Sample details: 480b0aa457fcd9694e1ac3c40dc3765b --

Hashes
MD5: 480b0aa457fcd9694e1ac3c40dc3765b
SHA1: 59a72e2aa6cda1fdea660e8edb96bf149c81c210
SHA256: 54b6ae960a553b9b7b50437bf924c61d8280749d02eede3fe5a017cbaa6172a5
SSDEEP: 1536:mOqYEgPS2IyA8/KwQUUI3S9KILLuso2tEzkIkAeAJ5fgehPt:VHyyTq9KIXI4e7kAeefgy
Details
File Type: PE32
Yara Hits
YRP/Borland_Delphi_40_additional | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_Setup_Module | YRP/Borland_Delphi_40 | YRP/Borland_Delphi_v40_v50 | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/Borland | YRP/UPXProtectorv10x2 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/borland_delphi | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/network_tcp_listen | YRP/network_tcp_socket | YRP/screenshot | YRP/keylogger | YRP/win_registry | YRP/win_private_profile | YRP/win_files_operation | YRP/BASE64_table | YRP/Delphi_CompareCall | YRP/Delphi_Copy | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/Str_Win32_Http_API | YRP/UPX | YRP/suspicious_packer_section |
Strings
		This program must be run under Win32
StringX
TObject
YZ]_^[
YZ]_^[
YZ]_^[
_^[YY]
YZ]_^[
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
ZTUWVSPRTj
Portions Copyright (c) 1983,97 Borland
tVSVWU
Software\Borland\Locales
Software\Borland\Delphi\Locales
_^[YY]
Ht Ht.
comctl32.dll
InitCommonControlsEx
YXZQRPR
R;P P|
D:\126\Delphi\HiAsm3\compiler\Kol.pas
error!
IVXLCDMT
XH;XH~	P
9PD}-RP
PH9PL~
KH+KLQ
;CHRQ~
_^[YY]
RPQR, PQR,
D$,)D$
D$0)D$
PhX_^[
PPPPPQRj
PPPPPQRj
uiZYXPQR)
PZZX)B
C1@tDHuA
RRRBRP
MAINICON
RRTRPQ
PO"PMt9
@P;BP~
9XP}'9HP~"
	%'&(!"
RP;P ~
_^[YY]
Can not create DIB section, error: 
D:\126\Delphi\HiAsm3\compiler\Kol.pas
D:\126\Delphi\HiAsm3\compiler\Kol.pas
Unsupported bitmap format
$;xPt9
Ox1RS1
User32
SetLayeredWindowAttributes
Integer
String
StrList
Script
Stream
Bitmap
ComboEx
Matrix
Object
TFontRec
_^[YY]
THIHintManager
Tahoma
THIWin
CD_^[Y]
THIMainForm
Software\
Height
Height
TSocket
TSocket
THITCP_ClientSV
THIHTTP_PostBuilder
 HTTP/1.1
Host: 
Connection: close
Content-Type: application/x-www-form-urlencoded
Referer: 
Cookie: 
PHPSESSID=
User-Agent: 
Content-Length: 
THIHub
THIURLBuilderU
_^[YY]
THIEdit
THIBlockFind
THIReplace
THIIf_else
THITimer
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
QQQQQQQSVW
qwertyuiop[]asdfghjkl;'zxcvbnm,./QWERTYUIOP{}ASDFGHJKL:"ZXCVBNM<>?
THIHTTP_Get
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Range: bytes=
Proxy-Authorization: Basic 
THIWinExec
C4PVh@
_^[YY]
	Exception
	TErrorRec
TExceptMapRec
D:\126\Delphi\HiAsm3\compiler\err.pas
 MathParser
 MathParser
THIMathU
THIApplication
THIWinList
_^[YY]
THIListBox
Q@YZ_^[
THIRegistry
TClassMainForm_1D2A91C
MS Sans Serif
209.51.196.252
/ds/index.php
www.453.isgreat.org
Opera/9.27 (Windows NT 5.1; U; ru)
<td><input type='text' name='opt[icmp_freq]'
' size=25></td>
<td><input type='text' name='opt[icmp_freq]' value='
<td><input type='text' name='opt[icmp_size]' value='
' size=5></td>
C:\WINDOWS	emp.exe
opt[syn_freq]
C:\temp.exe
<td><input type='text' name='opt[syn_freq]' value='
' size=7></td>
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
C:\WINDOWS\svhost.exe
ServerExtrim
HiAsm Info
 HiAsm.
Runtime error     at 00000000
0123456789ABCDEF                                                                
tooltips_class32
MS Sans Serif
PREV_PROC
LISTBOX
hiRegistry
WinSock
System
SysInit
KWindows
!Share
*ShellAPI
3CommDlg
3Messages
RichEdit
9hiListBox
hiHintManager
hiIndexManager
hiIconsManager
hiBoxDrawManager
WinList
@hiApplication
hiMath
hiMathParse
yhiWinExec
hiHTTP_Get
&hiCharset
?WinInet
3hiTimer
lhiIf_else
If_arg
yhiReplace
hiBlockFind
fhiEdit
zhiURLBuilder
hiHTTP_PostBuilder
phiTCP_Client
hiMainForm
IhiRGN_OutlinePicture
hiMainForm_1D2A91C
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
GetModuleFileNameA
WritePrivateProfileStringA
WriteFile
WinExec
WaitForSingleObject
VirtualQuery
TerminateThread
TerminateProcess
SetFilePointer
SetEndOfFile
ResumeThread
LoadLibraryA
GetProcAddress
GetPrivateProfileIntA
GetModuleHandleA
GetModuleFileNameA
GetLastError
GetFileSize
GetExitCodeThread
GetCommandLineA
FreeLibrary
FormatMessageA
CreateThread
CreateFileA
CloseHandle
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
VirtualQuery
lstrlenA
lstrcpyA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCreateKeyExA
RegCloseKey
ImageList_DrawEx
ImageList_GetBkColor
ImageList_GetImageCount
InitCommonControls
StretchDIBits
SetWindowOrgEx
SetTextColor
SetROP2
SetBrushOrgEx
SetBkMode
SetBkColor
SelectObject
SelectClipRgn
SaveDC
RestoreDC
MoveToEx
IntersectClipRect
GetWindowOrgEx
GetTextExtentPoint32A
GetStockObject
GetObjectA
GetDeviceCaps
ExcludeClipRect
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreateFontIndirectA
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CombineRgn
BitBlt
VariantCopyInd
VariantClear
SysFreeString
SysReAllocStringLen
SysAllocStringLen
ShellExecuteA
wvsprintfA
WaitMessage
ValidateRect
UpdateWindow
TranslateMessage
ShowWindow
SetWindowTextA
SetWindowPos
SetWindowLongA
SetTimer
SetPropA
SetFocus
SetCursor
SetCapture
SendMessageA
ScreenToClient
RemovePropA
ReleaseDC
ReleaseCapture
RegisterClassA
PostQuitMessage
PostMessageA
PeekMessageA
OffsetRect
MessageBoxA
LoadStringA
LoadIconA
LoadCursorA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsIconic
InvalidateRgn
InvalidateRect
InflateRect
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
GetWindowLongA
GetWindowDC
GetUpdateRgn
GetUpdateRect
GetSystemMenu
GetSysColor
GetPropA
GetParent
GetWindow
GetKeyState
GetFocus
GetCursorPos
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetAsyncKeyState
FillRect
EndPaint
EnableWindow
EnableMenuItem
DispatchMessageA
DestroyWindow
DestroyIcon
DestroyAcceleratorTable
DeleteMenu
DefWindowProcA
CreateWindowExA
CopyImage
ClientToScreen
CallWindowProcA
BeginPaint
GetKeyboardType
LoadStringA
MessageBoxA
TrackMouseEvent
InternetSetOptionA
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
HttpSendRequestA
HttpQueryInfoA
WSACleanup
WSAStartup
WSAGetLastError
WSAAsyncSelect
socket
ioctlsocket
inet_addr
connect
closesocket
accept
.idata
.rdata
P.reloc
P.rsrc
Blt(5N
i(l}ut
Swvsp-/
ransl-
IsZoo	d
5PF<TN
f<{uc=
3|BsMt
yDWSA-lB
[][UWTNPNHJH
yzyhkgbda[][UWTNPNHJH;<;'''
uxtx{xhkgbda[][UWTNPNHJHEFE
999565
uxtuxtnrnhkgbda[][UWTNPNHJHHJHEFE
ornhkgbda[][UWTNPNHJH
beb[][UWT
pppCCC
MOM8:8
]_]Z\YWYVSUSPRPMOMJLJGHF-,,
]_]Z\YWYVSUSPRPMOMJLJGHFDECAB@)*)
}}}000jmigjfdfc`c`]_]Z\YWYVSUSPRPMOMJLJGHFDECAB@=>=:;:$$$
mpljmigjfdfc`c`]_]Z\YWYVSUSPRPMOMJLJGHFDECAB@=>=:;:787444'''
mpljmigjfdfc`c`]_]Z\YWYVSUSPRPMOMJLJGHFDECAB@=>=bbb
444111()(
|y|xx{wtwsptpmpljmigjfdfc`c`]_]Z\YWYVSUSPRPMOMJLJGHFDECAB@=>=:;:787444111Z[Z
|z}ywzvtwsptpmpljmigjfdfc`c`]_]Z\YWYVSUSPRPMOMJLJGHFDECAB@=>=:;:787PPP
|z}ywzvtwsptpmpljmigjfdfc`c`]_]Z\YWYVSUSPRPMOMJLJGHFDECAB@=>=:;:
{wzwuxtptpmpljmigjfdfc`c`]_]Z\YWYVSUSPRPMOMJLJGHFDEC___
{wzwtwsrvrmpljmigjfdfc`c`]_]Z\YWYVSUSPRPMOMJLJqqq
~x{xsvsptpmplgjfdfc`c`]_]Z\YWYVSUSPRPrss
{w{wornnqmgif`c`]_]Z\YWYVggg
z}yz}ytwsmplhkgbeb^a^
z}yz}yhkghkg
KERNEL32.DLL
advapi32.dll
comctl32.dll
gdi32.dll
oleaut32.dll
shell32.dll
user32.dll
wininet.dll
wsock32.dll
LoadLibraryA
GetProcAddress
ExitProcess
RegCloseKey
ImageList_DrawEx
SaveDC
VariantClear
ShellExecuteA
InternetOpenA