Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 481f5b55cb0ea4714d84e0879bc85063 --

Hashes
MD5: 481f5b55cb0ea4714d84e0879bc85063
SHA1: 367e0a93412644663357bdb93f818402d4845481
SHA256: 2a32e40a13e916e7ac7402387c95025a5f5745b9e277be715716b30d4e81a721
SSDEEP: 768:uoSwdMMo++SymCsOEJMIbbqSCWm1jffzynfAeLXjbQGKJq41iNO:RdMMkzpEJMnWmVf7yfA0zbxKJD1uO
Details
File Type: PE32
Yara Hits
YRP/Borland_Delphi_40_additional | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_Setup_Module | YRP/Borland_Delphi_40 | YRP/Borland_Delphi_v40_v50 | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/D1S1Gv11betaD1N | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/borland_delphi_dll | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/network_tcp_socket | YRP/win_mutex | YRP/Str_Win32_Winsock2_Library |
Strings
		This program must be run under Win32
`.itext
`.data
.idata
.didata
.rdata
@.reloc
B.rsrc
Boolean
System
AnsiChar
Integer
Cardinal
Pointer
	NativeInt
NativeUInt
Extended
Currency
ShortString
	PAnsiChar0
	PWideCharL
string
WideString
AnsiString
Variant
TClass
HRESULT
&op_Equality
&op_Inequality
Create
	BigEndian
Create
AStartIndex
	BigEndian
PInterfaceEntry|
TInterfaceEntry
VTable
IOffset
ImplGetter
PInterfaceTable
TInterfaceTable
EntryCount
Entries
TObject&
Create
	DisposeOf
InitInstance
Instance
CleanupInstance
	ClassType
	ClassName
ClassNameIs
ClassParent
	ClassInfo
InstanceSize
InheritsFrom
AClass
MethodAddress
MethodAddress
MethodName
Address
QualifiedClassName
FieldAddress
FieldAddress
GetInterface
GetInterfaceEntry
GetInterfaceTable
UnitName
	UnitScope
Equals
GetHashCode
ToString
SafeCallException
ExceptObject
ExceptAddr
AfterConstruction
BeforeDestruction
Dispatch
Message
DefaultHandler
Message
NewInstance
FreeInstance
Destroy
TObject
System
PShortString\
PInt64
	PExtended4
	PCurrencyH
PVariant
TVarRec
VInteger
VBoolean
	VExtended
VString
VPointer
VPChar
VObject
VClass
	VWideChar
VPWideChar
VAnsiString
	VCurrency
VVariant
VInterface
VWideString
VInt64
VUnicodeString
_Reserved1
PResStringRec<
TResStringRec
Module
Identifier
An unexpected memory leak has occurred. 
The unexpected small block leaks are:
The sizes of unexpected leaked medium and large blocks are: 
 bytes: 
Unknown
AnsiString
UnicodeString
Unexpected Memory Leak
ZTUWVSPR
_^[YY]
SVWRPj
Z_^[XX
;Z]_^[
SVWRPj
Z_^[XX
GetThreadPreferredUILanguages
SetThreadPreferredUILanguages
GetThreadUILanguage
_^[YY]
FMessage
FHelpContext
	Exception3
Create
Create
	CreateFmt
	CreateRes
	CreateRes
ResStringRec
CreateResFmt
CreateResFmt
ResStringRec
CreateHelp
AHelpContext
	Exception
uWinAcl
HelpContext
Message
Exception code: $
Error code: 
QQQQQQQSV
_^[YY]
iphlpapi.dll
_^[YY]
_^[YY]
MemGuid-KewRatA2017
MemGuid-KewRatA2017-Ret10539
Global\
192.168.1.1
192.168.0.1
10.10.0.1
uManHook
uHookAcl
Winapi.TlHelp32
Winapi.Windows
System.UITypes
SysInit
System
System.Types
Winapi.WinSock
uWinAcl
uHookApi
Runtime error     at 00000000
0123456789ABCDEF
0123456789ABCDEF
 $(,048<@DHLLPPTTXX\\``ddhhllppttttxxxx||||
6v?s9v
]?vK^?v
y9vv}9vYd?vBe?v
y9vv}9v
oleaut32.dll
SysFreeString
SysAllocStringLen
kernel32.dll
VirtualFree
VirtualAlloc
VirtualQuery
GetSystemInfo
GetVersion
SetThreadLocale
WideCharToMultiByte
MultiByteToWideChar
GetACP
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetCommandLineW
FreeLibrary
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
WriteFile
GetStdHandle
CloseHandle
kernel32.dll
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
user32.dll
MessageBoxA
kernel32.dll
VirtualProtect
SuspendThread
SetUnhandledExceptionFilter
OpenFileMappingA
MapViewOfFile
LoadLibraryW
GlobalAlloc
GetVersionExW
GetProcAddress
GetModuleHandleA
GetModuleHandleW
GetLastError
GetCurrentThread
GetCurrentProcessId
FreeLibrary
ExitThread
ExitProcess
CreateMutexA
CreateFileMappingA
CloseHandle
advapi32.dll
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
user32.dll
wvsprintfW
wsock32.dll
setsockopt
ioctlsocket
inet_addr
closesocket
iphlpapi.dll
GetNetworkParams
user32.dll
MessageBoxA
Embarcadero Delphi for Win32 compiler version 29.0 (22.0.19908.869)
000L0d0|0
141H1\1p1
2,2:2H2i2|2
3&3,383K3`3u3|3
4*4X4h4p4x4
5$5,545<5D5L5T5\5d5l5t5|5
626C6V6l6
757F7X7q7
8,8=8Q8g8x8
9$959H9P9^9o9
:$:3:I:W:g:}:
;4;<;J;`;w;
</<Q<c<|<
=$=3=<=K=T=b=h=
>.>C>Y>p>
? ?3?<?n?
0!040B0J0R0Z0b0j0
0:3P3a3
4(4V4^4c4
445:5@5K5
5^7m7t7
7(888B8Y8n8
9*9B9}9
:":+:2:8:M:Y:v:
!0M0X0
3-3@3[3a3y3
858C8Q8_8m8{8
;);.;S;~;
<.<J<k<
1*2<2b2v2~2
3*343G3w3
7+727J7l7
8H8^8u8
9K9T9[9x9
:!:/:J:e:o:t:
2g3{3:5C5
8!8&868
9/9M9V9b9i9
<&<.<6<><F<N<V<^<
=0=8=F=K=d=t=
?+?N?]?h?
M0\0g0
4&4.464>4U4
5$5-565F5N5V5d5p5t5x5|5
6&6.666>6T6i6w6
7$767N7\7u7
8'858B8\8k8o8
;#;2;F;
>"?a?q?{?
0!1N2\2q2~2
3 3%32373D3I3V3[3h3m3z3
3#6F6j6}6
<	=%=O=
>&>B>e>
0"0*040U0
2P2X2c2k2w2
4+454:4?4O4Y4^4c4s4}4
5'51565;5K5U5Z5_5o5y5~5
6#6-62676G6Q6V6[6k6u6z6
7/797>7N7X7]7m7w7|7
8'81868;8K8U8Z8_8o8y8~8
>+>7>A>S>l>t>|>
? ?$?(?,?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7|7
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?|?
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0h0l0p0t0x0|0
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
4 4$4(4,40444<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5d5h5l5p5t5x5|5
0#0*0.04080>0I0O0S0d0m0v0
$0(0,0004080<0@0D0d0
1$1D1(7,7074787<7
7H<L<P<T<X<\<`<d<h<l<p<
Ihookdll
"Winapi.WinSock
Winapi.Windows
System.UITypes
SysInit
System
System.Types
Winapi.TlHelp32
uHookAcl
uWinAcl
uManHook
uHookApi
GetThreadPreferredUILanguages
KERNEL32.dll
SetThreadPreferredUILanguages
KERNEL32.dll
GetThreadUILanguage
KERNEL32.dll
CreateToolhelp32Snapshot
KERNEL32.dll
Heap32ListFirst
KERNEL32.dll
Heap32ListNext
KERNEL32.dll
Heap32First
KERNEL32.dll
Heap32Next
KERNEL32.dll
Toolhelp32ReadProcessMemory
KERNEL32.dll
Process32FirstW
KERNEL32.dll
Process32NextW
KERNEL32.dll
Process32First
KERNEL32.dll
Process32Next
KERNEL32.dll
Process32FirstW
KERNEL32.dll
Process32NextW
KERNEL32.dll
Thread32First
KERNEL32.dll
Thread32Next
KERNEL32.dll
Module32FirstW
KERNEL32.dll
Module32NextW
KERNEL32.dll
Module32First
KERNEL32.dll
Module32Next
KERNEL32.dll
Module32FirstW
KERNEL32.dll
Module32NextW
KERNEL32.dll