94ac2303a11e51539e096c2bc39fe910865c1c131637f794c5277a8de09b363d

Sharing

Copy URL

Twitter E-mail

General

Target

94ac2303a11e51539e096c2bc39fe910865c1c131637f794c5277a8de09b363d
Size

3.0MB
MD5

fe78f4fe597de90c30094e03dd3bc873
SHA1

c976bb2d6d1cad11ffb45bdbdaa8389c144fd060
SHA256

94ac2303a11e51539e096c2bc39fe910865c1c131637f794c5277a8de09b363d
SHA512

d6ec0f9f11a2fdf1ec46187da46b74451f476eb6885f5b42595df3f75bb8d16e8c779920fbf41c337860dccf0c39f2f3126d63347b89576cc4ef9ea1d31dc295
SSDEEP

49152:wa7Ux2qYB4OAmy900HXASAYDHi8hr9wtw1aYv7rwsiWy:H7UxWVu7izaaYv7rwsiWy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94ac2303a11e51539e096c2bc39fe910865c1c131637f794c5277a8de09b363d

Files

94ac2303a11e51539e096c2bc39fe910865c1c131637f794c5277a8de09b363d
.dll windows:5 windows x86 arch:x86

9478b8272bf99badc4c76448ea168263

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

rtl140.bpl

@System@initialization$qqrv
@System@Finalization$qqrv
@System@RegisterModule$qqrp17System@TLibModule
@System@@UStrEqual$qqrv
@System@@UStrCmp$qqrv
@System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrArrayClr$qqrpvi
@System@@UStrClr$qqrpv
@System@@RunError$qqruc
@System@@Halt0$qqrv
@System@@StartLib$qqrv
@System@@HandleFinally$qqrv
@System@@TRUNC$qqrv
@Classes@initialization$qqrv
@Classes@Finalization$qqrv
@Classes@TThread@$bcdtr$qqrv
@Classes@TThread@$bcctr$qqrv
@Typinfo@initialization$qqrv
@Typinfo@Finalization$qqrv
@Sysutils@initialization$qqrv
@Sysutils@Finalization$qqrv
@Sysutils@TEncoding@$bcdtr$qqrv
@Sysutils@TLanguages@$bcdtr$qqrv
@Sysutils@Exception@$bcdtr$qqrv
@Sysutils@Exception@$bcctr$qqrv
@Sysutils@FloatToStr$qqrg
@Sysutils@StrToIntDef$qqrx20System@UnicodeStringi
@Sysutils@IntToStr$qqri
@Sysutils@Trim$qqrx20System@UnicodeString
@Sysutils@TEncoding@$bcctr$qqrv
@Sysutils@TLanguages@$bcctr$qqrv
@Variants@initialization$qqrv
@Variants@Finalization$qqrv
@Varutils@initialization$qqrv
@Varutils@Finalization$qqrv
@Inifiles@initialization$qqrv
@Inifiles@Finalization$qqrv
@Ioutils@initialization$qqrv
@Ioutils@Finalization$qqrv
@Ioutils@TPath@$bcctr$qqrv
@Ioutils@TPath@$bcdtr$qqrv
@Syncobjs@initialization$qqrv
@Syncobjs@Finalization$qqrv
@Timespan@TTimeSpan@$bcctr$qqrv
@Timespan@TTimeSpan@$bcdtr$qqrv
@Ansistrings@initialization$qqrv
@Ansistrings@Finalization$qqrv
@Registry@initialization$qqrv
@Registry@Finalization$qqrv
@Uxtheme@initialization$qqrv
@Uxtheme@Finalization$qqrv
@Helpintfs@initialization$qqrv
@Helpintfs@Finalization$qqrv
@Multimon@initialization$qqrv
@Multimon@Finalization$qqrv
@Flatsb@initialization$qqrv
@Flatsb@Finalization$qqrv
@Comobj@initialization$qqrv
@Comobj@Finalization$qqrv

kernel32

TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
GetVersionExW
FreeLibrary

l3calc.bpl

@Brtnset@TCalcSet@GetElim$qqrv
@Taxconst@initialization$qqrv
@Taxconst@Finalization$qqrv
@Libstate@initialization$qqrv
@Libstate@Finalization$qqrv
@Numlist@TTextList@GetValues$qqri
@Numlist@TNumberList@GetValues$qqri
@Ldetail@initialization$qqrv
@Ldetail@Finalization$qqrv
@Ldate@initialization$qqrv
@Ldate@Finalization$qqrv
@Pclfonts@initialization$qqrv
@Pclfonts@Finalization$qqrv
@Procmisc@StrToFloatDef$qqrx20System@UnicodeStringd
@Bnxtclc@initialization$qqrv
@Bnxtclc@Finalization$qqrv
@Ltbase@initialization$qqrv
@Ltbase@Finalization$qqrv
@Lindata@initialization$qqrv
@Lindata@Finalization$qqrv
@Lindata@TIndataSet@GetDDesc$qqriiii
@Lindata@TIndataSet@IDCode$qqriiii
@Statedef@initialization$qqrv
@Statedef@Finalization$qqrv
@Diagconst@initialization$qqrv
@Diagconst@Finalization$qqrv
@Fldconst@initialization$qqrv
@Fldconst@Finalization$qqrv
@Coestreamobject@initialization$qqrv
@Coestreamobject@Finalization$qqrv

vcl140.bpl

@Forms@initialization$qqrv
@Forms@Finalization$qqrv
@Actnlist@initialization$qqrv
@Actnlist@Finalization$qqrv
@Graphics@initialization$qqrv
@Graphics@Finalization$qqrv
@Themes@initialization$qqrv
@Themes@Finalization$qqrv
@Controls@initialization$qqrv
@Controls@Finalization$qqrv
@Menus@initialization$qqrv
@Menus@Finalization$qqrv
@Dialogs@initialization$qqrv
@Dialogs@Finalization$qqrv
@Comctrls@initialization$qqrv
@Comctrls@Finalization$qqrv
@Graphutil@initialization$qqrv
@Graphutil@Finalization$qqrv
@Extctrls@initialization$qqrv
@Extctrls@Finalization$qqrv
@Printers@initialization$qqrv
@Printers@Finalization$qqrv
@Clipbrd@initialization$qqrv
@Clipbrd@Finalization$qqrv

l3engine.bpl

@Printvars@TPrintVariables@GetEFRequested$qqr25Haltypes@TEFRequestedType
@Printvars@TPrintVariables@IsValidIndataIndex$qqri
@Printvars@TPrintVariables@GetStateAbbreviation$qqr20System@UnicodeString
@Printvars@TPrintVariables@GetContainerInfo$qqrusui30Haltypes@TContainerInformation
@Printvars@TPrintVariables@GetConsolidatedInfo$qqrii26Haltypes@TConsolidatedInfo
@Printvars@TPrintVariables@GetClientNotesData$qqr18Haltypes@TNoteMode18Haltypes@TNoteTypei20System@UnicodeString
@Printvars@TPrintVariables@GetCtrlTData$qqr20System@UnicodeStringt1
@Printvars@TPrintVariables@IsStateRequested$qqr20System@UnicodeString
@Printvars@TPrintVariables@GetPageCaption$qqrui20System@UnicodeStringi24Haltypes@TPageNumberMode28Haltypes@TStartNumberingMode
@Printvars@TPrintVariables@GetGridLineCount$qqr23Haltypes@TLineCountModeuiuiui
@Printvars@TPrintVariables@GetTaxFieldData$qqruiiio
@Printvars@TPrintVariables@GetFedSubclientData$qqrii
@Printvars@TPrintVariables@GetClientInformation$qqr16Haltypes@TDBTypei
@Printvars@TPrintVariables@GetDetailDesc$qqriiii
@Printvars@TPrintVariables@GetDetailAmount$qqriiii
@Printvars@TPrintVariables@GetMultiTotal$qqrpxixi
@Printvars@TPrintVariables@GetOptionData$qqrio
@Printvars@TPrintVariables@GetConfigData$qqr20Haltypes@TConfigType
@Printvars@TPrintVariables@StrToBool$qqr20System@UnicodeString
@Printvars@TPrintVariables@HighestSuffix$qqriipxixi
@Printvars@TPrintVariables@OutDataExists$qqriii
@Printvars@TPrintVariables@HighSearchIndex$qqriipxixi
@Printvars@TPrintVariables@PropExists$qqrii
@Printvars@TPrintVariables@OutHighProp$qqrii
@Printvars@TPrintVariables@HighProp$qqri
@Printvars@TPrintVariables@GetOutDetailDesc$qqriiiii
@Printvars@TPrintVariables@GetOutDetailAmt$qqriiiii
@Printvars@TPrintVariables@GetOutStrings$qqriiii
@Printvars@TPrintVariables@GetODValue$qqriiii
@Printvars@TPrintVariables@GetOValue$qqriiii
@Printvars@TPrintVariables@GetOutDataInfoExists$qqriiiii
@Printvars@TPrintVariables@GetOutDataInfoCount$qqriiii
@Halconst@initialization$qqrv
@Halconst@Finalization$qqrv
@Engglobals@initialization$qqrv
@Engglobals@Finalization$qqrv
@Abconst@initialization$qqrv
@Abconst@Finalization$qqrv
@Abarctyp@initialization$qqrv
@Abarctyp@Finalization$qqrv
@Abdfhufd@initialization$qqrv
@Abdfhufd@Finalization$qqrv
@Abdfxlat@initialization$qqrv
@Abdfxlat@Finalization$qqrv
@Formrefcount@initialization$qqrv
@Formrefcount@Finalization$qqrv
@Lfrmload@initialization$qqrv
@Lfrmload@Finalization$qqrv
@Twodbarcode@initialization$qqrv
@Twodbarcode@Finalization$qqrv
@Lpage@initialization$qqrv
@Lpage@Finalization$qqrv
@Modreg@initialization$qqrv
@Modreg@Finalization$qqrv
@Exprreg@initialization$qqrv
@Exprreg@Finalization$qqrv
@Exprreg@RegisterExpression$qqrusuiuipv

xmlrtl140.bpl

@Msxmldom@initialization$qqrv
@Msxmldom@Finalization$qqrv
@Xmldom@initialization$qqrv
@Xmldom@Finalization$qqrv
@Xmlintf@initialization$qqrv
@Xmlintf@Finalization$qqrv
@Xmldoc@initialization$qqrv
@Xmldoc@Finalization$qqrv
@Xmlschema@initialization$qqrv
@Xmlschema@Finalization$qqrv
@Xmlschematags@initialization$qqrv
@Xmlschematags@Finalization$qqrv

Exports

Exports

Dummy

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 409KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9478b8272bf99badc4c76448ea168263

Headers

File Characteristics

Imports

rtl140.bpl

kernel32

l3calc.bpl

vcl140.bpl

l3engine.bpl

xmlrtl140.bpl

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.itext Size: 409KB - Virtual size: 408KB

.data Size: 512B - Virtual size: 60B

.bss Size: - Virtual size: 6KB

.idata Size: 11KB - Virtual size: 10KB

.edata Size: 512B - Virtual size: 68B

.reloc Size: 137KB - Virtual size: 137KB

.rsrc Size: 27KB - Virtual size: 27KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.itext
Size: 409KB - Virtual size: 408KB

.data
Size: 512B - Virtual size: 60B

.bss
Size: - Virtual size: 6KB

.idata
Size: 11KB - Virtual size: 10KB

.edata
Size: 512B - Virtual size: 68B

.reloc
Size: 137KB - Virtual size: 137KB

.rsrc
Size: 27KB - Virtual size: 27KB