%DelphiInterface$t17System@IInterface%rx5_GUID
@System@@IntfCopy$qqrr45System@%DelphiInterface$t17System@IInterface%x45System@%DelphiInterface$t17System@IInterface%
@System@@IntfClear$qqrr45System@%DelphiInterface$t17System@IInterface%
@System@RegisterModule$qqrp17System@TLibModule
@System@@DynArrayAsg$qqrv
@System@@DynArrayClear$qqrrpvpv
@System@@DynArraySetLength$qqrv
@System@@DynArrayLength$qqrv
@System@@_llmulo$qqrv
@System@@CopyRecord$qqrv
@System@@FinalizeArray$qqrpvt1ui
@System@@InitializeRecord$qqrpvt1
@System@Pos$qqrx20System@UnicodeStringt1
@System@@UniqueStringU$qqrr20System@UnicodeString
@System@@UStrCopy$qqrx20System@UnicodeStringii
@System@@UStrEqual$qqrv
@System@@UStrCatN$qqrv
@System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2
@System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrSetLength$qqrr20System@UnicodeStringi
@System@@UStrLen$qqrx20System@UnicodeString
@System@@WStrFromUStr$qqrr17System@WideStringx20System@UnicodeString
@System@@LStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus
@System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%
@System@@UStrFromPWChar$qqrr20System@UnicodeStringpb
@System@@UStrFromPChar$qqrr20System@UnicodeStringpc
@System@@UStrToPWChar$qqrx20System@UnicodeString
@System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrArrayClr$qqrpvi
@System@@UStrClr$qqrpv
@System@@UStrAddRef$qqrpv
@System@@WStrClr$qqrpv
@System@@LStrSetLength$qqrv
@System@@LStrToPChar$qqrx27System@%AnsiStringT$us$i0$%
@System@@LStrFromPWChar$qqrr27System@%AnsiStringT$us$i0$%pbus
@System@@EnsureUnicodeString$qqrr20System@UnicodeString
@System@@LStrFromPCharLen$qqrr27System@%AnsiStringT$us$i0$%pcius
@System@@LStrClr$qqrpv
@System@@Assert$qqrx20System@UnicodeStringt1i
@System@@RunError$qqruc
@System@@Halt0$qqrv
@System@@StartLib$qqrv
@System@@TryFinallyExit$qqrv
@System@@DoneExcept$qqrv
@System@@RaiseAgain$qqrv
@System@@RaiseExcept$qqrv
@System@@HandleFinally$qqrv
@System@@HandleOnException$qqrv
@System@@HandleAnyException$qqrv
@System@@BeforeDestruction$qqrp14System@TObjectzc
@System@@AfterConstruction$qqrp14System@TObject
@System@@ClassDestroy$qqrp14System@TObject
@System@@ClassCreate$qqrp17System@TMetaClasso
@System@TObject@Dispatch$qqrpv
@System@TObject@BeforeDestruction$qqrv
@System@TObject@AfterConstruction$qqrv
@System@TObject@DefaultHandler$qqrpv
@System@TObject@ToString$qqrv
@System@TObject@SafeCallException$qqrp14System@TObjectpv
@System@TObject@GetInterface$qqrrx5_GUIDpv
@System@TObject@GetHashCode$qqrv
@System@TObject@Equals$qqrp14System@TObject
@System@TObject@Free$qqrv
@System@TObject@$bdtr$qqrv
@System@TObject@$bctr$qqrv
@System@TObject@FreeInstance$qqrv
@System@TObject@NewInstance$qqrv
@System@@IntOver$qqrv
@System@@BoundErr$qqrv
@System@@SetEq$qqrv
@System@@FillChar$qqrpvib
@System@@AbstractError$qqrv
@System@ParamStr$qqri
@System@Move$qqrpxvpvi
@System@@FreeMem$qqrpv
@System@@GetMem$qqri
@System@SysRegisterExpectedMemoryLeak$qqrpv
@$xp$24System@TInterfacedObject
@System@TInterfacedObject@
@$xp$9IDispatch
@$xp$14System@TObject
@System@TObject@
@$xp$17System@OleVariant
@$xp$14System@Variant
@$xp$13System@string
@$xp$9PAnsiChar
@$xp$5Int64
@$xp$8Cardinal
@$xp$7Pointer
@$xp$11System@Word
@$xp$11System@Byte
@$xp$7Integer
@$xp$7Boolean
@Sysutils@initialization$qqrv
@Sysutils@Finalization$qqrv
@Sysutils@TEncoding@GetBytes$qqrx20System@UnicodeString
@Sysutils@TEncoding@GetASCII$qqrv
@Sysutils@TEncoding@$bcdtr$qqrv
@Sysutils@SafeLoadLibrary$qqrx20System@UnicodeStringui
@Sysutils@TLanguages@$bcdtr$qqrv
@Sysutils@FreeAndNil$qqrpv
@Sysutils@RaiseLastOSError$qqrv
@Sysutils@StringReplace$qqrx20System@UnicodeStringt1t149System@%Set$t21Sysutils@Sysutils__55$iuc$0$iuc$1%
@Sysutils@AnsiPos$qqrx20System@UnicodeStringt1
@Sysutils@IncludeTrailingPathDelimiter$qqrx20System@UnicodeString
@Sysutils@Exception@$bcdtr$qqrv
@Sysutils@Exception@$bcctr$qqrv
@Sysutils@Exception@ToString$qqrv
@Sysutils@Exception@RaisingException$qqrp25Sysutils@TExceptionRecord
@Sysutils@Exception@GetBaseException$qqrv
@Sysutils@Exception@$bdtr$qqrv
@Sysutils@Exception@$bctr$qqrp20System@TResStringRec
@Sysutils@Exception@$bctr$qqrx20System@UnicodeStringpx14System@TVarRecxi
@Sysutils@Exception@$bctr$qqrx20System@UnicodeString
@Sysutils@SysErrorMessage$qqrui
@Sysutils@Format$qqrx20System@UnicodeStringpx14System@TVarRecxirx24Sysutils@TFormatSettings
@Sysutils@Format$qqrx20System@UnicodeStringpx14System@TVarRecxi
@Sysutils@ExtractFilePath$qqrx20System@UnicodeString
@Sysutils@FileExists$qqrx20System@UnicodeString
@Sysutils@StrToIntDef$qqrx20System@UnicodeStringi
@Sysutils@StrToInt$qqrx20System@UnicodeString
@Sysutils@IntToHex$qqrii
@Sysutils@IntToStr$qqrj
@Sysutils@IntToStr$qqri
@Sysutils@Trim$qqrx20System@UnicodeString
@Sysutils@AnsiCompareText$qqrx20System@UnicodeStringt1
@Sysutils@SameText$qqrx20System@UnicodeStringt1
@Sysutils@LowerCase$qqrx20System@UnicodeString
@Sysutils@UpperCase$qqrx20System@UnicodeString
@$xp$18Sysutils@TEncoding
@Sysutils@TEncoding@$bcctr$qqrv
@Sysutils@LeadBytes
@$xp$24Sysutils@TFormatSettings
@Sysutils@Win32MinorVersion
@Sysutils@Win32MajorVersion
@Sysutils@Win32Platform
@Sysutils@EConvertError@
@$xp$18Sysutils@Exception
@Sysutils@Exception@
@$xp$15Sysutils@TBytes
@Sysutils@TLanguages@$bcctr$qqrv
@$xp$13TByteDynArray
@Rtlconsts@_SMemoryStreamError
@Classes@initialization$qqrv
@Classes@Finalization$qqrv
@Classes@TThread@$bcdtr$qqrv
@Classes@TThread@$bcctr$qqrv
@Classes@TCustomMemoryStream@Seek$qqrius
@Classes@TCustomMemoryStream@Read$qqrpvi
@Classes@TCustomMemoryStream@SetPointer$qqrpvi
@Classes@TStream@Seek$qqrxj19Classes@TSeekOrigin
@Classes@TStream@SetSize$qqrxj
@Classes@TStream@SetSize$qqri
@Classes@TStream@GetSize$qqrv
@Classes@TStream@SetPosition$qqrxj
@Classes@TStream@GetPosition$qqrv
@Classes@TStringList@$bctr$qqrv
@Classes@TStrings@EndUpdate$qqrv
@Classes@TStrings@BeginUpdate$qqrv
@Classes@TBytesStream@
@Classes@TMemoryStream@
@$xp$27Classes@TCustomMemoryStream
@Classes@TCustomMemoryStream@
@$xp$15Classes@TStream
@Classes@TStringList@
@$xp$16Classes@TStrings
@Classes@EStreamError@
@$xp$19Classes@TSeekOrigin
@Typinfo@initialization$qqrv
@Typinfo@Finalization$qqrv
@Variants@initialization$qqrv
@Variants@Finalization$qqrv
@Variants@Null$qqrv
@Variants@VarIsNull$qqrrx14System@Variant
@Variants@VarIsStr$qqrrx14System@Variant
@Variants@VarIsNumeric$qqrrx14System@Variant
@Variants@@OleVarFromVar$qqrr8TVarDatarx8TVarData
@Variants@@OleVarFromUStr$qqrr8TVarDatax20System@UnicodeString
@Variants@@VarFromDisp$qqrr8TVarDatax36System@%DelphiInterface$t9IDispatch%
@Variants@@VarToIntf$qqrr45System@%DelphiInterface$t17System@IInterface%rx8TVarData
@Variants@@VarToUStr$qqrr20System@UnicodeStringrx8TVarData
@Variants@@DispInvoke$qp8TVarDatarx8TVarDatap16System@TCallDescpv
@Variants@@VarClr$qqrr8TVarData
@Variants@EmptyParam
@Varutils@initialization$qqrv
@Varutils@Finalization$qqrv
@Rtti@initialization$qqrv
@Rtti@Finalization$qqrv
@Syncobjs@initialization$qqrv
@Syncobjs@Finalization$qqrv
@Syncobjs@TCriticalSection@Release$qqrv
@Syncobjs@TCriticalSection@Acquire$qqrv
@Syncobjs@TCriticalSection@$bdtr$qqrv
@Syncobjs@TCriticalSection@$bctr$qqrv
@$xp$25Syncobjs@TCriticalSection
@Syncobjs@TCriticalSection@
@Timespan@TTimeSpan@$bcctr$qqrv
@Timespan@TTimeSpan@$bcdtr$qqrv
@Varconv@initialization$qqrv
@Varconv@Finalization$qqrv
@Convutils@initialization$qqrv
@Convutils@Finalization$qqrv
@Varcmplx@initialization$qqrv
@Varcmplx@Finalization$qqrv
@Registry@initialization$qqrv
@Registry@Finalization$qqrv
@Registry@TRegistry@ReadInteger$qqrx20System@UnicodeString
@Registry@TRegistry@ReadString$qqrx20System@UnicodeString
@Registry@TRegistry@OpenKeyReadOnly$qqrx20System@UnicodeString
@Registry@TRegistry@SetRootKey$qqrp6HKEY__
@Registry@TRegistry@$bctr$qqrv
@Registry@TRegistry@
@Inifiles@initialization$qqrv
@Inifiles@Finalization$qqrv
@Ioutils@initialization$qqrv
@Ioutils@Finalization$qqrv
@Ioutils@TPath@$bcctr$qqrv
@Ioutils@TFile@ReadAllText$qqrx20System@UnicodeString
@Ioutils@TPath@$bcdtr$qqrv
@Comobj@initialization$qqrv
@Comobj@Finalization$qqrv
@Comobj@CreateOleObject$qqrx20System@UnicodeString
@Uxtheme@initialization$qqrv
@Uxtheme@Finalization$qqrv
@Helpintfs@initialization$qqrv
@Helpintfs@Finalization$qqrv
@Multimon@initialization$qqrv
@Multimon@Finalization$qqrv
@Flatsb@initialization$qqrv
@Flatsb@Finalization$qqrv
@Msxml@CoXMLHTTP60@Create$qqrv
@Msxml@CoXMLHTTP40@Create$qqrv
@Msxml@CoXMLHTTP30@Create$qqrv
@Msxml@CoXMLHTTP26@Create$qqrv
@Msxml@CoXMLHTTP60@
@Msxml@CoXMLHTTP40@
@Msxml@CoXMLHTTP30@
@Msxml@CoXMLHTTP26@
kernel32
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
IsDebuggerPresent
OutputDebugStringW
GlobalMemoryStatusEx
GetVersionExW
GetTempPathW
GetProcAddress
GetModuleHandleW
GetLastError
GetFileSize
InterlockedExchange
FreeLibrary
DeviceIoControl
CreateFileW
CompareStringW
CloseHandle
ole32
CoUninitialize
CoInitialize
baselib.bpl
@Superobject@TSuperObjectHelper@ToJson$qqrp29Superobject@TSuperRttiContext
@Superobject@SO$qqrx20System@UnicodeString
@$xp$29Superobject@TSuperRttiContext
@$xp$24Superobject@ISuperObject
@Fslib@initialization$qqrv
@Fslib@Finalization$qqrv
@Fslib@TFsEnvironment@WinIsVistaBased$qqrv
@Fslib@TFsEnvironment@UserName$qqrv
@Fslib@TFsEnvironment@IsWow64$qqrv
@Fslib@TFsEnvironment@Create$qqrv
@Fslib@TFsEnvironment@ComputerName$qqrv
@Regularexpressions@initialization$qqrv
@Regularexpressions@Finalization$qqrv
@Cfgvnt@initialization$qqrv
@Cfgvnt@Finalization$qqrv
@Udes@DES$qqrp32System@%StaticArray$uci$i32768$%t1t1i13Udes@TDesMode
@Sevenzip@initialization$qqrv
@Sevenzip@Finalization$qqrv
@Fsmui@initialization$qqrv
@Fsmui@Finalization$qqrv
@Fsoem@initialization$qqrv
@Fsoem@Finalization$qqrv
@Bmxcarddef@initialization$qqrv
@Bmxcarddef@Finalization$qqrv
@Fssocket@initialization$qqrv
@Fssocket@Finalization$qqrv
appbase.bpl
@Fsapplc@initialization$qqrv
@Fsapplc@Finalization$qqrv
@Fsapplc@TAppSystem@ShowMsg$qqr20System@UnicodeStringi
@Fsapplc@TAppSystem@RegisterService$qqrrx5_GUIDx45System@%DelphiInterface$t17System@IInterface%
@Fsapplc@TAppSystem@GetObject$qqrp14System@TObject20System@UnicodeString
@Fsapplc@AppSys
@Fsstrs@initialization$qqrv
@Fsstrs@Finalization$qqrv
@Fssettings@initialization$qqrv
@Fssettings@Finalization$qqrv
@Udhk@initialization$qqrv
@Udhk@Finalization$qqrv
nativexml401.bpl
@Nativexml@initialization$qqrv
@Nativexml@Finalization$qqrv
@Nativexml@sdWideToUtf8$qqrx20System@UnicodeString
@Nativexml@TNativeXml@SetXmlFormat$qqrx24Nativexml@TXmlFormatType
@Nativexml@TNativeXml@GetRoot$qqrv
@Nativexml@TNativeXml@$bctr$qqrx31System@%AnsiStringT$us$i65001$%p18Classes@TComponent
@Nativexml@TXmlNode@SetValueUnicode$qqrx20System@UnicodeString
@$xp$20Nativexml@TNativeXml
@Nativexml@TNativeXml@
@Sddebug@initialization$qqrv
@Sddebug@Finalization$qqrv
vcl140.bpl
@Graphics@initialization$qqrv
@Graphics@Finalization$qqrv
@Forms@initialization$qqrv
@Forms@Finalization$qqrv
@Actnlist@initialization$qqrv
@Actnlist@Finalization$qqrv
@Themes@initialization$qqrv
@Themes@Finalization$qqrv
@Controls@initialization$qqrv
@Controls@Finalization$qqrv
@Menus@initialization$qqrv
@Menus@Finalization$qqrv
@Dialogs@initialization$qqrv
@Dialogs@Finalization$qqrv
@Comctrls@initialization$qqrv
@Comctrls@Finalization$qqrv
@Graphutil@initialization$qqrv
@Graphutil@Finalization$qqrv
@Extctrls@initialization$qqrv
@Extctrls@Finalization$qqrv
@Printers@initialization$qqrv
@Printers@Finalization$qqrv
@Clipbrd@initialization$qqrv
@Clipbrd@Finalization$qqrv
inet140.bpl
@Sockets@initialization$qqrv
@Sockets@Finalization$qqrv
geometry.bpl
@Cadtypes@initialization$qqrv
@Cadtypes@Finalization$qqrv
vclimg140.bpl
@Gifimg@initialization$qqrv
@Gifimg@Finalization$qqrv
@Pngimage@initialization$qqrv
@Pngimage@Finalization$qqrv
@Jpeg@initialization$qqrv
@Jpeg@Finalization$qqrv
iphlpapi
GetAdaptersAddresses
GetNumberOfInterfaces
Sections
.text Size: 138KB - Virtual size: 138KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.itext Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 100B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ