Static task
static1
Behavioral task
behavioral1
Sample
bfbf76a42c5d7d640ef89d687fbfdeab08ec619090a259ce366a8a9098d26afa.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral2
Sample
bfbf76a42c5d7d640ef89d687fbfdeab08ec619090a259ce366a8a9098d26afa.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
bfbf76a42c5d7d640ef89d687fbfdeab08ec619090a259ce366a8a9098d26afa
-
Size
239KB
-
MD5
21dee4f4bd710c2b00733381e629eb1b
-
SHA1
2e7eafead0616ea7d85a9b02a4db4d2a97119759
-
SHA256
bfbf76a42c5d7d640ef89d687fbfdeab08ec619090a259ce366a8a9098d26afa
-
SHA512
0bb4e6d65ef4f799c915ab2a9fe1f65823ae6faa95ee0f285a4b206ba9f2dd1d99d41eccf381a3fad4671f2f4538ca78af0f45b8620a24bd978b980a50e5272d
-
SSDEEP
3072:PK2FRsfrS8Ywp3GKJ7hDDiRvDTX8QlevsqYau7j7/Eet96QKl+tiXgimoIVOmNdW:S1TSG/XgFau7ptgQ4+tiXcooOmMklmak
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource bfbf76a42c5d7d640ef89d687fbfdeab08ec619090a259ce366a8a9098d26afa
Files
-
bfbf76a42c5d7d640ef89d687fbfdeab08ec619090a259ce366a8a9098d26afa.exe windows:5 windows x86 arch:x86
668fc9893277bcf73c5f63175b9eacff
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Imports
rtl120.bpl
@System@initialization$qqrv
@System@Finalization$qqrv
@System@LoadResString$qqrp20System@TResStringRec
@System@FreeMemory$qpv
@System@GetMemory$qi
@System@@IntfClear$qqrr45System@%DelphiInterface$t17System@IInterface%
@System@RegisterModule$qqrp17System@TLibModule
@System@@DynArrayAddRef$qqrv
@System@@DynArrayAsg$qqrv
@System@@DynArrayClear$qqrrpvpv
@System@@DynArraySetLength$qqrv
@System@@DynArrayLength$qqrv
@System@@FinalizeArray$qqrpvt1ui
@System@@FinalizeRecord$qqrpvt1
@System@@InitializeRecord$qqrpvt1
@System@Pos$qqrx20System@UnicodeStringt1
@System@@UniqueStringU$qqrr20System@UnicodeString
@System@@UStrDelete$qqrr20System@UnicodeStringii
@System@@UStrCopy$qqrx20System@UnicodeStringii
@System@@UStrEqual$qqrv
@System@@UStrCatN$qqrv
@System@@UStrCat3$qqrr20System@UnicodeStringx20System@UnicodeStringt2
@System@@UStrCat$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrSetLength$qqrr20System@UnicodeStringi
@System@@UStrLen$qqrx20System@UnicodeString
@System@@WStrFromUStr$qqrr17System@WideStringx20System@UnicodeString
@System@@UStrFromWStr$qqrr20System@UnicodeStringx17System@WideString
@System@@LStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus
@System@@UStrFromLStr$qqrr20System@UnicodeStringx27System@%AnsiStringT$us$i0$%
@System@@UStrFromWArray$qqrr20System@UnicodeStringpbi
@System@@UStrFromPWChar$qqrr20System@UnicodeStringpb
@System@@UStrFromWChar$qqrr20System@UnicodeStringb
@System@@UStrFromPWCharLen$qqrr20System@UnicodeStringpbi
@System@@UStrToPWChar$qqrx20System@UnicodeString
@System@@UStrLAsg$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrArrayClr$qqrpvi
@System@@UStrClr$qqrpv
@System@@UStrAddRef$qqrpv
@System@@WStrCat3$qqrr17System@WideStringx17System@WideStringt2
@System@@WStrToPWChar$qqrx17System@WideString
@System@@WStrClr$qqrpv
@System@@LStrToPChar$qqrx27System@%AnsiStringT$us$i0$%
@System@@LStrFromPWChar$qqrr27System@%AnsiStringT$us$i0$%pbus
@System@@EnsureUnicodeString$qqrr20System@UnicodeString
@System@@LStrClr$qqrpv
@System@@Halt0$qqrv
@System@@InitResStringImports$qqrv
@System@@StartExe$qqrp23System@PackageInfoTablep17System@TLibModule
@System@@TryFinallyExit$qqrv
@System@@DoneExcept$qqrv
@System@@RaiseAgain$qqrv
@System@@RaiseExcept$qqrv
@System@@HandleFinally$qqrv
@System@@HandleOnException$qqrv
@System@@HandleAnyException$qqrv
@System@@BeforeDestruction$qqrp14System@TObjectzc
@System@@AfterConstruction$qqrp14System@TObject
@System@@ClassDestroy$qqrp14System@TObject
@System@@ClassCreate$qqrp17System@TMetaClasso
@System@TObject@Dispatch$qqrpv
@System@TObject@BeforeDestruction$qqrv
@System@TObject@AfterConstruction$qqrv
@System@TObject@DefaultHandler$qqrpv
@System@TObject@ToString$qqrv
@System@TObject@SafeCallException$qqrp14System@TObjectpv
@System@TObject@InheritsFrom$qqrp17System@TMetaClass
@System@@CallDynaInst$qqrv
@System@@IsClass$qqrp14System@TObjectp17System@TMetaClass
@System@TObject@GetHashCode$qqrv
@System@TObject@Equals$qqrp14System@TObject
@System@TObject@Free$qqrv
@System@TObject@$bdtr$qqrv
@System@TObject@$bctr$qqrv
@System@TObject@FreeInstance$qqrv
@System@TObject@NewInstance$qqrv
@System@@FillChar$qqrpvib
@System@@AbstractError$qqrv
@System@ParamStr$qqri
@System@Move$qqrpxvpvi
@System@@ReallocMem$qqrrpvi
@System@@FreeMem$qqrpv
@System@@GetMem$qqri
@System@AllocMem$qqrui
@System@TObject@
@$xp$17System@WideString
@$xp$13System@string
@$xp$8Cardinal
@$xp$7Integer
@$xp$7Boolean
@Sysutils@initialization$qqrv
@Sysutils@Finalization$qqrv
@Sysutils@TEncoding@GetUTF8$qqrv
@Sysutils@TEncoding@GetUnicode$qqrv
@Sysutils@GetEnvironmentVariable$qqrx20System@UnicodeString
@Sysutils@FreeAndNil$qqrpv
@Sysutils@RaiseLastOSError$qqrv
@Sysutils@GetModuleName$qqrui
@Sysutils@FindCmdLineSwitch$qqrx20System@UnicodeStringrx29System@%Set$tc$iuc$0$iuc$255%o
@Sysutils@StringReplace$qqrx20System@UnicodeStringt1t149System@%Set$t21Sysutils@Sysutils__15$iuc$0$iuc$1%
@Sysutils@GetLocaleFormatSettings$qqrir24Sysutils@TFormatSettings
@Sysutils@AnsiPos$qqrx20System@UnicodeStringt1
@Sysutils@IncludeTrailingPathDelimiter$qqrx20System@UnicodeString
@Sysutils@IncludeTrailingBackslash$qqrx20System@UnicodeString
@Sysutils@Exception@$bctr$qqrx20System@UnicodeString
@Sysutils@SysErrorMessage$qqrui
@Sysutils@StrToDateTime$qqrx20System@UnicodeStringrx24Sysutils@TFormatSettings
@Sysutils@FormatDateTime$qqrx20System@UnicodeString16System@TDateTime
@Sysutils@Now$qqrv
@Sysutils@Format$qqrx20System@UnicodeStringpx14System@TVarRecxi
@Sysutils@StrPas$qqrpxb
@Sysutils@StrPLCopy$qqrpbx20System@UnicodeStringui
@Sysutils@StrECopy$qqrpbpxb
@Sysutils@StrCopy$qqrpbpxb
@Sysutils@ExpandFileName$qqrx20System@UnicodeString
@Sysutils@ExtractFileExt$qqrx20System@UnicodeString
@Sysutils@ExtractFileName$qqrx20System@UnicodeString
@Sysutils@ExtractFileDir$qqrx20System@UnicodeString
@Sysutils@ExtractFilePath$qqrx20System@UnicodeString
@Sysutils@ChangeFileExt$qqrx20System@UnicodeStringt1
@Sysutils@RenameFile$qqrx20System@UnicodeStringt1
@Sysutils@DeleteFile$qqrx20System@UnicodeString
@Sysutils@FileSetAttr$qqrx20System@UnicodeStringi
@Sysutils@FileGetAttr$qqrx20System@UnicodeString
@Sysutils@ForceDirectories$qqr20System@UnicodeString
@Sysutils@DirectoryExists$qqrx20System@UnicodeString
@Sysutils@FileExists$qqrx20System@UnicodeString
@Sysutils@StrToIntDef$qqrx20System@UnicodeStringi
@Sysutils@IntToHex$qqrji
@Sysutils@IntToHex$qqrii
@Sysutils@IntToStr$qqrj
@Sysutils@UIntToStr$qqrui
@Sysutils@IntToStr$qqri
@Sysutils@Trim$qqrx20System@UnicodeString
@Sysutils@AnsiCompareText$qqrx20System@UnicodeStringt1
@Sysutils@AnsiUpperCase$qqrx20System@UnicodeString
@Sysutils@SameText$qqrx20System@UnicodeStringt1
@Sysutils@CompareMem$qqrpvt1i
@Sysutils@UpperCase$qqrx20System@UnicodeString
@Sysutils@AddExitProc$qqrpqqrv$v
@Sysutils@GUIDToString$qqrrx5_GUID
@Sysutils@CreateGUID$qqsr5_GUID
@$xp$24Sysutils@TFormatSettings
@Sysutils@TwoDigitYearCenturyWindow
@Sysutils@Win32MinorVersion
@Sysutils@Win32MajorVersion
@Sysutils@EConvertError@
@Sysutils@Exception@
@$xp$15Sysutils@TBytes
@Registry@initialization$qqrv
@Registry@Finalization$qqrv
@Registry@TRegistry@ValueExists$qqrx20System@UnicodeString
@Registry@TRegistry@GetDataAsString$qqrx20System@UnicodeStringo
@Registry@TRegistry@WriteString$qqrx20System@UnicodeStringt1
@Registry@TRegistry@OpenKeyReadOnly$qqrx20System@UnicodeString
@Registry@TRegistry@OpenKey$qqrx20System@UnicodeStringo
@Registry@TRegistry@SetRootKey$qqrp6HKEY__
@Registry@TRegistry@CloseKey$qqrv
@Registry@TRegistry@$bctr$qqrv
@Registry@TRegistry@
@Inifiles@initialization$qqrv
@Inifiles@Finalization$qqrv
@Inifiles@TMemIniFile@ReadString$qqrx20System@UnicodeStringt1t1
@Inifiles@TMemIniFile@ReadSectionValues$qqrx20System@UnicodeStringp16Classes@TStrings
@Inifiles@TMemIniFile@ReadSections$qqrp16Classes@TStrings
@Inifiles@TMemIniFile@ReadSection$qqrx20System@UnicodeStringp16Classes@TStrings
@Inifiles@TMemIniFile@GetStrings$qqrp16Classes@TStrings
@Inifiles@TMemIniFile@GetCaseSensitive$qqrv
@Inifiles@TMemIniFile@EraseSection$qqrx20System@UnicodeString
@Inifiles@TMemIniFile@Clear$qqrv
@Inifiles@TMemIniFile@$bdtr$qqrv
@Inifiles@TMemIniFile@$bctr$qqrx20System@UnicodeString
@Inifiles@THashedStringList@IndexOfName$qqrx20System@UnicodeString
@Inifiles@THashedStringList@IndexOf$qqrx20System@UnicodeString
@Inifiles@THashedStringList@$bdtr$qqrv
@Inifiles@THashedStringList@Changed$qqrv
@Inifiles@TStringHash@Remove$qqrx20System@UnicodeString
@Inifiles@TStringHash@Add$qqrx20System@UnicodeStringi
@Inifiles@TCustomIniFile@ReadSections$qqrx20System@UnicodeStringp16Classes@TStrings
@Inifiles@TCustomIniFile@WriteBinaryStream$qqrx20System@UnicodeStringt1p15Classes@TStream
@Inifiles@TCustomIniFile@ReadBinaryStream$qqrx20System@UnicodeStringt1p15Classes@TStream
@Inifiles@TCustomIniFile@ValueExists$qqrx20System@UnicodeStringt1
@Inifiles@TCustomIniFile@WriteTime$qqrx20System@UnicodeStringt116System@TDateTime
@Inifiles@TCustomIniFile@WriteFloat$qqrx20System@UnicodeStringt1d
@Inifiles@TCustomIniFile@WriteDate$qqrx20System@UnicodeStringt116System@TDateTime
@Inifiles@TCustomIniFile@ReadTime$qqrx20System@UnicodeStringt116System@TDateTime
@Inifiles@TCustomIniFile@ReadFloat$qqrx20System@UnicodeStringt1d
@Inifiles@TCustomIniFile@ReadDate$qqrx20System@UnicodeStringt116System@TDateTime
@Inifiles@TCustomIniFile@ReadBool$qqrx20System@UnicodeStringt1o
@Inifiles@TCustomIniFile@WriteInteger$qqrx20System@UnicodeStringt1i
@Inifiles@TCustomIniFile@ReadInteger$qqrx20System@UnicodeStringt1i
@Inifiles@TMemIniFile@
@$xp$26Inifiles@THashedStringList
@Inifiles@THashedStringList@
@Classes@initialization$qqrv
@Classes@Finalization$qqrv
@Classes@TDataModule@ReadState$qqrp15Classes@TReader
@Classes@TDataModule@DefineProperties$qqrp14Classes@TFiler
@Classes@TDataModule@DoDestroy$qqrv
@Classes@TDataModule@DoCreate$qqrv
@Classes@TDataModule@$bdtr$qqrv
@Classes@TDataModule@BeforeDestruction$qqrv
@Classes@TDataModule@$bctr$qqrp18Classes@TComponenti
@Classes@TDataModule@AfterConstruction$qqrv
@Classes@TDataModule@$bctr$qqrp18Classes@TComponent
@Classes@TComponent@QueryInterface$qqsrx5_GUIDpv
@Classes@TComponent@UpdateRegistry$qqrox20System@UnicodeStringt2
@Classes@TComponent@SafeCallException$qqrp14System@TObjectpv
@Classes@TComponent@GetComponentCount$qqrv
@Classes@TComponent@GetComponent$qqri
@Classes@TComponent@SetName$qqrx20System@UnicodeString
@Classes@TComponent@ValidateRename$qqrp18Classes@TComponentx20System@UnicodeStringt2
@Classes@TComponent@WriteState$qqrp15Classes@TWriter
@Classes@TComponent@ReadState$qqrp15Classes@TReader
@Classes@TComponent@Loaded$qqrv
@Classes@TComponent@DefineProperties$qqrp14Classes@TFiler
@Classes@TComponent@Notification$qqrp18Classes@TComponent18Classes@TOperation
@Classes@TComponent@Destroying$qqrv
@Classes@TComponent@DestroyComponents$qqrv
@Classes@TComponent@BeforeDestruction$qqrv
@Classes@TComponent@$bdtr$qqrv
@Classes@TComponent@$bctr$qqrp18Classes@TComponent
@Classes@TThread@WaitFor$qqrv
@Classes@TThread@Terminate$qqrv
@Classes@TThread@Resume$qqrv
@Classes@TThread@Suspend$qqrv
@Classes@TThread@DoTerminate$qqrv
@Classes@TThread@AfterConstruction$qqrv
@Classes@TThread@$bdtr$qqrv
@Classes@TThread@$bctr$qqro
@Classes@TStringList@SetCaseSensitive$qqrxo
@Classes@TStringList@$bctr$qqrv
@Classes@TStringList@CompareStrings$qqrx20System@UnicodeStringt1
@Classes@TStringList@CustomSort$qqrpqqrp19Classes@TStringListii$i
@Classes@TStringList@Sort$qqrv
@Classes@TStringList@SetUpdateState$qqro
@Classes@TStringList@SetCapacity$qqri
@Classes@TStringList@PutObject$qqrip14System@TObject
@Classes@TStringList@Put$qqrix20System@UnicodeString
@Classes@TStringList@InsertItem$qqrix20System@UnicodeStringp14System@TObject
@Classes@TStringList@InsertObject$qqrix20System@UnicodeStringp14System@TObject
@Classes@TStringList@Insert$qqrix20System@UnicodeString
@Classes@TStringList@GetObject$qqri
@Classes@TStringList@GetCount$qqrv
@Classes@TStringList@GetCapacity$qqrv
@Classes@TStringList@Get$qqri
@Classes@TStringList@Find$qqrx20System@UnicodeStringri
@Classes@TStringList@Exchange$qqrii
@Classes@TStringList@Delete$qqri
@Classes@TStringList@Clear$qqrv
@Classes@TStringList@Changing$qqrv
@Classes@TStringList@AddObject$qqrx20System@UnicodeStringp14System@TObject
@Classes@TStringList@Add$qqrx20System@UnicodeString
@Classes@TStrings@GetNameValueSeparator$qqrv
@Classes@TStrings@SetTextStr$qqrx20System@UnicodeString
@Classes@TStrings@SetText$qqrpb
@Classes@TStrings@SaveToStream$qqrp15Classes@TStreamp18Sysutils@TEncoding
@Classes@TStrings@SaveToStream$qqrp15Classes@TStream
@Classes@TStrings@SaveToFile$qqrx20System@UnicodeStringp18Sysutils@TEncoding
@Classes@TStrings@SaveToFile$qqrx20System@UnicodeString
@Classes@TStrings@Move$qqrii
@Classes@TStrings@LoadFromStream$qqrp15Classes@TStreamp18Sysutils@TEncoding
@Classes@TStrings@LoadFromStream$qqrp15Classes@TStream
@Classes@TStrings@LoadFromFile$qqrx20System@UnicodeStringp18Sysutils@TEncoding
@Classes@TStrings@LoadFromFile$qqrx20System@UnicodeString
@Classes@TStrings@IndexOfObject$qqrp14System@TObject
@Classes@TStrings@GetTextStr$qqrv
@Classes@TStrings@GetText$qqrv
@Classes@TStrings@GetEnumerator$qqrv
@Classes@TStrings@DefineProperties$qqrp14Classes@TFiler
@Classes@TStrings@Assign$qqrp19Classes@TPersistent
@Classes@TStrings@AddStrings$qqrp16Classes@TStrings
@Classes@TStringsEnumerator@MoveNext$qqrv
@Classes@TStringsEnumerator@GetCurrent$qqrv
@Classes@TCollection@Notify$qqrp23Classes@TCollectionItem31Classes@TCollectionNotification
@Classes@TCollection@Deleting$qqrp23Classes@TCollectionItem
@Classes@TCollection@Added$qqrrp23Classes@TCollectionItem
@Classes@TCollection@Update$qqrp23Classes@TCollectionItem
@Classes@TCollection@SetItemName$qqrp23Classes@TCollectionItem
@Classes@TCollection@GetItem$qqri
@Classes@TCollection@GetCount$qqrv
@Classes@TCollection@EndUpdate$qqrv
@Classes@TCollection@BeginUpdate$qqrv
@Classes@TCollection@Assign$qqrp19Classes@TPersistent
@Classes@TCollection@$bdtr$qqrv
@Classes@TCollection@$bctr$qqrp17System@TMetaClass
@Classes@TCollectionItem@SetIndex$qqri
@Classes@TCollectionItem@SetDisplayName$qqrx20System@UnicodeString
@Classes@TCollectionItem@SetCollection$qqrp19Classes@TCollection
@Classes@TCollectionItem@GetDisplayName$qqrv
@Classes@TCollectionItem@$bdtr$qqrv
@Classes@TCollectionItem@$bctr$qqrp19Classes@TCollection
@Classes@TPersistent@DefineProperties$qqrp14Classes@TFiler
@Classes@TPersistent@AssignTo$qqrp19Classes@TPersistent
@Classes@TPersistent@Assign$qqrp19Classes@TPersistent
@$xp$19Classes@TDataModule
@Classes@TDataModule@
@$xp$18Classes@TComponent
@Classes@TComponent@
@Classes@TThread@
@Classes@TStringList@
@$xp$19Classes@TCollection
@Classes@TCollection@
@$xp$23Classes@TCollectionItem
@Classes@TCollectionItem@
@Typinfo@initialization$qqrv
@Typinfo@Finalization$qqrv
@Typinfo@GetEnumName$qqrp17Typinfo@TTypeInfoi
@Variants@initialization$qqrv
@Variants@Finalization$qqrv
@Varutils@initialization$qqrv
@Varutils@Finalization$qqrv
@Syncobjs@initialization$qqrv
@Syncobjs@Finalization$qqrv
@Uxtheme@initialization$qqrv
@Uxtheme@Finalization$qqrv
@Multimon@initialization$qqrv
@Multimon@Finalization$qqrv
@Dwmapi@initialization$qqrv
@Dwmapi@Finalization$qqrv
@Helpintfs@initialization$qqrv
@Helpintfs@Finalization$qqrv
@Mapi@initialization$qqrv
@Mapi@Finalization$qqrv
@Flatsb@initialization$qqrv
@Flatsb@Finalization$qqrv
kernel32
GetModuleHandleW
lstrcmpiW
WriteFile
WinExec
WaitForSingleObject
TerminateProcess
Sleep
SetLastError
OutputDebugStringW
OpenProcess
MoveFileExW
LoadLibraryW
GetWindowsDirectoryW
GetVersionExW
GetTickCount
GetTempPathW
GetSystemDirectoryW
GetShortPathNameW
GetProcAddress
GetModuleHandleW
GetLastError
GetCurrentProcessId
GetCurrentProcess
FreeLibrary
CreateProcessW
CreateFileW
CloseHandle
Sleep
GetProcAddress
LoadLibraryA
GetModuleHandleA
ProcessIdToSessionId
madexcept_.bpl
@Madexcept@initialization$qqrv
@Madexcept@Finalization$qqrv
@Madexcept@HookThreads$qqrv
@Madexcept@RegisterExceptionHandler$qqrpqqrx50System@%DelphiInterface$t22Madexcept@IMEException%ro$v19Madexcept@TSyncType22Madexcept@TExceptPhase
@Madmapfile@initialization$qqrv
@Madmapfile@Finalization$qqrv
@Madstacktrace@initialization$qqrv
@Madstacktrace@Finalization$qqrv
@Madlinkdisasm@initialization$qqrv
@Madlinkdisasm@Finalization$qqrv
@Madlisthardware@initialization$qqrv
@Madlisthardware@Finalization$qqrv
@Madlistprocesses@initialization$qqrv
@Madlistprocesses@Finalization$qqrv
@Madlistmodules@initialization$qqrv
@Madlistmodules@Finalization$qqrv
user32
ShowOwnedPopups
PostThreadMessageW
PostMessageW
PeekMessageW
GetMessageW
DispatchMessageW
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
advapi32
ReportEventW
RegisterEventSourceW
OpenProcessToken
LookupAccountSidW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
DuplicateTokenEx
DeregisterEventSource
CreateProcessAsUserW
StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
madbasic_.bpl
@Madstrings@initialization$qqrv
@Madstrings@Finalization$qqrv
@Madtools@initialization$qqrv
@Madtools@Finalization$qqrv
maddisasm_.bpl
@Maddisasm@initialization$qqrv
@Maddisasm@Finalization$qqrv
shell32
ShellExecuteW
SHGetSpecialFolderPathW
vcl120.bpl
@Graphics@initialization$qqrv
@Graphics@Finalization$qqrv
@Consts@_SServiceUninstallFailed
@Consts@_SServiceUninstallOK
@Consts@_SServiceInstallFailed
@Consts@_SServiceInstallOK
@Consts@_SCustomError
@Consts@_SShutdown
@Consts@_SInterrogate
@Consts@_SContinue
@Consts@_SPause
@Consts@_SStop
@Consts@_SStart
@Consts@_SExecute
@Consts@_SServiceFailed
@Extctrls@initialization$qqrv
@Extctrls@Finalization$qqrv
@Extctrls@TTimer@SetEnabled$qqro
@Extctrls@TTimer@
@Themes@initialization$qqrv
@Themes@Finalization$qqrv
@Controls@initialization$qqrv
@Controls@Finalization$qqrv
@Actnlist@initialization$qqrv
@Actnlist@Finalization$qqrv
@Menus@initialization$qqrv
@Menus@Finalization$qqrv
@Forms@initialization$qqrv
@Forms@Finalization$qqrv
@Forms@TApplication@SetShowHint$qqro
@Forms@TApplication@GetExeName$qqrv
@Forms@TApplication@Terminate$qqrv
@Forms@TApplication@CreateForm$qqrp17System@TMetaClasspv
@Forms@TApplication@Initialize$qqrv
@Forms@TApplication@UnhookMainWindow$qqrynpqqrr17Messages@TMessage$o
@Forms@TApplication@HookMainWindow$qqrynpqqrr17Messages@TMessage$o
@Forms@TApplication@HandleMessage$qqrv
@Forms@Application
@Dialogs@initialization$qqrv
@Dialogs@Finalization$qqrv
@Dialogs@MessageDlg$qqrx20System@UnicodeString19Dialogs@TMsgDlgType47System@%Set$t18Dialogs@TMsgDlgBtn$iuc$0$iuc$11%i
@Comctrls@initialization$qqrv
@Comctrls@Finalization$qqrv
@Graphutil@initialization$qqrv
@Graphutil@Finalization$qqrv
@Printers@initialization$qqrv
@Printers@Finalization$qqrv
@Clipbrd@initialization$qqrv
@Clipbrd@Finalization$qqrv
@Extactns@initialization$qqrv
@Extactns@Finalization$qqrv
@Extdlgs@initialization$qqrv
@Extdlgs@Finalization$qqrv
@Buttons@initialization$qqrv
@Buttons@Finalization$qqrv
userenv
DestroyEnvironmentBlock
CreateEnvironmentBlock
wtsapi32
WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsW
Sections
.text Size: 51KB - Virtual size: 51KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.itext Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 512B - Virtual size: 424B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 704B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 135KB - Virtual size: 136KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE