d4e14853fc5c0d56768e5919ecaf1f25ab02ccd86a441caa7a19bf9e5095622a

Sharing

Copy URL

Twitter E-mail

General

Target

d4e14853fc5c0d56768e5919ecaf1f25ab02ccd86a441caa7a19bf9e5095622a
Size

172KB
MD5

fe1d3dd55c7139b9ae61640579d26ac9
SHA1

eb1cc91f6c9dadaac001d62be8b0c3093ac51e98
SHA256

d4e14853fc5c0d56768e5919ecaf1f25ab02ccd86a441caa7a19bf9e5095622a
SHA512

feddee1a05069e4859866639642a264b834ed5876816b18365c97d2b3c2b4aadf04c27352083d03aa210f0415ddaa9996bf5d94c319d4395c8c0d6efee60ec5a
SSDEEP

1536:VbQh51C9mJXUR1wgYici7d4MJg3HhNIfUFIKmi4:hlmB9i7d4wUHsfUtT4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4e14853fc5c0d56768e5919ecaf1f25ab02ccd86a441caa7a19bf9e5095622a

Files

d4e14853fc5c0d56768e5919ecaf1f25ab02ccd86a441caa7a19bf9e5095622a
.dll windows:5 windows x86 arch:x86

36131e7b0537222ffbbcc704129a114b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

rtl140.bpl

@System@initialization$qqrv
@System@Finalization$qqrv
@System@RegisterModule$qqrp17System@TLibModule
@System@@UStrEqual$qqrv
@System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrArrayClr$qqrpvi
@System@@UStrClr$qqrpv
@System@@RunError$qqruc
@System@@Halt0$qqrv
@System@@StartLib$qqrv
@System@@HandleFinally$qqrv
@Classes@initialization$qqrv
@Classes@Finalization$qqrv
@Classes@TThread@$bcdtr$qqrv
@Classes@TThread@$bcctr$qqrv
@Typinfo@initialization$qqrv
@Typinfo@Finalization$qqrv
@Sysutils@initialization$qqrv
@Sysutils@Finalization$qqrv
@Sysutils@TEncoding@$bcdtr$qqrv
@Sysutils@TLanguages@$bcdtr$qqrv
@Sysutils@Exception@$bcdtr$qqrv
@Sysutils@Exception@$bcctr$qqrv
@Sysutils@FloatToStr$qqrg
@Sysutils@StrToIntDef$qqrx20System@UnicodeStringi
@Sysutils@IntToStr$qqri
@Sysutils@Trim$qqrx20System@UnicodeString
@Sysutils@TEncoding@$bcctr$qqrv
@Sysutils@TLanguages@$bcctr$qqrv
@Variants@initialization$qqrv
@Variants@Finalization$qqrv
@Varutils@initialization$qqrv
@Varutils@Finalization$qqrv
@Inifiles@initialization$qqrv
@Inifiles@Finalization$qqrv
@Ioutils@initialization$qqrv
@Ioutils@Finalization$qqrv
@Ioutils@TPath@$bcctr$qqrv
@Ioutils@TPath@$bcdtr$qqrv
@Syncobjs@initialization$qqrv
@Syncobjs@Finalization$qqrv
@Timespan@TTimeSpan@$bcctr$qqrv
@Timespan@TTimeSpan@$bcdtr$qqrv
@Ansistrings@initialization$qqrv
@Ansistrings@Finalization$qqrv
@Registry@initialization$qqrv
@Registry@Finalization$qqrv
@Uxtheme@initialization$qqrv
@Uxtheme@Finalization$qqrv
@Helpintfs@initialization$qqrv
@Helpintfs@Finalization$qqrv
@Multimon@initialization$qqrv
@Multimon@Finalization$qqrv
@Flatsb@initialization$qqrv
@Flatsb@Finalization$qqrv
@Comobj@initialization$qqrv
@Comobj@Finalization$qqrv

kernel32

TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
GetVersionExW
FreeLibrary

l2calc.bpl

@Taxconst@initialization$qqrv
@Taxconst@Finalization$qqrv
@Libstate@initialization$qqrv
@Libstate@Finalization$qqrv
@Numlist@TTextList@GetValues$qqri
@Ldetail@initialization$qqrv
@Ldetail@Finalization$qqrv
@Ldate@initialization$qqrv
@Ldate@Finalization$qqrv
@Pclfonts@initialization$qqrv
@Pclfonts@Finalization$qqrv
@Procmisc@StrToFloatDef$qqrx20System@UnicodeStringd
@Bnxtclc@initialization$qqrv
@Bnxtclc@Finalization$qqrv
@Ltbase@initialization$qqrv
@Ltbase@Finalization$qqrv
@Lindata@initialization$qqrv
@Lindata@Finalization$qqrv
@Statedef@initialization$qqrv
@Statedef@Finalization$qqrv
@Diagconst@initialization$qqrv
@Diagconst@Finalization$qqrv
@Fldconst@initialization$qqrv
@Fldconst@Finalization$qqrv
@Coestreamobject@initialization$qqrv
@Coestreamobject@Finalization$qqrv

vcl140.bpl

@Forms@initialization$qqrv
@Forms@Finalization$qqrv
@Actnlist@initialization$qqrv
@Actnlist@Finalization$qqrv
@Graphics@initialization$qqrv
@Graphics@Finalization$qqrv
@Themes@initialization$qqrv
@Themes@Finalization$qqrv
@Controls@initialization$qqrv
@Controls@Finalization$qqrv
@Menus@initialization$qqrv
@Menus@Finalization$qqrv
@Dialogs@initialization$qqrv
@Dialogs@Finalization$qqrv
@Comctrls@initialization$qqrv
@Comctrls@Finalization$qqrv
@Graphutil@initialization$qqrv
@Graphutil@Finalization$qqrv
@Extctrls@initialization$qqrv
@Extctrls@Finalization$qqrv
@Printers@initialization$qqrv
@Printers@Finalization$qqrv
@Clipbrd@initialization$qqrv
@Clipbrd@Finalization$qqrv

l2engine.bpl

@Printvars@TPrintVariables@GetContainerInfo$qqrusui30Haltypes@TContainerInformation
@Printvars@TPrintVariables@GetClientNotesData$qqr18Haltypes@TNoteMode18Haltypes@TNoteTypei20System@UnicodeString
@Printvars@TPrintVariables@GetPageCaption$qqrui20System@UnicodeStringi24Haltypes@TPageNumberMode28Haltypes@TStartNumberingMode
@Printvars@TPrintVariables@GetGridLineCount$qqr23Haltypes@TLineCountModeuiuiui
@Printvars@TPrintVariables@GetTaxFieldData$qqruiiio
@Printvars@TPrintVariables@GetStateSubclientData$qqrii
@Printvars@TPrintVariables@GetFedSubclientData$qqrii
@Printvars@TPrintVariables@GetClientInformation$qqr16Haltypes@TDBTypei
@Printvars@TPrintVariables@GetDetailDesc$qqriiii
@Printvars@TPrintVariables@GetDetailAmount$qqriiii
@Printvars@TPrintVariables@GetOptionData$qqrio
@Printvars@TPrintVariables@GetConfigData$qqr20Haltypes@TConfigType
@Printvars@TPrintVariables@StrToBool$qqr20System@UnicodeString
@Printvars@TPrintVariables@OutDataExists$qqriii
@Printvars@TPrintVariables@GetOutStrings$qqriiii
@Printvars@TPrintVariables@GetODValue$qqriiii
@Printvars@TPrintVariables@GetOValue$qqriiii
@Halconst@initialization$qqrv
@Halconst@Finalization$qqrv
@Engglobals@initialization$qqrv
@Engglobals@Finalization$qqrv
@Abconst@initialization$qqrv
@Abconst@Finalization$qqrv
@Abarctyp@initialization$qqrv
@Abarctyp@Finalization$qqrv
@Abdfhufd@initialization$qqrv
@Abdfhufd@Finalization$qqrv
@Abdfxlat@initialization$qqrv
@Abdfxlat@Finalization$qqrv
@Formrefcount@initialization$qqrv
@Formrefcount@Finalization$qqrv
@Lfrmload@initialization$qqrv
@Lfrmload@Finalization$qqrv
@Twodbarcode@initialization$qqrv
@Twodbarcode@Finalization$qqrv
@Lpage@initialization$qqrv
@Lpage@Finalization$qqrv
@Modreg@initialization$qqrv
@Modreg@Finalization$qqrv
@Exprreg@initialization$qqrv
@Exprreg@Finalization$qqrv
@Exprreg@RegisterExpression$qqrusuiuipv

xmlrtl140.bpl

@Msxmldom@initialization$qqrv
@Msxmldom@Finalization$qqrv
@Xmldom@initialization$qqrv
@Xmldom@Finalization$qqrv
@Xmlintf@initialization$qqrv
@Xmlintf@Finalization$qqrv
@Xmldoc@initialization$qqrv
@Xmldoc@Finalization$qqrv
@Xmlschema@initialization$qqrv
@Xmlschema@Finalization$qqrv
@Xmlschematags@initialization$qqrv
@Xmlschematags@Finalization$qqrv

Exports

Exports

Dummy

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 232B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36131e7b0537222ffbbcc704129a114b

Headers

File Characteristics

Imports

rtl140.bpl

kernel32

l2calc.bpl

vcl140.bpl

l2engine.bpl

xmlrtl140.bpl

Exports

Exports

Sections

.text Size: 134KB - Virtual size: 134KB

.itext Size: 17KB - Virtual size: 17KB

.data Size: 512B - Virtual size: 60B

.bss Size: - Virtual size: 232B

.idata Size: 10KB - Virtual size: 9KB

.edata Size: 512B - Virtual size: 68B

.reloc Size: 6KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 134KB - Virtual size: 134KB

.itext
Size: 17KB - Virtual size: 17KB

.data
Size: 512B - Virtual size: 60B

.bss
Size: - Virtual size: 232B

.idata
Size: 10KB - Virtual size: 9KB

.edata
Size: 512B - Virtual size: 68B

.reloc
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB