f7f6597ed88b3425c6e33ad131cf66a6bf0469dd23c8810af5d41b60fd822af6

Sharing

Copy URL Twitter E-mail

General

Target

f7f6597ed88b3425c6e33ad131cf66a6bf0469dd23c8810af5d41b60fd822af6
Size

204KB
MD5

241131a200dd26ff76b4004d35ed6d49
SHA1

19560c1f29c29b4005f2574de58e1136d94ddace
SHA256

f7f6597ed88b3425c6e33ad131cf66a6bf0469dd23c8810af5d41b60fd822af6
SHA512

0c7e474ce14e1b6441a4194e819c33c959c6b1bd0854b073a1656bbb65feeabe00c3700e8f283cdedcb224a05932b28d7876ccf56c4c0b2df66d75102ef63964
SSDEEP

3072:U85Ccn8bz+MNHqOWwDGn4sbwqDsqYa2s37sEjzK5DZAOom8:U9gqsbaaZpOFZ7p8

Score

1^/10

Malware Config

Signatures

Files

f7f6597ed88b3425c6e33ad131cf66a6bf0469dd23c8810af5d41b60fd822af6
.exe windows:5 windows x86 arch:x86

55cf8179b1356c282da772c97746e53e

Code Sign

8b:a1:f1:72:fd:50:ba:8d:4c:11:b7:4f:fa:c8:a2:82
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/03/2021, 00:00

Not After

24/03/2024, 23:59

Subject

CN=IObit CO.\, LTD,O=IObit CO.\, LTD,POSTALCODE=610042,STREET=No. 605\, 6th Floor\, Unit 1\, Building 1+STREET=45 Renmin South Road,L=Chengdu Shi,ST=Sichuan Sheng,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8b:a1:f1:72:fd:50:ba:8d:4c:11:b7:4f:fa:c8:a2:82
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/03/2021, 00:00

Not After

24/03/2024, 23:59

Subject

CN=IObit CO.\, LTD,O=IObit CO.\, LTD,POSTALCODE=610042,STREET=No. 605\, 6th Floor\, Unit 1\, Building 1+STREET=45 Renmin South Road,L=Chengdu Shi,ST=Sichuan Sheng,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:d8:55:88:54:3c:33:d1:8f:c5:58:9e:38:72:5e:5c:65:88:8e:14:d7:e0:9a:ba:3a:db:e0:4b:33:88:74:1f
Signer

Actual PE Digest

22:d8:55:88:54:3c:33:d1:8f:c5:58:9e:38:72:5e:5c:65:88:8e:14:d7:e0:9a:ba:3a:db:e0:4b:33:88:74:1f

Digest Algorithm

sha256

PE Digest Matches

false

1f:22:65:12:56:5a:81:49:b3:2b:83:fc:25:0e:3d:36:52:b2:49:24
Signer

Actual PE Digest

1f:22:65:12:56:5a:81:49:b3:2b:83:fc:25:0e:3d:36:52:b2:49:24

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

rtl120.bpl

@System@initialization$qqrv
@System@Finalization$qqrv
@System@FreeMemory$qpv
@System@@IntfCopy$qqrr45System@%DelphiInterface$t17System@IInterface%x45System@%DelphiInterface$t17System@IInterface%
@System@@IntfClear$qqrr45System@%DelphiInterface$t17System@IInterface%
@System@RegisterModule$qqrp17System@TLibModule
@System@@DynArrayAsg$qqrv
@System@@DynArrayClear$qqrrpvpv
@System@@DynArraySetLength$qqrv
@System@@DynArrayLength$qqrv
@System@@CopyRecord$qqrv
@System@@FinalizeArray$qqrpvt1ui
@System@@FinalizeRecord$qqrpvt1
@System@@InitializeRecord$qqrpvt1
@System@Pos$qqrx20System@UnicodeStringt1
@System@@UStrCopy$qqrx20System@UnicodeStringii
@System@@UStrEqual$qqrv
@System@@UStrCatN$qqrv
@System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2
@System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrLen$qqrx20System@UnicodeString
@System@@WStrFromUStr$qqrr17System@WideStringx20System@UnicodeString
@System@@UStrFromWStr$qqrr20System@UnicodeStringx17System@WideString
@System@@LStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus
@System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%
@System@@UStrFromWArray$qqrr20System@UnicodeStringpbi
@System@@UStrFromPWChar$qqrr20System@UnicodeStringpb
@System@@UStrFromWChar$qqrr20System@UnicodeStringb
@System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi
@System@@UStrToPWChar$qqrx20System@UnicodeString
@System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrArrayClr$qqrpvi
@System@@UStrClr$qqrpv
@System@@UStrAddRef$qqrpv
@System@@WStrAddRef$qqrr17System@WideString
@System@@WStrEqual$qqrv
@System@@WStrCat3$qqrr17System@WideStringx17System@WideStringt2
@System@@WStrLen$qqrx17System@WideString
@System@@WStrToPWChar$qqrx17System@WideString
@System@@WStrFromWChar$qqrr17System@WideStringb
@System@@WStrArrayClr$qqrpvi
@System@@WStrClr$qqrpv
@System@@UniqueStringA$qqrr27System@%AnsiStringT$us$i0$%
@System@@LStrToPChar$qqrx27System@%AnsiStringT$us$i0$%
@System@@LStrAddRef$qqrpv
@System@@LStrCat$qqrv
@System@@LStrLen$qqrx27System@%AnsiStringT$us$i0$%
@System@@LStrFromPWChar$qqrr27System@%AnsiStringT$us$i0$%pbus
@System@@LStrFromChar$qqrr27System@%AnsiStringT$us$i0$%cus
@System@@EnsureAnsiString$qqrr27System@%AnsiStringT$us$i0$%us
@System@@EnsureUnicodeString$qqrr20System@UnicodeString
@System@@LStrAsg$qqrpvpxv
@System@@LStrArrayClr$qqrpvi
@System@@LStrClr$qqrpv
@System@@Halt0$qqrv
@System@@StartExe$qqrp23System@PackageInfoTablep17System@TLibModule
@System@@TryFinallyExit$qqrv
@System@@DoneExcept$qqrv
@System@@RaiseAgain$qqrv
@System@@RaiseExcept$qqrv
@System@@HandleFinally$qqrv
@System@@HandleOnException$qqrv
@System@@HandleAnyException$qqrv
@System@@BeforeDestruction$qqrp14System@TObjectzc
@System@@AfterConstruction$qqrp14System@TObject
@System@@ClassDestroy$qqrp14System@TObject
@System@@ClassCreate$qqrp17System@TMetaClasso
@System@TObject@Dispatch$qqrpv
@System@TObject@BeforeDestruction$qqrv
@System@TObject@AfterConstruction$qqrv
@System@TObject@DefaultHandler$qqrpv
@System@TObject@ToString$qqrv
@System@TObject@SafeCallException$qqrp14System@TObjectpv
@System@@IsClass$qqrp14System@TObjectp17System@TMetaClass
@System@TObject@GetHashCode$qqrv
@System@TObject@Equals$qqrp14System@TObject
@System@TObject@Free$qqrv
@System@TObject@$bdtr$qqrv
@System@TObject@$bctr$qqrv
@System@TObject@FreeInstance$qqrv
@System@TObject@NewInstance$qqrv
@System@@SetEq$qqrv
@System@@FillChar$qqrpvib
@System@@AbstractError$qqrv
@System@@TRUNC$qqrv
@System@UpCase$qqrb
@System@ParamStr$qqri
@System@ParamCount$qqrv
@System@Move$qqrpxvpvi
@System@@FreeMem$qqrpv
@System@@GetMem$qqri
@System@AllocMem$qqrui
@$xp$17System@IInterface
@System@TObject@
@$xp$17System@WideString
@$xp$13System@string
@Sysutils@initialization$qqrv
@Sysutils@Finalization$qqrv
@Sysutils@TEncoding@GetUTF8$qqrv
@Sysutils@TEncoding@GetUnicode$qqrv
@Sysutils@FreeAndNil$qqrpv
@Sysutils@FindCmdLineSwitch$qqrx20System@UnicodeString
@Sysutils@StringReplace$qqrx20System@UnicodeStringt1t149System@%Set$t21Sysutils@Sysutils__15$iuc$0$iuc$1%
@Sysutils@GetLocaleFormatSettings$qqrir24Sysutils@TFormatSettings
@Sysutils@IncludeTrailingPathDelimiter$qqrx20System@UnicodeString
@Sysutils@IncludeTrailingBackslash$qqrx20System@UnicodeString
@Sysutils@Exception@ToString$qqrv
@Sysutils@Exception@RaisingException$qqrp25Sysutils@TExceptionRecord
@Sysutils@Exception@GetBaseException$qqrv
@Sysutils@Exception@$bdtr$qqrv
@Sysutils@Exception@$bctr$qqrp20System@TResStringRecpx14System@TVarRecxi
@Sysutils@Exception@$bctr$qqrp20System@TResStringRec
@Sysutils@Exception@$bctr$qqrx20System@UnicodeString
@Sysutils@OutOfMemoryError$qqrv
@Sysutils@StrToDateTimeDef$qqrx20System@UnicodeStringx16System@TDateTimerx24Sysutils@TFormatSettings
@Sysutils@StrToDateTime$qqrx20System@UnicodeStringrx24Sysutils@TFormatSettings
@Sysutils@FormatDateTime$qqrx20System@UnicodeString16System@TDateTime
@Sysutils@Now$qqrv
@Sysutils@Date$qqrv
@Sysutils@StrToFloatDef$qqrx20System@UnicodeStringxgrx24Sysutils@TFormatSettings
@Sysutils@FmtStr$qqrr20System@UnicodeStringx20System@UnicodeStringpx14System@TVarRecxi
@Sysutils@Format$qqrx20System@UnicodeStringpx14System@TVarRecxi
@Sysutils@StrDispose$qqrpb
@Sysutils@StrAlloc$qqrui
@Sysutils@StrPas$qqrpxc
@Sysutils@StrPLCopy$qqrpbx20System@UnicodeStringui
@Sysutils@StrPCopy$qqrpbx20System@UnicodeString
@Sysutils@StrLen$qqrpxb
@Sysutils@ExtractFileName$qqrx20System@UnicodeString
@Sysutils@ExtractFileDir$qqrx20System@UnicodeString
@Sysutils@ExtractFilePath$qqrx20System@UnicodeString
@Sysutils@FileIsReadOnly$qqrx20System@UnicodeString
@Sysutils@FileSetAttr$qqrx20System@UnicodeStringi
@Sysutils@FileGetAttr$qqrx20System@UnicodeString
@Sysutils@ForceDirectories$qqr20System@UnicodeString
@Sysutils@DirectoryExists$qqrx20System@UnicodeString
@Sysutils@FileExists$qqrx20System@UnicodeString
@Sysutils@StrToIntDef$qqrx20System@UnicodeStringi
@Sysutils@StrToInt$qqrx20System@UnicodeString
@Sysutils@IntToHex$qqrji
@Sysutils@IntToHex$qqrii
@Sysutils@IntToStr$qqrj
@Sysutils@IntToStr$qqri
@Sysutils@Trim$qqrx20System@UnicodeString
@Sysutils@SameText$qqrx20System@UnicodeStringt1
@Sysutils@CompareStr$qqrx20System@UnicodeStringt1
@Sysutils@UpperCase$qqrx20System@UnicodeString
@Sysutils@CharInSet$qqrbrx29System@%Set$tc$iuc$0$iuc$255%
@Sysutils@IsLeadChar$qqrb
@Sysutils@GUIDToString$qqrrx5_GUID
@$xp$24Sysutils@TFormatSettings
@Sysutils@TwoDigitYearCenturyWindow
@Sysutils@EConvertError@
@Sysutils@EInOutError@
@Sysutils@EArgumentOutOfRangeException@
@Sysutils@Exception@
@Rtlconsts@_SInvalidMask
@Strutils@MidStr$qqrx17System@WideStringxixi
@Strutils@LeftStr$qqrx17System@WideStringxi
@Dateutils@DaysBetween$qqrx16System@TDateTimet1
@Dateutils@MonthsBetween$qqrx16System@TDateTimet1
@Dateutils@MonthOfTheYear$qqrx16System@TDateTime
@Classes@initialization$qqrv
@Classes@Finalization$qqrv
@Classes@TMemoryStream@LoadFromFile$qqrx20System@UnicodeString
@Classes@TCustomMemoryStream@SaveToFile$qqrx20System@UnicodeString
@Classes@TStream@SetSize64$qqrxj
@Classes@TStream@SetPosition$qqrxj
@Classes@TStringList@$bctr$qqrv
@Classes@TStrings@GetEnumerator$qqrv
@Classes@TStrings@EndUpdate$qqrv
@Classes@TStrings@BeginUpdate$qqrv
@Classes@TStringsEnumerator@MoveNext$qqrv
@Classes@TStringsEnumerator@GetCurrent$qqrv
@Classes@TMemoryStream@
@Classes@TStringList@
@Classes@EListError@
@Typinfo@initialization$qqrv
@Typinfo@Finalization$qqrv
@Variants@initialization$qqrv
@Variants@Finalization$qqrv
@Varutils@initialization$qqrv
@Varutils@Finalization$qqrv
@Inifiles@initialization$qqrv
@Inifiles@Finalization$qqrv
@Inifiles@TIniFile@DeleteKey$qqrx20System@UnicodeStringt1
@Inifiles@TIniFile@ReadSectionValues$qqrx20System@UnicodeStringp16Classes@TStrings
@Inifiles@TIniFile@ReadSection$qqrx20System@UnicodeStringp16Classes@TStrings
@Inifiles@TIniFile@$bdtr$qqrv
@Inifiles@TMemIniFile@WriteString$qqrx20System@UnicodeStringt1t1
@Inifiles@TMemIniFile@SetStrings$qqrp16Classes@TStrings
@Inifiles@TMemIniFile@ReadString$qqrx20System@UnicodeStringt1t1
@Inifiles@TMemIniFile@ReadSectionValues$qqrx20System@UnicodeStringp16Classes@TStrings
@Inifiles@TMemIniFile@ReadSections$qqrp16Classes@TStrings
@Inifiles@TMemIniFile@ReadSection$qqrx20System@UnicodeStringp16Classes@TStrings
@Inifiles@TMemIniFile@GetStrings$qqrp16Classes@TStrings
@Inifiles@TMemIniFile@EraseSection$qqrx20System@UnicodeString
@Inifiles@TMemIniFile@$bdtr$qqrv
@Inifiles@TMemIniFile@$bctr$qqrx20System@UnicodeString
@Inifiles@TCustomIniFile@ReadSections$qqrx20System@UnicodeStringp16Classes@TStrings
@Inifiles@TCustomIniFile@WriteBinaryStream$qqrx20System@UnicodeStringt1p15Classes@TStream
@Inifiles@TCustomIniFile@ReadBinaryStream$qqrx20System@UnicodeStringt1p15Classes@TStream
@Inifiles@TCustomIniFile@ValueExists$qqrx20System@UnicodeStringt1
@Inifiles@TCustomIniFile@WriteBool$qqrx20System@UnicodeStringt1o
@Inifiles@TCustomIniFile@WriteTime$qqrx20System@UnicodeStringt116System@TDateTime
@Inifiles@TCustomIniFile@WriteFloat$qqrx20System@UnicodeStringt1d
@Inifiles@TCustomIniFile@WriteDateTime$qqrx20System@UnicodeStringt116System@TDateTime
@Inifiles@TCustomIniFile@WriteDate$qqrx20System@UnicodeStringt116System@TDateTime
@Inifiles@TCustomIniFile@ReadTime$qqrx20System@UnicodeStringt116System@TDateTime
@Inifiles@TCustomIniFile@ReadFloat$qqrx20System@UnicodeStringt1d
@Inifiles@TCustomIniFile@ReadDateTime$qqrx20System@UnicodeStringt116System@TDateTime
@Inifiles@TCustomIniFile@ReadDate$qqrx20System@UnicodeStringt116System@TDateTime
@Inifiles@TCustomIniFile@ReadBool$qqrx20System@UnicodeStringt1o
@Inifiles@TCustomIniFile@WriteInteger$qqrx20System@UnicodeStringt1i
@Inifiles@TCustomIniFile@ReadInteger$qqrx20System@UnicodeStringt1i
@Inifiles@TCustomIniFile@SectionExists$qqrx20System@UnicodeString
@Inifiles@TCustomIniFile@$bctr$qqrx20System@UnicodeString
@Inifiles@TIniFile@
@Inifiles@TMemIniFile@
@Registry@initialization$qqrv
@Registry@Finalization$qqrv
@Registry@TRegistry@ValueExists$qqrx20System@UnicodeString
@Registry@TRegistry@GetDataAsString$qqrx20System@UnicodeStringo
@Registry@TRegistry@ReadString$qqrx20System@UnicodeString
@Registry@TRegistry@OpenKeyReadOnly$qqrx20System@UnicodeString
@Registry@TRegistry@OpenKey$qqrx20System@UnicodeStringo
@Registry@TRegistry@SetRootKey$qqrp6HKEY__
@Registry@TRegistry@$bctr$qqrv
@Registry@TRegistry@
@Syncobjs@initialization$qqrv
@Syncobjs@Finalization$qqrv
@Syncobjs@TCriticalSection@Leave$qqrv
@Syncobjs@TCriticalSection@Enter$qqrv
@Syncobjs@TCriticalSection@$bctr$qqrv
@Syncobjs@TCriticalSection@
@Uxtheme@initialization$qqrv
@Uxtheme@Finalization$qqrv
@Multimon@initialization$qqrv
@Multimon@Finalization$qqrv
@Dwmapi@initialization$qqrv
@Dwmapi@Finalization$qqrv
@Helpintfs@initialization$qqrv
@Helpintfs@Finalization$qqrv
@Mapi@initialization$qqrv
@Mapi@Finalization$qqrv
@Flatsb@initialization$qqrv
@Flatsb@Finalization$qqrv
@Generics_defaults@_LookupVtableInfo$qqr42Generics_defaults@TDefaultGenericInterfacep17Typinfo@TTypeInfoi
@Comobj@initialization$qqrv
@Comobj@Finalization$qqrv

kernel32

GetModuleHandleW
WritePrivateProfileStringW
WaitForSingleObject
OutputDebugStringW
LoadLibraryW
GetVersionExW
GetTickCount
GetTempPathW
GetSystemDefaultLangID
GetProcAddress
GetPrivateProfileStringW
GetLocaleInfoW
GetLastError
GetExitCodeProcess
GetComputerNameW
FreeLibrary
CreateProcessW
CreateMutexW
CreateFileW
CloseHandle
Sleep
GetUserDefaultUILanguage
GetUserDefaultUILanguage

madexcept_.bpl

@Madexcept@initialization$qqrv
@Madexcept@Finalization$qqrv
@Madexcept@RegisterExceptActionHandler$qqrpqqr23Madexcept@TExceptActionx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v19Madexcept@TSyncType
@Madexcept@RegisterExceptionHandler$qqrpqqrx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v19Madexcept@TSyncType22Madexcept@TExceptPhase
@$xp$19Madexcept@IMEFields
@Madmapfile@initialization$qqrv
@Madmapfile@Finalization$qqrv
@Madstacktrace@initialization$qqrv
@Madstacktrace@Finalization$qqrv
@Madlinkdisasm@initialization$qqrv
@Madlinkdisasm@Finalization$qqrv
@Madlisthardware@initialization$qqrv
@Madlisthardware@Finalization$qqrv
@Madlistprocesses@initialization$qqrv
@Madlistprocesses@Finalization$qqrv
@Madlistmodules@initialization$qqrv
@Madlistmodules@Finalization$qqrv

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

advapi32

GetUserNameW

madbasic_.bpl

@Madstrings@initialization$qqrv
@Madstrings@Finalization$qqrv
@Madtools@initialization$qqrv
@Madtools@Finalization$qqrv

maddisasm_.bpl

@Maddisasm@initialization$qqrv
@Maddisasm@Finalization$qqrv

shell32

SHGetSpecialFolderPathW

wininet

InternetOpenUrlW
InternetOpenW
InternetCloseHandle

vcl120.bpl

@Buttons@initialization$qqrv
@Buttons@Finalization$qqrv
@Menus@initialization$qqrv
@Menus@Finalization$qqrv
@Actnlist@initialization$qqrv
@Actnlist@Finalization$qqrv
@Graphics@initialization$qqrv
@Graphics@Finalization$qqrv
@Themes@initialization$qqrv
@Themes@Finalization$qqrv
@Controls@initialization$qqrv
@Controls@Finalization$qqrv
@Forms@initialization$qqrv
@Forms@Finalization$qqrv
@Forms@TApplication@GetExeName$qqrv
@Forms@TApplication@ProcessMessages$qqrv
@Forms@Application
@Dialogs@initialization$qqrv
@Dialogs@Finalization$qqrv
@Comctrls@initialization$qqrv
@Comctrls@Finalization$qqrv
@Graphutil@initialization$qqrv
@Graphutil@Finalization$qqrv
@Extctrls@initialization$qqrv
@Extctrls@Finalization$qqrv
@Printers@initialization$qqrv
@Printers@Finalization$qqrv
@Clipbrd@initialization$qqrv
@Clipbrd@Finalization$qqrv
@Extactns@initialization$qqrv
@Extactns@Finalization$qqrv
@Extdlgs@initialization$qqrv
@Extdlgs@Finalization$qqrv

ole32

CoCreateGuid

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 556B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55cf8179b1356c282da772c97746e53e

Code Sign

8b:a1:f1:72:fd:50:ba:8d:4c:11:b7:4f:fa:c8:a2:82Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

8b:a1:f1:72:fd:50:ba:8d:4c:11:b7:4f:fa:c8:a2:82Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

22:d8:55:88:54:3c:33:d1:8f:c5:58:9e:38:72:5e:5c:65:88:8e:14:d7:e0:9a:ba:3a:db:e0:4b:33:88:74:1fSigner

1f:22:65:12:56:5a:81:49:b3:2b:83:fc:25:0e:3d:36:52:b2:49:24Signer

Headers

File Characteristics

Imports

rtl120.bpl

kernel32

madexcept_.bpl

version

advapi32

madbasic_.bpl

maddisasm_.bpl

shell32

wininet

vcl120.bpl

ole32

Sections

.text Size: 66KB - Virtual size: 66KB

.itext Size: 7KB - Virtual size: 6KB

.data Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 556B

.idata Size: 19KB - Virtual size: 18KB

.reloc Size: 5KB - Virtual size: 4KB

.rsrc Size: 42KB - Virtual size: 42KB

8b:a1:f1:72:fd:50:ba:8d:4c:11:b7:4f:fa:c8:a2:82
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

8b:a1:f1:72:fd:50:ba:8d:4c:11:b7:4f:fa:c8:a2:82
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

22:d8:55:88:54:3c:33:d1:8f:c5:58:9e:38:72:5e:5c:65:88:8e:14:d7:e0:9a:ba:3a:db:e0:4b:33:88:74:1f
Signer

1f:22:65:12:56:5a:81:49:b3:2b:83:fc:25:0e:3d:36:52:b2:49:24
Signer

.text
Size: 66KB - Virtual size: 66KB

.itext
Size: 7KB - Virtual size: 6KB

.data
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 556B

.idata
Size: 19KB - Virtual size: 18KB

.reloc
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 42KB - Virtual size: 42KB