1c9c6c04dcadb6c75875d2cd1f813590_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

1c9c6c04dcadb6c75875d2cd1f813590_NeikiAnalytics
Size

505KB
MD5

1c9c6c04dcadb6c75875d2cd1f813590
SHA1

89f6010ecd89ef6d4b795e42cb8b8f88a9d95d99
SHA256

e565c89c11f23cba45580328f14db664c1d674d3d902fbd93c55b559db5538cf
SHA512

f6b6901f007bd603965ad396a729481ff9c416cf621ce0ff4fc01ac910b13af0759275e5f11d3154d10ff8ae1636b561f5e10c4facb8bc45893e6b29a359b3ab
SSDEEP

12288:bvAseXWYwme0YAYCGctCFf7Gcq1kwWJyot/eNyQLXoj:b8XW/YYZC/tCB7GV1VW9/eNyQLYj

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

1c9c6c04dcadb6c75875d2cd1f813590_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:ef:aa:2a:5f:c3:7b:e3:16:95:1a:a9:f8:65:13:31
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/10/2012, 00:00

Not After

13/10/2013, 23:59

Subject

CN=Alcohol Soft,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Alcohol Soft Development Team,O=Alcohol Soft,L=Belfast,ST=Antrim,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:b2:42:6d:4e:6d:b7:d8:a1:f7:97:96:99:96:b5:4c:48:d1:e1:79
Signer

Actual PE Digest

04:b2:42:6d:4e:6d:b7:d8:a1:f7:97:96:99:96:b5:4c:48:d1:e1:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 477KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

@$xp$12CMX_TrayIcon
@$xp$13Advgdip@Unit_
@$xp$14Advgdip@Status
@$xp$14Advgdip@TGPPen
@$xp$15Advgdip@TGPFont
@$xp$15Pngimage@TChunk
@$xp$16Advgdip@FillMode
@$xp$16Advgdip@TGPBrush
@$xp$16Advgdip@TGPImage
@$xp$16Advgdip@WrapMode
@$xp$16Pngimage@TFilter
@$xp$17Advgdip@DashStyle
@$xp$17Advgdip@IWinStyle
@$xp$17Advgdip@TGPBitmap
@$xp$17Advgdip@TGPMatrix
@$xp$17Advgdip@TGPRegion
@$xp$17Pngimage@TFilters
@$xp$17Pngimage@TPNGList
@$xp$18Advgdip@HatchStyle
@$xp$18Advgdip@TAntiAlias
@$xp$18Advgdip@TImageType
@$xp$18Pngimage@EPngError
@$xp$18Pngimage@TPngImage
@$xp$18Pngimage@TUnitType
@$xp$19Advgdip@CombineMode
@$xp$19Advgdip@MatrixOrder
@$xp$19Advgdip@TGPGraphics
@$xp$19Htmlpopup@THideType
@$xp$19Pngimage@TChunkIDAT
@$xp$19Pngimage@TChunkIEND
@$xp$19Pngimage@TChunkIHDR
@$xp$19Pngimage@TChunkPLTE
@$xp$19Pngimage@TChunkgAMA
@$xp$19Pngimage@TChunkpHYs
@$xp$19Pngimage@TChunktEXt
@$xp$19Pngimage@TChunktIME
@$xp$19Pngimage@TChunktRNS
@$xp$19Pngimage@TChunkzTXt
@$xp$20Advgdip@EncoderValue
@$xp$20Advgdip@HotkeyPrefix
@$xp$20Advgdip@TGdiplusBase
@$xp$20Htmlpopup@THTMLPopup
@$xp$20Pngimage@Pngimage__1
@$xp$21Advgdip@TGPFontFamily
@$xp$21Advgdip@TGPHatchBrush
@$xp$21Advgdip@TGPSolidBrush
@$xp$21Advgdip@TRectDynArray
@$xp$22Advgdip@FlushIntention
@$xp$22Advgdip@RotateFlipType
@$xp$22Advgdip@StringTrimming
@$xp$22Advgdip@TGPImageFormat
@$xp$22Advgdip@TPointDynArray
@$xp$22Advgdip@TRectFDynArray
@$xp$22Pngimage@EPNGNotExists
@$xp$22Pngimage@EPNGOutMemory
@$xp$22Pngimage@EPNGZLIBError
@$xp$23Advgdip@ColorAdjustType
@$xp$23Advgdip@CoordinateSpace
@$xp$23Advgdip@DebugEventLevel
@$xp$23Advgdip@StringAlignment
@$xp$23Advgdip@TAdvGDIPPicture
@$xp$23Advgdip@TGPGraphicsPath
@$xp$23Advgdip@TGPStringFormat
@$xp$23Advgdip@TGPTextureBrush
@$xp$23Advgdip@TPointFDynArray
@$xp$23Advgdip@TSingleDynArray
@$xp$23Htmlpopup@TAutoSizeType
@$xp$23Pngimage@EPngInvalidCRC
@$xp$24Advgdip@ColorMatrixFlags
@$xp$24Advgdip@TAdvGradientType
@$xp$24Pngimage@EPNGInvalidSpec
@$xp$24Pngimage@EPNGNoImageData
@$xp$24Pngimage@EPNGSizeExceeds
@$xp$24Pngimage@EPngInvalidIHDR
@$xp$24Pngimage@TPNGPointerList
@$xp$25Advgdip@ColorChannelFlags
@$xp$25Advgdip@TGPFontCollection
@$xp$25Advgdip@TextRenderingHint
@$xp$25Htmlpopup@TShadeDirection
@$xp$25Pngimage@EPNGIHDRNotFirst
@$xp$25Pngimage@TInterlaceMethod
@$xp$26Advgdip@LinearGradientMode
@$xp$26Advgdip@TGPImageAttributes
@$xp$26Htmlpopup@THTMLPopupWindow
@$xp$26Pngimage@EPngUnexpectedEnd
@$xp$26Pngimage@TCompressionLevel
@$xp$27Advgdip@TFixedStreamAdapter
@$xp$27Htmlpopup@TAnchorClickEvent
@$xp$27Picturecontainer@THTMLImage
@$xp$27Pngimage@EPNGInvalidNewSize
@$xp$27Pngimage@EPNGInvalidPalette
@$xp$27Pngimage@EPNGMissingPalette
@$xp$28Advgdip@TGPPathGradientBrush
@$xp$29Picturecontainer@THTMLPicture
@$xp$29Picturecontainer@TPictureItem
@$xp$29Pngimage@EPNGHeaderNotPresent
@$xp$29Pngimage@EPNGUnknownInterlace
@$xp$29Pngimage@TPNGTransparencyMode
@$xp$30Advgdip@TGPLinearGradientBrush
@$xp$30Pngimage@EPNGInvalidFileHeader
@$xp$31Pngimage@EPNGUnknownCompression
@$xp$32Picturecontainer@TDownLoadThread
@$xp$32Pngimage@EPNGMissingMultipleIDAT
@$xp$33Picturecontainer@TPicturePosition
@$xp$33Pngimage@EPNGCouldNotLoadResource
@$xp$33Pngimage@EPNGUnknownCriticalChunk
@$xp$34Picturecontainer@THTMLPictureCache
@$xp$34Picturecontainer@TPictureContainer
@$xp$35Picturecontainer@TPictureCollection
@$xp$36Picturecontainer@TDownloadErrorEvent
@$xp$36Pngimage@EPNGCannotChangeTransparent
@$xp$37Picturecontainer@TDownloadCancelEvent
@$xp$39Picturecontainer@TDownloadCompleteEvent
@$xp$39Picturecontainer@TDownloadProgressEvent
@$xp$5INT16
@$xp$6UINT16
@$xp$6UINT32
@@Cmx_whatinstscanning@Finalize
@@Cmx_whatinstscanning@Initialize
@@Tmainframe@Finalize
@@Tmainframe@Initialize
@Advgdip@ArrowGDIP$qqrp19Advgdip@TGPGraphicsrx12Types@TPointt2i15Graphics@TColordd
@Advgdip@ColorToARGB$qqr15Graphics@TColor
@Advgdip@CreateRoundRectangle$qqrrx11Types@TRecti
@Advgdip@CreateStream$qqrp16Graphics@TBitmap
@Advgdip@EncoderChrominanceTable
@Advgdip@EncoderColorDepth
@Advgdip@EncoderCompression
@Advgdip@EncoderLuminanceTable
@Advgdip@EncoderParameterValueTypeASCII
@Advgdip@EncoderParameterValueTypeByte
@Advgdip@EncoderParameterValueTypeLong
@Advgdip@EncoderParameterValueTypeLongRange
@Advgdip@EncoderParameterValueTypeRational
@Advgdip@EncoderParameterValueTypeRationalRange
@Advgdip@EncoderParameterValueTypeShort
@Advgdip@EncoderParameterValueTypeUndefined
@Advgdip@EncoderQuality
@Advgdip@EncoderRenderMethod
@Advgdip@EncoderSaveFlag
@Advgdip@EncoderScanMethod
@Advgdip@EncoderTransformation
@Advgdip@EncoderVersion
@Advgdip@FillGDIP$qqrrx27Advgdip@TGDIPFillParameters
@Advgdip@Finalization$qqrv
@Advgdip@GetAlpha$qqrui
@Advgdip@GetBMPSize$qqrx20System@UnicodeStringrust2
@Advgdip@GetBlue$qqrui
@Advgdip@GetCLSID$qqr18Advgdip@TImageType
@Advgdip@GetEncoderQualityParameters$qqri
@Advgdip@GetGIFSize$qqrx20System@UnicodeStringrust2
@Advgdip@GetGreen$qqrui
@Advgdip@GetICOSize$qqrx20System@UnicodeStringrust2
@Advgdip@GetJPGSize$qqrx20System@UnicodeStringrust2
@Advgdip@GetPNGSize$qqrx20System@UnicodeStringrust2
@Advgdip@GetRed$qqrui
@Advgdip@GetTifSize$qqrx20System@UnicodeStringrust2
@Advgdip@GlowSpeed
@Advgdip@ImageFormatBMP
@Advgdip@ImageFormatEMF
@Advgdip@ImageFormatEXIF
@Advgdip@ImageFormatGIF
@Advgdip@ImageFormatIcon
@Advgdip@ImageFormatJPEG
@Advgdip@ImageFormatMemoryBMP
@Advgdip@ImageFormatPNG
@Advgdip@ImageFormatTIFF
@Advgdip@ImageFormatUndefined
@Advgdip@ImageFormatWMF
@Advgdip@IsGlass$qqrv
@Advgdip@IsWin7$qqrv
@Advgdip@MakeColor$qqruc15Graphics@TColor
@Advgdip@MakeColor$qqrucucuc
@Advgdip@MakeColor$qqrucucucuc
@Advgdip@MakePoint$qqrff
@Advgdip@MakePoint$qqrii
@Advgdip@MakePointF$qqrff
@Advgdip@MakeRect$qqrffff
@Advgdip@SetGlass$qqro
@Advgdip@SetWin7$qqro
@Advgdip@ShadowGDIP$qqrp19Advgdip@TGPGraphicsrx16Advgdip@TGPRectF
@Advgdip@StartupInput
@Advgdip@StartupOutput
@Advgdip@TAdvGDIPPicture@
@Advgdip@TAdvGDIPPicture@$bctr$qqrv
@Advgdip@TAdvGDIPPicture@$bdtr$qqrv
@Advgdip@TAdvGDIPPicture@Assign$qqrp19Classes@TPersistent
@Advgdip@TAdvGDIPPicture@Draw$qqrp16Graphics@TCanvasrx11Types@TRect
@Advgdip@TAdvGDIPPicture@FillPath$qqrp19Advgdip@TGPGraphicsp23Advgdip@TGPGraphicsPath
@Advgdip@TAdvGDIPPicture@FillRect$qqrp19Advgdip@TGPGraphicsrx16Advgdip@TGPRectF
@Advgdip@TAdvGDIPPicture@GDIPDraw$qqrp19Advgdip@TGPGraphicsrx11Types@TRect
@Advgdip@TAdvGDIPPicture@GDIPDraw$qqrp19Advgdip@TGPGraphicsrx16Advgdip@TGPRectF
@Advgdip@TAdvGDIPPicture@GetEmpty$qqrv
@Advgdip@TAdvGDIPPicture@GetHeight$qqrv
@Advgdip@TAdvGDIPPicture@GetImageSizes$qqrv
@Advgdip@TAdvGDIPPicture@GetImageSizesFromFileName$qqr20System@UnicodeString
@Advgdip@TAdvGDIPPicture@GetWidth$qqrv
@Advgdip@TAdvGDIPPicture@LoadFromClipboardFormat$qqrusuip10HPALETTE__
@Advgdip@TAdvGDIPPicture@LoadFromFile$qqrx20System@UnicodeString
@Advgdip@TAdvGDIPPicture@LoadFromResourceID$qqruii
@Advgdip@TAdvGDIPPicture@LoadFromResourceName$qqruix20System@UnicodeString
@Advgdip@TAdvGDIPPicture@LoadFromStream$qqrp15Classes@TStream
@Advgdip@TAdvGDIPPicture@LoadFromURL$qqr20System@UnicodeString
@Advgdip@TAdvGDIPPicture@ReadData$qqrp15Classes@TStream
@Advgdip@TAdvGDIPPicture@SaveToClipboardFormat$qqrrusruirp10HPALETTE__
@Advgdip@TAdvGDIPPicture@SaveToStream$qqrp15Classes@TStream
@Advgdip@TAdvGDIPPicture@SetHeight$qqri
@Advgdip@TAdvGDIPPicture@SetWidth$qqri
@Advgdip@TAdvGDIPPicture@WriteData$qqrp15Classes@TStream
@Advgdip@TFixedStreamAdapter@
@Advgdip@TFixedStreamAdapter@Stat$qqsr10tagSTATSTGi
@Advgdip@TGPBitmap@
@Advgdip@TGPBitmap@$bctr$qqr34System@%DelphiInterface$t7IStream%i
@Advgdip@TGPBitmap@$bctr$qqriii
@Advgdip@TGPBitmap@$bctr$qqrpv
@Advgdip@TGPBitmap@FromStream$qqr34System@%DelphiInterface$t7IStream%i
@Advgdip@TGPBitmap@GetHBITMAP$qqruirp9HBITMAP__
@Advgdip@TGPBitmap@GetPixel$qqriirui
@Advgdip@TGPBitmap@SetPixel$qqriiui
@Advgdip@TGPBrush@
@Advgdip@TGPBrush@$bctr$qqrpv14Advgdip@Status
@Advgdip@TGPBrush@$bctr$qqrv
@Advgdip@TGPBrush@$bdtr$qqrv
@Advgdip@TGPBrush@SetNativeBrush$qqrpv
@Advgdip@TGPBrush@SetStatus$qqr14Advgdip@Status
@Advgdip@TGPFont@
@Advgdip@TGPFont@$bctr$qqr17System@WideStringf47System@%Set$t19Graphics@TFontStyle$iuc$0$iuc$3%13Advgdip@Unit_p25Advgdip@TGPFontCollection
@Advgdip@TGPFont@$bctr$qqrp21Advgdip@TGPFontFamilyfi13Advgdip@Unit_
@Advgdip@TGPFont@$bctr$qqrpv14Advgdip@Status
@Advgdip@TGPFont@$bdtr$qqrv
@Advgdip@TGPFont@SetNativeFont$qqrpv
@Advgdip@TGPFont@SetStatus$qqr14Advgdip@Status
@Advgdip@TGPFontCollection@
@Advgdip@TGPFontCollection@$bctr$qqrv
@Advgdip@TGPFontCollection@$bdtr$qqrv
@Advgdip@TGPFontCollection@SetStatus$qqr14Advgdip@Status
@Advgdip@TGPFontFamily@
@Advgdip@TGPFontFamily@$bctr$qqr17System@WideStringp25Advgdip@TGPFontCollection
@Advgdip@TGPFontFamily@$bctr$qqrpv14Advgdip@Status
@Advgdip@TGPFontFamily@$bdtr$qqrv
@Advgdip@TGPFontFamily@GenericMonospace$qqrv
@Advgdip@TGPFontFamily@GenericSansSerif$qqrv
@Advgdip@TGPFontFamily@GenericSerif$qqrv
@Advgdip@TGPFontFamily@SetStatus$qqr14Advgdip@Status
@Advgdip@TGPGraphics@
@Advgdip@TGPGraphics@$bctr$qqrp16Advgdip@TGPImage
@Advgdip@TGPGraphics@$bctr$qqrp5HDC__
@Advgdip@TGPGraphics@$bdtr$qqrv
@Advgdip@TGPGraphics@Clear$qqrui
@Advgdip@TGPGraphics@DrawArc$qqrp14Advgdip@TGPPenffffff
@Advgdip@TGPGraphics@DrawArc$qqrp14Advgdip@TGPPenrx16Advgdip@TGPRectFff
@Advgdip@TGPGraphics@DrawBezier$qqrp14Advgdip@TGPPenffffffff
@Advgdip@TGPGraphics@DrawBezier$qqrp14Advgdip@TGPPenrx17Advgdip@TGPPointFt2t2t2
@Advgdip@TGPGraphics@DrawBeziers$qqrp14Advgdip@TGPPenp17Advgdip@TGPPointFi
@Advgdip@TGPGraphics@DrawEllipse$qqrp14Advgdip@TGPPenffff
@Advgdip@TGPGraphics@DrawEllipse$qqrp14Advgdip@TGPPeniiii
@Advgdip@TGPGraphics@DrawEllipse$qqrp14Advgdip@TGPPenrx15Advgdip@TGPRect
@Advgdip@TGPGraphics@DrawEllipse$qqrp14Advgdip@TGPPenrx16Advgdip@TGPRectF
@Advgdip@TGPGraphics@DrawImage$qqrp16Advgdip@TGPImageffff
@Advgdip@TGPGraphics@DrawImage$qqrp16Advgdip@TGPImageii
@Advgdip@TGPGraphics@DrawImage$qqrp16Advgdip@TGPImagerx16Advgdip@TGPRectF
@Advgdip@TGPGraphics@DrawImage$qqrp16Advgdip@TGPImagerx16Advgdip@TGPRectFffff13Advgdip@Unit_p26Advgdip@TGPImageAttributespqqsv$ipv
@Advgdip@TGPGraphics@DrawImageRect$qqrp16Advgdip@TGPImageiiii
@Advgdip@TGPGraphics@DrawImageRect$qqrp16Advgdip@TGPImagerx16Advgdip@TGPRectF
@Advgdip@TGPGraphics@DrawLine$qqrp14Advgdip@TGPPenffff
@Advgdip@TGPGraphics@DrawPath$qqrp14Advgdip@TGPPenp23Advgdip@TGPGraphicsPath
@Advgdip@TGPGraphics@DrawRectangle$qqrp14Advgdip@TGPPenffff
@Advgdip@TGPGraphics@DrawRectangle$qqrp14Advgdip@TGPPenrx16Advgdip@TGPRectF
@Advgdip@TGPGraphics@DrawString$qqr17System@WideStringip15Advgdip@TGPFontrx16Advgdip@TGPRectFp23Advgdip@TGPStringFormatp16Advgdip@TGPBrush
@Advgdip@TGPGraphics@DrawString$qqr17System@WideStringip15Advgdip@TGPFontrx17Advgdip@TGPPointFp16Advgdip@TGPBrush
@Advgdip@TGPGraphics@DrawString$qqr17System@WideStringip15Advgdip@TGPFontrx17Advgdip@TGPPointFp23Advgdip@TGPStringFormatp16Advgdip@TGPBrush
@Advgdip@TGPGraphics@DrawString$qqr20System@UnicodeStringip15Advgdip@TGPFontrx16Advgdip@TGPRectFp23Advgdip@TGPStringFormatp16Advgdip@TGPBrush
@Advgdip@TGPGraphics@DrawText$qqr20System@UnicodeStringir11Types@TRectp14Graphics@TFontui15Graphics@TColor
@Advgdip@TGPGraphics@ExcludeClip$qqrp17Advgdip@TGPRegion
@Advgdip@TGPGraphics@ExcludeClip$qqrrx16Advgdip@TGPRectF
@Advgdip@TGPGraphics@FillEllipse$qqrp16Advgdip@TGPBrushffff
@Advgdip@TGPGraphics@FillEllipse$qqrp16Advgdip@TGPBrushiiii
@Advgdip@TGPGraphics@FillEllipse$qqrp16Advgdip@TGPBrushrx15Advgdip@TGPRect
@Advgdip@TGPGraphics@FillEllipse$qqrp16Advgdip@TGPBrushrx16Advgdip@TGPRectF
@Advgdip@TGPGraphics@FillPath$qqrp16Advgdip@TGPBrushp23Advgdip@TGPGraphicsPath
@Advgdip@TGPGraphics@FillPolygon$qqrp16Advgdip@TGPBrushp16Advgdip@TGPPointi
@Advgdip@TGPGraphics@FillPolygon$qqrp16Advgdip@TGPBrushp16Advgdip@TGPPointi16Advgdip@FillMode
@Advgdip@TGPGraphics@FillPolygon$qqrp16Advgdip@TGPBrushp17Advgdip@TGPPointFi
@Advgdip@TGPGraphics@FillPolygon$qqrp16Advgdip@TGPBrushp17Advgdip@TGPPointFi16Advgdip@FillMode
@Advgdip@TGPGraphics@FillRectangle$qqrp16Advgdip@TGPBrushffff
@Advgdip@TGPGraphics@FillRectangle$qqrp16Advgdip@TGPBrushrx16Advgdip@TGPRectF
@Advgdip@TGPGraphics@Flush$qqr22Advgdip@FlushIntention
@Advgdip@TGPGraphics@FromImage$qqrp16Advgdip@TGPImage
@Advgdip@TGPGraphics@GetCompositingQuality$qqrv
@Advgdip@TGPGraphics@GetHDC$qqrv
@Advgdip@TGPGraphics@GetLastStatus$qqrv
@Advgdip@TGPGraphics@GetNativeGraphics$qqrv
@Advgdip@TGPGraphics@GetSmoothingMode$qqrv
@Advgdip@TGPGraphics@GetTextRenderingHint$qqrv
@Advgdip@TGPGraphics@MakeFont$qqrp14Graphics@TFont
@Advgdip@TGPGraphics@MeasureString$qqr17System@WideStringip15Advgdip@TGPFontrx16Advgdip@TGPRectFp23Advgdip@TGPStringFormatr16Advgdip@TGPRectFpit7
@Advgdip@TGPGraphics@MeasureString$qqr17System@WideStringip15Advgdip@TGPFontrx16Advgdip@TGPRectFr16Advgdip@TGPRectF
@Advgdip@TGPGraphics@MeasureString$qqr17System@WideStringip15Advgdip@TGPFontrx17Advgdip@TGPPointFp23Advgdip@TGPStringFormatr16Advgdip@TGPRectF
@Advgdip@TGPGraphics@MultiplyTransform$qqrpx17Advgdip@TGPMatrix19Advgdip@MatrixOrder
@Advgdip@TGPGraphics@ReleaseHDC$qqrp5HDC__
@Advgdip@TGPGraphics@ResetClip$qqrv
@Advgdip@TGPGraphics@ResetTransform$qqrv
@Advgdip@TGPGraphics@RotateTransform$qqrxf19Advgdip@MatrixOrder
@Advgdip@TGPGraphics@ScaleTransform$qqrxfxf19Advgdip@MatrixOrder
@Advgdip@TGPGraphics@SetClip$qqrp17Advgdip@TGPRegion19Advgdip@CombineMode
@Advgdip@TGPGraphics@SetClip$qqrp23Advgdip@TGPGraphicsPath19Advgdip@CombineMode
@Advgdip@TGPGraphics@SetCompositingQuality$qqri
@Advgdip@TGPGraphics@SetNativeGraphics$qqrpv
@Advgdip@TGPGraphics@SetSmoothingMode$qqri
@Advgdip@TGPGraphics@SetStatus$qqr14Advgdip@Status
@Advgdip@TGPGraphics@SetTextRenderingHint$qqr25Advgdip@TextRenderingHint
@Advgdip@TGPGraphics@SetTransform$qqrp17Advgdip@TGPMatrix
@Advgdip@TGPGraphics@TextHeight$qqr20System@UnicodeStringp14Graphics@TFont
@Advgdip@TGPGraphics@TextWidth$qqr20System@UnicodeStringp14Graphics@TFont
@Advgdip@TGPGraphics@TranslateTransform$qqrff19Advgdip@MatrixOrder
@Advgdip@TGPGraphicsPath@
@Advgdip@TGPGraphicsPath@$bctr$qqr16Advgdip@FillMode
@Advgdip@TGPGraphicsPath@$bctr$qqrp17Advgdip@TGPPointFpuci16Advgdip@FillMode
@Advgdip@TGPGraphicsPath@$bctr$qqrpv
@Advgdip@TGPGraphicsPath@$bdtr$qqrv
@Advgdip@TGPGraphicsPath@AddArc$qqrffffff
@Advgdip@TGPGraphicsPath@AddArc$qqrrx16Advgdip@TGPRectFff
@Advgdip@TGPGraphicsPath@AddBezier$qqrffffffff
@Advgdip@TGPGraphicsPath@AddBezier$qqrrx16Advgdip@TGPPointt1t1t1
@Advgdip@TGPGraphicsPath@AddBezier$qqrrx17Advgdip@TGPPointFt1t1t1
@Advgdip@TGPGraphicsPath@AddCurve$qqrp16Advgdip@TGPPointi
@Advgdip@TGPGraphicsPath@AddCurve$qqrp16Advgdip@TGPPointif
@Advgdip@TGPGraphicsPath@AddCurve$qqrp17Advgdip@TGPPointFi
@Advgdip@TGPGraphicsPath@AddEllipse$qqrffff
@Advgdip@TGPGraphicsPath@AddEllipse$qqrrx16Advgdip@TGPRectF
@Advgdip@TGPGraphicsPath@AddLine$qqrffff
@Advgdip@TGPGraphicsPath@AddLine$qqrrx17Advgdip@TGPPointFt1
@Advgdip@TGPGraphicsPath@AddLines$qqrp16Advgdip@TGPPointi
@Advgdip@TGPGraphicsPath@AddPie$qqrffffff
@Advgdip@TGPGraphicsPath@AddPie$qqrrx16Advgdip@TGPRectFff
@Advgdip@TGPGraphicsPath@AddPolygon$qqrp16Advgdip@TGPPointi
@Advgdip@TGPGraphicsPath@AddPolygon$qqrp17Advgdip@TGPPointFi
@Advgdip@TGPGraphicsPath@AddRectangle$qqrrx15Advgdip@TGPRect
@Advgdip@TGPGraphicsPath@AddRectangle$qqrrx16Advgdip@TGPRectF
@Advgdip@TGPGraphicsPath@AddString$qqr17System@WideStringip21Advgdip@TGPFontFamilyifrx16Advgdip@TGPRectFp23Advgdip@TGPStringFormat
@Advgdip@TGPGraphicsPath@AddString$qqr17System@WideStringip21Advgdip@TGPFontFamilyifrx17Advgdip@TGPPointFp23Advgdip@TGPStringFormat
@Advgdip@TGPGraphicsPath@CloseFigure$qqrv
@Advgdip@TGPGraphicsPath@GetBounds$qqrr16Advgdip@TGPRectFp17Advgdip@TGPMatrixp14Advgdip@TGPPen
@Advgdip@TGPGraphicsPath@GetPathPoints$qqrp17Advgdip@TGPPointFi
@Advgdip@TGPGraphicsPath@GetPathTypes$qqrpuci
@Advgdip@TGPGraphicsPath@GetPointCount$qqrv
@Advgdip@TGPGraphicsPath@Reset$qqrv
@Advgdip@TGPGraphicsPath@SetNativePath$qqrpv
@Advgdip@TGPGraphicsPath@SetStatus$qqr14Advgdip@Status
@Advgdip@TGPHatchBrush@
@Advgdip@TGPHatchBrush@$bctr$qqr18Advgdip@HatchStyleuiui
@Advgdip@TGPHatchBrush@$bctr$qqrv
@Advgdip@TGPHatchBrush@GetBackgroundColor$qqrrui
@Advgdip@TGPHatchBrush@GetForegroundColor$qqrrui
@Advgdip@TGPHatchBrush@GetHatchStyle$qqrv
@Advgdip@TGPImage@
@Advgdip@TGPImage@$bctr$qqr17System@WideStringi
@Advgdip@TGPImage@$bctr$qqr34System@%DelphiInterface$t7IStream%i
@Advgdip@TGPImage@$bctr$qqrpv14Advgdip@Status
@Advgdip@TGPImage@$bdtr$qqrv
@Advgdip@TGPImage@GetFormat$qqrv
@Advgdip@TGPImage@GetHeight$qqrv
@Advgdip@TGPImage@GetPixelDepth$qqrv
@Advgdip@TGPImage@GetPixelFormat$qqrv
@Advgdip@TGPImage@GetThumbnailImage$qqruiuipqqsv$ipv
@Advgdip@TGPImage@GetWidth$qqrv
@Advgdip@TGPImage@HasAlphaChannel$qqrv
@Advgdip@TGPImage@HasPalette$qqrv
@Advgdip@TGPImage@RotateFlip$qqr22Advgdip@RotateFlipType
@Advgdip@TGPImage@Save$qqr17System@WideStringrx5_GUIDp25Advgdip@EncoderParameters
@Advgdip@TGPImage@Save$qqr34System@%DelphiInterface$t7IStream%rx5_GUIDp25Advgdip@EncoderParameters
@Advgdip@TGPImage@SaveAdd$qqrp16Advgdip@TGPImagep25Advgdip@EncoderParameters
@Advgdip@TGPImage@SetNativeImage$qqrpv
@Advgdip@TGPImage@SetStatus$qqr14Advgdip@Status
@Advgdip@TGPImageAttributes@
@Advgdip@TGPImageAttributes@$bctr$qqrpv14Advgdip@Status
@Advgdip@TGPImageAttributes@$bctr$qqrv
@Advgdip@TGPImageAttributes@$bdtr$qqrv
@Advgdip@TGPImageAttributes@ClearBrushRemapTable$qqrv
@Advgdip@TGPImageAttributes@ClearColorKey$qqr23Advgdip@ColorAdjustType
@Advgdip@TGPImageAttributes@ClearColorMatrices$qqr23Advgdip@ColorAdjustType
@Advgdip@TGPImageAttributes@ClearColorMatrix$qqr23Advgdip@ColorAdjustType
@Advgdip@TGPImageAttributes@ClearGamma$qqr23Advgdip@ColorAdjustType
@Advgdip@TGPImageAttributes@ClearNoOp$qqr23Advgdip@ColorAdjustType
@Advgdip@TGPImageAttributes@ClearOutputChannel$qqr23Advgdip@ColorAdjustType
@Advgdip@TGPImageAttributes@ClearOutputChannelColorProfile$qqr23Advgdip@ColorAdjustType
@Advgdip@TGPImageAttributes@ClearRemapTable$qqr23Advgdip@ColorAdjustType
@Advgdip@TGPImageAttributes@ClearThreshold$qqr23Advgdip@ColorAdjustType
@Advgdip@TGPImageAttributes@Clone$qqrv
@Advgdip@TGPImageAttributes@GetAdjustedPalette$qqrp20Advgdip@ColorPalette23Advgdip@ColorAdjustType
@Advgdip@TGPImageAttributes@GetLastStatus$qqrv
@Advgdip@TGPImageAttributes@Reset$qqr23Advgdip@ColorAdjustType
@Advgdip@TGPImageAttributes@SetBrushRemapTable$qqruip16Advgdip@ColorMap
@Advgdip@TGPImageAttributes@SetColorKey$qqruiui23Advgdip@ColorAdjustType
@Advgdip@TGPImageAttributes@SetColorMatrices$qqrpx27System@%StaticArray$fi$i5$%t124Advgdip@ColorMatrixFlags23Advgdip@ColorAdjustType
@Advgdip@TGPImageAttributes@SetColorMatrix$qqrpx27System@%StaticArray$fi$i5$%24Advgdip@ColorMatrixFlags23Advgdip@ColorAdjustType
@Advgdip@TGPImageAttributes@SetGamma$qqrf23Advgdip@ColorAdjustType
@Advgdip@TGPImageAttributes@SetNativeImageAttr$qqrpv
@Advgdip@TGPImageAttributes@SetNoOp$qqr23Advgdip@ColorAdjustType
@Advgdip@TGPImageAttributes@SetOutputChannel$qqr25Advgdip@ColorChannelFlags23Advgdip@ColorAdjustType
@Advgdip@TGPImageAttributes@SetOutputChannelColorProfile$qqr17System@WideString23Advgdip@ColorAdjustType
@Advgdip@TGPImageAttributes@SetRemapTable$qqruip16Advgdip@ColorMap23Advgdip@ColorAdjustType
@Advgdip@TGPImageAttributes@SetStatus$qqr14Advgdip@Status
@Advgdip@TGPImageAttributes@SetThreshold$qqrf23Advgdip@ColorAdjustType
@Advgdip@TGPImageAttributes@SetToIdentity$qqr23Advgdip@ColorAdjustType
@Advgdip@TGPImageAttributes@SetWrapMode$qqr16Advgdip@WrapModeuii
@Advgdip@TGPLinearGradientBrush@
@Advgdip@TGPLinearGradientBrush@$bctr$qqrrx15Advgdip@TGPRectuiui26Advgdip@LinearGradientMode
@Advgdip@TGPLinearGradientBrush@$bctr$qqrrx15Advgdip@TGPRectuiuifi
@Advgdip@TGPLinearGradientBrush@$bctr$qqrrx16Advgdip@TGPPointt1uiui
@Advgdip@TGPLinearGradientBrush@$bctr$qqrrx16Advgdip@TGPRectFuiui26Advgdip@LinearGradientMode
@Advgdip@TGPLinearGradientBrush@$bctr$qqrrx16Advgdip@TGPRectFuiuifi
@Advgdip@TGPLinearGradientBrush@$bctr$qqrrx17Advgdip@TGPPointFt1uiui
@Advgdip@TGPLinearGradientBrush@SetGammaCorrection$qqri
@Advgdip@TGPLinearGradientBrush@SetInterpolationColors$qqrpuipfi
@Advgdip@TGPMatrix@
@Advgdip@TGPMatrix@$bctr$qqrffffff
@Advgdip@TGPMatrix@$bctr$qqrpv
@Advgdip@TGPMatrix@$bctr$qqrrx15Advgdip@TGPRectrx16Advgdip@TGPPoint
@Advgdip@TGPMatrix@$bctr$qqrrx16Advgdip@TGPRectFrx17Advgdip@TGPPointF
@Advgdip@TGPMatrix@$bctr$qqrv
@Advgdip@TGPMatrix@$bdtr$qqrv
@Advgdip@TGPMatrix@Clone$qqrv
@Advgdip@TGPMatrix@GetElements$qqrpxf
@Advgdip@TGPMatrix@GetLastStatus$qqrv
@Advgdip@TGPMatrix@Invert$qqrv
@Advgdip@TGPMatrix@IsIdentity$qqrv
@Advgdip@TGPMatrix@IsInvertible$qqrv
@Advgdip@TGPMatrix@Multiply$qqrp17Advgdip@TGPMatrix19Advgdip@MatrixOrder
@Advgdip@TGPMatrix@OffsetX$qqrv
@Advgdip@TGPMatrix@OffsetY$qqrv
@Advgdip@TGPMatrix@Reset$qqrv
@Advgdip@TGPMatrix@Rotate$qqrf19Advgdip@MatrixOrder
@Advgdip@TGPMatrix@RotateAt$qqrfrx17Advgdip@TGPPointF19Advgdip@MatrixOrder
@Advgdip@TGPMatrix@Scale$qqrff19Advgdip@MatrixOrder
@Advgdip@TGPMatrix@SetElements$qqrffffff
@Advgdip@TGPMatrix@SetNativeMatrix$qqrpv
@Advgdip@TGPMatrix@SetStatus$qqr14Advgdip@Status
@Advgdip@TGPMatrix@Shear$qqrff19Advgdip@MatrixOrder
@Advgdip@TGPMatrix@TransformPoints$qqrp16Advgdip@TGPPointi
@Advgdip@TGPMatrix@TransformPoints$qqrp17Advgdip@TGPPointFi
@Advgdip@TGPMatrix@TransformVectors$qqrp16Advgdip@TGPPointi
@Advgdip@TGPMatrix@TransformVectors$qqrp17Advgdip@TGPPointFi
@Advgdip@TGPMatrix@Translate$qqrff19Advgdip@MatrixOrder
@Advgdip@TGPPathGradientBrush@
@Advgdip@TGPPathGradientBrush@$bctr$qqrp23Advgdip@TGPGraphicsPath
@Advgdip@TGPPathGradientBrush@GetCenterColor$qqrrui
@Advgdip@TGPPathGradientBrush@GetCenterPoint$qqrr16Advgdip@TGPPoint
@Advgdip@TGPPathGradientBrush@GetCenterPoint$qqrr17Advgdip@TGPPointF
@Advgdip@TGPPathGradientBrush@GetPointCount$qqrv
@Advgdip@TGPPathGradientBrush@GetSurroundColors$qqrpuiri
@Advgdip@TGPPathGradientBrush@SetCenterColor$qqrui
@Advgdip@TGPPathGradientBrush@SetCenterPoint$qqrrx16Advgdip@TGPPoint
@Advgdip@TGPPathGradientBrush@SetCenterPoint$qqrrx17Advgdip@TGPPointF
@Advgdip@TGPPathGradientBrush@SetGammaCorrection$qqri
@Advgdip@TGPPathGradientBrush@SetInterpolationColors$qqrpuipfi
@Advgdip@TGPPathGradientBrush@SetSurroundColors$qqrpuiri
@Advgdip@TGPPathGradientBrush@SetWrapMode$qqr16Advgdip@WrapMode
@Advgdip@TGPPen@
@Advgdip@TGPPen@$bctr$qqrp16Advgdip@TGPBrushf
@Advgdip@TGPPen@$bctr$qqrpv14Advgdip@Status
@Advgdip@TGPPen@$bctr$qqruif
@Advgdip@TGPPen@$bdtr$qqrv
@Advgdip@TGPPen@GetBrush$qqrv
@Advgdip@TGPPen@GetDashStyle$qqrv
@Advgdip@TGPPen@GetPenType$qqrv
@Advgdip@TGPPen@SetBrush$qqrp16Advgdip@TGPBrush
@Advgdip@TGPPen@SetDashStyle$qqr17Advgdip@DashStyle
@Advgdip@TGPPen@SetEndCap$qqri
@Advgdip@TGPPen@SetNativePen$qqrpv
@Advgdip@TGPPen@SetStatus$qqr14Advgdip@Status
@Advgdip@TGPRegion@
@Advgdip@TGPRegion@$bctr$qqrp23Advgdip@TGPGraphicsPath
@Advgdip@TGPRegion@$bctr$qqrrx16Advgdip@TGPRectF
@Advgdip@TGPRegion@$bdtr$qqrv
@Advgdip@TGPRegion@Exclude$qqrp23Advgdip@TGPGraphicsPath
@Advgdip@TGPRegion@SetNativeRegion$qqrpv
@Advgdip@TGPRegion@SetStatus$qqr14Advgdip@Status
@Advgdip@TGPRegion@Union$qqrp17Advgdip@TGPRegion
@Advgdip@TGPSolidBrush@
@Advgdip@TGPSolidBrush@$bctr$qqrui
@Advgdip@TGPSolidBrush@$bctr$qqrv
@Advgdip@TGPStringFormat@
@Advgdip@TGPStringFormat@$bctr$qqrius
@Advgdip@TGPStringFormat@$bctr$qqrp23Advgdip@TGPStringFormat
@Advgdip@TGPStringFormat@$bctr$qqrpv14Advgdip@Status
@Advgdip@TGPStringFormat@$bdtr$qqrv
@Advgdip@TGPStringFormat@Assign$qqrp23Advgdip@TGPStringFormat
@Advgdip@TGPStringFormat@GetAlignment$qqrv
@Advgdip@TGPStringFormat@GetFormatFlags$qqrv
@Advgdip@TGPStringFormat@GetHotkeyPrefix$qqrv
@Advgdip@TGPStringFormat@GetLineAlignment$qqrv
@Advgdip@TGPStringFormat@GetTrimming$qqrv
@Advgdip@TGPStringFormat@SetAlignment$qqr23Advgdip@StringAlignment
@Advgdip@TGPStringFormat@SetFormatFlags$qqri
@Advgdip@TGPStringFormat@SetHotkeyPrefix$qqr20Advgdip@HotkeyPrefix
@Advgdip@TGPStringFormat@SetLineAlignment$qqr23Advgdip@StringAlignment
@Advgdip@TGPStringFormat@SetStatus$qqr14Advgdip@Status
@Advgdip@TGPStringFormat@SetTrimming$qqr22Advgdip@StringTrimming
@Advgdip@TGPTextureBrush@

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 127KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0e:ef:aa:2a:5f:c3:7b:e3:16:95:1a:a9:f8:65:13:31Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

04:b2:42:6d:4e:6d:b7:d8:a1:f7:97:96:99:96:b5:4c:48:d1:e1:79Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.1MB

UPX1 Size: 477KB - Virtual size: 480KB

.rsrc Size: 21KB - Virtual size: 24KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 113KB - Virtual size: 156KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 18KB - Virtual size: 20KB

.edata Size: 50KB - Virtual size: 52KB

.rsrc Size: 127KB - Virtual size: 128KB

.reloc Size: 77KB - Virtual size: 80KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0e:ef:aa:2a:5f:c3:7b:e3:16:95:1a:a9:f8:65:13:31
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

04:b2:42:6d:4e:6d:b7:d8:a1:f7:97:96:99:96:b5:4c:48:d1:e1:79
Signer

UPX0
Size: - Virtual size: 1.1MB

UPX1
Size: 477KB - Virtual size: 480KB

.rsrc
Size: 21KB - Virtual size: 24KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 113KB - Virtual size: 156KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 18KB - Virtual size: 20KB

.edata
Size: 50KB - Virtual size: 52KB

.rsrc
Size: 127KB - Virtual size: 128KB

.reloc
Size: 77KB - Virtual size: 80KB