Dummy
Static task
static1
Behavioral task
behavioral1
Sample
19729d7675980fcfe4ebd6277bc590a6a1ecfcd1fa78cdbc97755dab8097b73a.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
19729d7675980fcfe4ebd6277bc590a6a1ecfcd1fa78cdbc97755dab8097b73a.dll
Resource
win10v2004-20240508-en
General
-
Target
19729d7675980fcfe4ebd6277bc590a6a1ecfcd1fa78cdbc97755dab8097b73a
-
Size
2.2MB
-
MD5
8ee73eb0e4518da37ce7099f6945576f
-
SHA1
d3f1e860c65adbd2a0239163ee69afb11cc4bff3
-
SHA256
19729d7675980fcfe4ebd6277bc590a6a1ecfcd1fa78cdbc97755dab8097b73a
-
SHA512
8843d461098fa6a0551c97829dbb69e56103a952ff252bbeb5e79adda7875277286889afdc86ce4de150e186285ab42f0e862c8dec74d76e4b809f65bf84236e
-
SSDEEP
49152:iUAr1IL4lHWD42prexX1wU9Nv7p/oALruKOZM:i1IL3yxX1wU9VloALruKOZM
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 19729d7675980fcfe4ebd6277bc590a6a1ecfcd1fa78cdbc97755dab8097b73a
Files
-
19729d7675980fcfe4ebd6277bc590a6a1ecfcd1fa78cdbc97755dab8097b73a.dll windows:5 windows x86 arch:x86
be83204714ec0ad9031e87fe2b09eefe
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
Imports
rtl190.bpl
@System@initialization$qqrv
@System@Finalization$qqrv
@System@RegisterModule$qqrp17System@TLibModule
@System@@UStrEqual$qqrv
@System@@UStrCmp$qqrv
@System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrArrayClr$qqrpvi
@System@@UStrClr$qqrpv
@System@@RunError$qqruc
@System@@Halt0$qqrv
@System@@StartLib$qqrv
@System@@HandleFinally$qqrv
@System@@TRUNC$qqrv
@System@Internal@Excutils@initialization$qqrv
@System@Internal@Excutils@Finalization$qqrv
@System@Sysutils@initialization$qqrv
@System@Sysutils@Finalization$qqrv
@System@Sysutils@TOSVersion@$bcctr$qqrv
@System@Sysutils@TEncoding@$bcdtr$qqrv
@System@Sysutils@TLanguages@$bcdtr$qqrv
@System@Sysutils@Exception@$bcdtr$qqrv
@System@Sysutils@Exception@$bcctr$qqrv
@System@Sysutils@FloatToStr$qqrg
@System@Sysutils@StrToIntDef$qqrx20System@UnicodeStringi
@System@Sysutils@IntToStr$qqri
@System@Sysutils@Trim$qqrx20System@UnicodeString
@System@Sysutils@TOSVersion@$bcdtr$qqrv
@System@Sysutils@TEncoding@$bcctr$qqrv
@System@Sysutils@TLanguages@$bcctr$qqrv
@System@Varutils@initialization$qqrv
@System@Varutils@Finalization$qqrv
@System@Variants@initialization$qqrv
@System@Variants@Finalization$qqrv
@System@Ansistrings@initialization$qqrv
@System@Ansistrings@Finalization$qqrv
@System@Math@initialization$qqrv
@System@Math@Finalization$qqrv
@System@Timespan@TTimeSpan@$bcctr$qqrv
@System@Timespan@TTimeSpan@$bcdtr$qqrv
@System@Syncobjs@initialization$qqrv
@System@Syncobjs@Finalization$qqrv
@System@Generics@Defaults@TIStringComparer@$bcdtr$qqrv
@System@Generics@Defaults@TStringComparer@$bcdtr$qqrv
@System@Generics@Defaults@TIStringComparer@$bcctr$qqrv
@System@Generics@Defaults@TStringComparer@$bcctr$qqrv
@System@Rtti@initialization$qqrv
@System@Rtti@Finalization$qqrv
@System@Typinfo@initialization$qqrv
@System@Typinfo@Finalization$qqrv
@System@Classes@initialization$qqrv
@System@Classes@Finalization$qqrv
@System@Classes@TObserverMapping@$bcdtr$qqrv
@System@Classes@TLoginCredentialService@$bcdtr$qqrv
@System@Classes@TLoginCredentialService@$bcctr$qqrv
@System@Classes@TBinaryWriter@$bcdtr$qqrv
@System@Classes@TComponent@$bcctr$qqrv
@System@Classes@TThread@$bcdtr$qqrv
@System@Classes@TThread@$bcctr$qqrv
@System@Classes@TBinaryWriter@$bcctr$qqrv
@System@Classes@TComponent@$bcdtr$qqrv
@System@Classes@TObserverMapping@$bcctr$qqrv
@System@Dateutils@TTimeZone@$bcdtr$qqrv
@System@Dateutils@TTimeZone@$bcctr$qqrv
@System@Ioutils@initialization$qqrv
@System@Ioutils@Finalization$qqrv
@System@Ioutils@TPath@$bcctr$qqrv
@System@Ioutils@TPath@$bcdtr$qqrv
@System@Win@Registry@TRegistry@$bcctr$qqrv
@System@Win@Registry@TRegistry@$bcdtr$qqrv
@System@Win@Comobj@initialization$qqrv
@System@Win@Comobj@Finalization$qqrv
@System@Win@Comobj@TComServerObject@$bcctr$qqrv
@System@Win@Comobj@TComServerObject@$bcdtr$qqrv
@System@Actions@initialization$qqrv
@System@Actions@Finalization$qqrv
@Winapi@Uxtheme@initialization$qqrv
@Winapi@Uxtheme@Finalization$qqrv
@System@Helpintfs@initialization$qqrv
@System@Helpintfs@Finalization$qqrv
@Winapi@Flatsb@initialization$qqrv
@Winapi@Flatsb@Finalization$qqrv
kernel32
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
GetVersionExW
FreeLibrary
l5calc.bpl
@Taxconst@initialization$qqrv
@Taxconst@Finalization$qqrv
@Ldetail@initialization$qqrv
@Ldetail@Finalization$qqrv
@Numlist@TTextList@GetValues$qqri
@Statedef@initialization$qqrv
@Statedef@Finalization$qqrv
@Pclfonts@initialization$qqrv
@Pclfonts@Finalization$qqrv
@Procmisc@StrToFloatDef$qqrx20System@UnicodeStringd
@Lindata@initialization$qqrv
@Lindata@Finalization$qqrv
@Lindata@TIndataSet@GetDDesc$qqriiii
@Lindata@TIndataSet@IDCode$qqriiii
@Ltbase@initialization$qqrv
@Ltbase@Finalization$qqrv
@Libstate@initialization$qqrv
@Libstate@Finalization$qqrv
@Bnxtclc@initialization$qqrv
@Bnxtclc@Finalization$qqrv
@Ldate@initialization$qqrv
@Ldate@Finalization$qqrv
@Fldconst@initialization$qqrv
@Fldconst@Finalization$qqrv
@Diagconst@initialization$qqrv
@Diagconst@Finalization$qqrv
@Coestreamobject@initialization$qqrv
@Coestreamobject@Finalization$qqrv
vcl190.bpl
@Vcl@Graphics@initialization$qqrv
@Vcl@Graphics@Finalization$qqrv
@Vcl@Actnlist@initialization$qqrv
@Vcl@Actnlist@Finalization$qqrv
@Vcl@Graphutil@initialization$qqrv
@Vcl@Graphutil@Finalization$qqrv
@Vcl@Controls@initialization$qqrv
@Vcl@Controls@Finalization$qqrv
@Vcl@Stdctrls@TStaticText@$bcdtr$qqrv
@Vcl@Stdctrls@TStaticText@$bcctr$qqrv
@Vcl@Stdctrls@TListBox@$bcdtr$qqrv
@Vcl@Stdctrls@TListBox@$bcctr$qqrv
@Vcl@Stdctrls@TCheckBox@$bcdtr$qqrv
@Vcl@Stdctrls@TCheckBox@$bcctr$qqrv
@Vcl@Stdctrls@TButton@$bcdtr$qqrv
@Vcl@Stdctrls@TButton@$bcctr$qqrv
@Vcl@Stdctrls@TComboBox@$bcdtr$qqrv
@Vcl@Stdctrls@TComboBox@$bcctr$qqrv
@Vcl@Stdctrls@TMemo@$bcdtr$qqrv
@Vcl@Stdctrls@TMemo@$bcctr$qqrv
@Vcl@Stdctrls@TEdit@$bcdtr$qqrv
@Vcl@Stdctrls@TEdit@$bcctr$qqrv
@Vcl@Stdctrls@TGroupBox@$bcdtr$qqrv
@Vcl@Stdctrls@TGroupBox@$bcctr$qqrv
@Vcl@Stdctrls@TCustomStaticText@$bcdtr$qqrv
@Vcl@Stdctrls@TCustomStaticText@$bcctr$qqrv
@Vcl@Stdctrls@TScrollBar@$bcdtr$qqrv
@Vcl@Stdctrls@TScrollBar@$bcctr$qqrv
@Vcl@Stdctrls@TCustomListBox@$bcdtr$qqrv
@Vcl@Stdctrls@TCustomListBox@$bcctr$qqrv
@Vcl@Stdctrls@TRadioButton@$bcdtr$qqrv
@Vcl@Stdctrls@TRadioButton@$bcctr$qqrv
@Vcl@Stdctrls@TCustomCheckBox@$bcdtr$qqrv
@Vcl@Stdctrls@TCustomCheckBox@$bcctr$qqrv
@Vcl@Stdctrls@TCustomButton@$bcdtr$qqrv
@Vcl@Stdctrls@TCustomButton@$bcctr$qqrv
@Vcl@Stdctrls@TCustomComboBox@$bcdtr$qqrv
@Vcl@Stdctrls@TCustomComboBox@$bcctr$qqrv
@Vcl@Stdctrls@TCustomMemo@$bcdtr$qqrv
@Vcl@Stdctrls@TCustomMemo@$bcctr$qqrv
@Vcl@Stdctrls@TCustomEdit@$bcdtr$qqrv
@Vcl@Stdctrls@TCustomEdit@$bcctr$qqrv
@Vcl@Stdctrls@TCustomGroupBox@$bcdtr$qqrv
@Vcl@Stdctrls@TCustomGroupBox@$bcctr$qqrv
@Vcl@Printers@initialization$qqrv
@Vcl@Printers@Finalization$qqrv
@Vcl@Clipbrd@initialization$qqrv
@Vcl@Clipbrd@Finalization$qqrv
@Vcl@Comctrls@initialization$qqrv
@Vcl@Comctrls@Finalization$qqrv
@Vcl@Comctrls@THeaderControl@$bcdtr$qqrv
@Vcl@Comctrls@THeaderControl@$bcctr$qqrv
@Vcl@Comctrls@TStatusBar@$bcdtr$qqrv
@Vcl@Comctrls@TStatusBar@$bcctr$qqrv
@Vcl@Comctrls@TComboBoxEx@$bcdtr$qqrv
@Vcl@Comctrls@TComboBoxEx@$bcctr$qqrv
@Vcl@Comctrls@TCustomComboBoxEx@$bcdtr$qqrv
@Vcl@Comctrls@TCustomComboBoxEx@$bcctr$qqrv
@Vcl@Comctrls@TPageScroller@$bcdtr$qqrv
@Vcl@Comctrls@TPageScroller@$bcctr$qqrv
@Vcl@Comctrls@TDateTimePicker@$bcdtr$qqrv
@Vcl@Comctrls@TDateTimePicker@$bcctr$qqrv
@Vcl@Comctrls@TCoolBar@$bcdtr$qqrv
@Vcl@Comctrls@TCoolBar@$bcctr$qqrv
@Vcl@Comctrls@TToolBar@$bcdtr$qqrv
@Vcl@Comctrls@TToolBar@$bcctr$qqrv
@Vcl@Comctrls@TListView@$bcdtr$qqrv
@Vcl@Comctrls@TListView@$bcctr$qqrv
@Vcl@Comctrls@TCustomListView@$bcdtr$qqrv
@Vcl@Comctrls@TCustomListView@$bcctr$qqrv
@Vcl@Comctrls@THotKey@$bcdtr$qqrv
@Vcl@Comctrls@THotKey@$bcctr$qqrv
@Vcl@Comctrls@TCustomHotKey@$bcdtr$qqrv
@Vcl@Comctrls@TCustomHotKey@$bcctr$qqrv
@Vcl@Comctrls@TUpDown@$bcdtr$qqrv
@Vcl@Comctrls@TUpDown@$bcctr$qqrv
@Vcl@Comctrls@TCustomUpDown@$bcdtr$qqrv
@Vcl@Comctrls@TCustomUpDown@$bcctr$qqrv
@Vcl@Comctrls@TRichEdit@$bcdtr$qqrv
@Vcl@Comctrls@TRichEdit@$bcctr$qqrv
@Vcl@Comctrls@TCustomRichEdit@$bcdtr$qqrv
@Vcl@Comctrls@TCustomRichEdit@$bcctr$qqrv
@Vcl@Comctrls@TProgressBar@$bcdtr$qqrv
@Vcl@Comctrls@TProgressBar@$bcctr$qqrv
@Vcl@Comctrls@TTrackBar@$bcdtr$qqrv
@Vcl@Comctrls@TTrackBar@$bcctr$qqrv
@Vcl@Comctrls@TTreeView@$bcdtr$qqrv
@Vcl@Comctrls@TTreeView@$bcctr$qqrv
@Vcl@Comctrls@TCustomTreeView@$bcdtr$qqrv
@Vcl@Comctrls@TCustomTreeView@$bcctr$qqrv
@Vcl@Comctrls@TCustomHeaderControl@$bcdtr$qqrv
@Vcl@Comctrls@TCustomHeaderControl@$bcctr$qqrv
@Vcl@Comctrls@TCustomStatusBar@$bcdtr$qqrv
@Vcl@Comctrls@TCustomStatusBar@$bcctr$qqrv
@Vcl@Comctrls@TTabControl@$bcdtr$qqrv
@Vcl@Comctrls@TTabControl@$bcctr$qqrv
@Vcl@Comctrls@TCustomTabControl@$bcdtr$qqrv
@Vcl@Comctrls@TCustomTabControl@$bcctr$qqrv
@Vcl@Dialogs@initialization$qqrv
@Vcl@Dialogs@Finalization$qqrv
@Vcl@Extctrls@initialization$qqrv
@Vcl@Extctrls@Finalization$qqrv
@Vcl@Extctrls@TLinkLabel@$bcdtr$qqrv
@Vcl@Extctrls@TLinkLabel@$bcctr$qqrv
@Vcl@Extctrls@TCustomLinkLabel@$bcdtr$qqrv
@Vcl@Extctrls@TCustomLinkLabel@$bcctr$qqrv
@Vcl@Extctrls@TCategoryPanelGroup@$bcdtr$qqrv
@Vcl@Extctrls@TCategoryPanelGroup@$bcctr$qqrv
@Vcl@Extctrls@TCustomCategoryPanelGroup@$bcdtr$qqrv
@Vcl@Extctrls@TCustomCategoryPanelGroup@$bcctr$qqrv
@Vcl@Themes@TCustomStyleEngine@$bcdtr$qqrv
@Vcl@Themes@TCustomStyleEngine@$bcctr$qqrv
@Vcl@Menus@initialization$qqrv
@Vcl@Menus@Finalization$qqrv
@Vcl@Forms@initialization$qqrv
@Vcl@Forms@Finalization$qqrv
@Vcl@Forms@TForm@$bcdtr$qqrv
@Vcl@Forms@TForm@$bcctr$qqrv
@Vcl@Forms@TCustomForm@$bcdtr$qqrv
@Vcl@Forms@TCustomForm@$bcctr$qqrv
@Vcl@Forms@TScrollBox@$bcdtr$qqrv
@Vcl@Forms@TScrollBox@$bcctr$qqrv
l5engine.bpl
@Abconst@initialization$qqrv
@Abconst@Finalization$qqrv
@Abarctyp@initialization$qqrv
@Abarctyp@Finalization$qqrv
@Ablzma@initialization$qqrv
@Ablzma@Finalization$qqrv
@Abdfhufd@initialization$qqrv
@Abdfhufd@Finalization$qqrv
@Abdfxlat@initialization$qqrv
@Abdfxlat@Finalization$qqrv
@Lfrmload@initialization$qqrv
@Lfrmload@Finalization$qqrv
@Formrefcount@initialization$qqrv
@Formrefcount@Finalization$qqrv
@Halconst@initialization$qqrv
@Halconst@Finalization$qqrv
@Lpage@initialization$qqrv
@Lpage@Finalization$qqrv
@Exprreg@initialization$qqrv
@Exprreg@Finalization$qqrv
@Exprreg@RegisterExpression$qqrusuiuipv
@Modreg@initialization$qqrv
@Modreg@Finalization$qqrv
@Twodbarcode@initialization$qqrv
@Twodbarcode@Finalization$qqrv
@Engglobals@initialization$qqrv
@Engglobals@Finalization$qqrv
@Printvars@TPrintVariables@GetEFRequested$qqr25Haltypes@TEFRequestedType
@Printvars@TPrintVariables@IsValidIndataIndex$qqri
@Printvars@TPrintVariables@GetStateAbbreviation$qqr20System@UnicodeString
@Printvars@TPrintVariables@GetContainerInfo$qqrusui30Haltypes@TContainerInformation
@Printvars@TPrintVariables@GetClientNotesData$qqr18Haltypes@TNoteMode18Haltypes@TNoteTypei20System@UnicodeString
@Printvars@TPrintVariables@GetCtrlTData$qqr20System@UnicodeStringt1
@Printvars@TPrintVariables@IsStateRequested$qqr20System@UnicodeString
@Printvars@TPrintVariables@GetPageCaption$qqrui20System@UnicodeStringi24Haltypes@TPageNumberMode28Haltypes@TStartNumberingMode
@Printvars@TPrintVariables@GetGridLineCount$qqr23Haltypes@TLineCountModeuiuiui
@Printvars@TPrintVariables@GetTaxFieldData$qqruiiio
@Printvars@TPrintVariables@GetFedSubclientData$qqrii
@Printvars@TPrintVariables@GetClientInformation$qqr16Haltypes@TDBTypei
@Printvars@TPrintVariables@GetDetailDesc$qqriiii
@Printvars@TPrintVariables@GetDetailAmount$qqriiii
@Printvars@TPrintVariables@GetMultiTotal$qqrpxixi
@Printvars@TPrintVariables@GetOptionData$qqrio
@Printvars@TPrintVariables@GetConfigData$qqr20Haltypes@TConfigType
@Printvars@TPrintVariables@StrToBool$qqr20System@UnicodeString
@Printvars@TPrintVariables@HighestSuffix$qqriipxixi
@Printvars@TPrintVariables@OutDataExists$qqriii
@Printvars@TPrintVariables@HighSearchIndex$qqriipxixi
@Printvars@TPrintVariables@PropExists$qqrii
@Printvars@TPrintVariables@OutHighProp$qqrii
@Printvars@TPrintVariables@HighProp$qqri
@Printvars@TPrintVariables@GetOutDetailDesc$qqriiiii
@Printvars@TPrintVariables@GetOutDetailAmt$qqriiiii
@Printvars@TPrintVariables@GetOutStrings$qqriiii
@Printvars@TPrintVariables@GetODValue$qqriiii
@Printvars@TPrintVariables@GetOValue$qqriiii
@Printvars@TPrintVariables@GetOutDataInfoExists$qqriiiii
@Printvars@TPrintVariables@GetOutDataInfoCount$qqriiii
xmlrtl190.bpl
@Xml@Win@Msxmldom@initialization$qqrv
@Xml@Win@Msxmldom@Finalization$qqrv
@Xml@Win@Msxmldom@TMSXMLDOMDocumentFactory@$bcctr$qqrv
@Xml@Win@Msxmldom@TMSXMLDOMDocumentFactory@$bcdtr$qqrv
@Xml@Xmldom@initialization$qqrv
@Xml@Xmldom@Finalization$qqrv
@Xml@Xmlschema@initialization$qqrv
@Xml@Xmlschema@Finalization$qqrv
Exports
Exports
Sections
.text Size: 1.8MB - Virtual size: 1.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.itext Size: 284KB - Virtual size: 284KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 68B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 101KB - Virtual size: 101KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ