Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 7fbcf07673d2ac6e8859379aefa2abaa --

Hashes
MD5: 7fbcf07673d2ac6e8859379aefa2abaa
SHA1: ac430e2e49d9ee6a5d5577709606b6466a9d9758
SHA256: cfc5d9e215b913ed6c7216e0338ab4963ccac8fa7a8e2f174c40e7716540c63e
SSDEEP: 1536:pAgGi2+kytHCkLeoZHH8bMusKfJ+SaRwL+cbTUkPGI:pAgGi2lECoJH8bMuN2RwL+cbMI
Details
File Type: PE32
Yara Hits
YRP/Borland_Delphi_40_additional | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_Setup_Module | YRP/Borland_Delphi_40 | YRP/Borland_Delphi_v40_v50 | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/Borland | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/borland_delphi_dll | YRP/domain | YRP/contentis_base64 | YRP/keylogger | YRP/win_registry | YRP/win_files_operation | YRP/Delphi_Copy | YRP/Delphi_StrToInt |
Parent Files
0495481d035935c5e309333c6d7c9209
Strings
		This program must be run under Win32
`.itext
`.data
.idata
.edata
@.rdata
@.reloc
B.rsrc
stringX
TObjectd
TObjectX
System
IInterface
System
TInterfacedObject
FastMM Borland Edition 
 2004, 2005 Pierre le Riche / Professional Software Development
An unexpected memory leak has occurred. 
The unexpected small block leaks are:
 bytes: 
Unknown
String
The sizes of unexpected leaked medium and large blocks are: 
Unexpected Memory Leak
~KxI[)
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
_^[YY]
VWUUh@=@
ZTUWVSPRTj
kernel32.dll
GetLongPathNameA
Software\Borland\Locales
Software\Borland\Delphi\Locales
_^[YY]
	Exception
EHeapException
EOutOfMemory
EInOutError
	EExternal
EExternalException
	EIntError
EDivByZero
ERangeError
EIntOverflow
EMathError
EInvalidOp
EZeroDivide4j@
	EOverflow
EUnderflow
EInvalidPointer@k@
EInvalidCast
EConvertError
EAccessViolation
EPrivilege
EStackOverflow
	EControlC
EVariantError
EAssertionFailed
EAbstractError
EIntfCastError
EOSError
ESafecallException
SysUtils
SysUtils
TThreadLocalCounter
$TMultiReadExclusiveWriteSynchronizer
-{{{{1
-ffff!
-{{{{1
-ffff!
-[[[[1
-ffff!
-[[[[1
-ffff!
<*t"<0r=<9w9i
INFNAN
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
_^[YY]
t%HtIHtm
$Z]_^[
QQQQQQSVW3
QQQQQSVW
_^[YY]
	TErrorRec
TExceptRec
$YZ_^[
YZ]_^[
m/d/yy
mmmm d, yyyy
:mm:ss
TUnitHashArray
SysUtils
TModuleInfo
kernel32.dll
GetDiskFreeSpaceExA
(Z]_^[
YZ]_^[
oleaut32.dll
VariantChangeTypeEx
VarNeg
VarNot
VarAdd
VarSub
VarMul
VarDiv
VarIdiv
VarMod
VarAnd
VarXor
VarCmp
VarI4FromStr
VarR4FromStr
VarR8FromStr
VarDateFromStr
VarCyFromStr
VarBoolFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromBool
TCustomVariantType
TCustomVariantType
Variants
EVariantInvalidOpError
EVariantTypeCastError
EVariantOverflowError
EVariantInvalidArgError
EVariantBadVarTypeErrorT
EVariantBadIndexError
EVariantArrayLockedError
EVariantArrayCreateError
EVariantNotImplError
EVariantOutOfMemoryError
EVariantUnexpectedError
EVariantDispatchError
QQQQSV
Smallint
Integer
Single
Double
Currency
OleStr
Dispatch
Boolean
Variant
Unknown
Decimal
ShortInt
LongWord
String
Array 
ByRef 
Variants
_^[YY]
EStreamError
EFileStreamError
EFCreateError
EFOpenError
EFilerErrorD
EReadError
EWriteError
EListError
EStringListError
TThreadListh
TPersistent
TPersistenth
Classes
IStringsAdapter
Classes
TStrings
TStrings<
Classes
TStringItem
TStringList
TStringListt
Classes
TStream
THandleStream
TFileStream
	TRegGroup
TRegGroups
Strings
S$_^[Y]
_^[YY]
Sd]_^[
$Z]_^[
_^[YY]
DLLLOADFAILED
FUNCTIONNOTFOUND
double word
string
allocated
pointer
EXTERNALEXCEPTION
QQQQQQS3
mEXEFunc.dll
Runtime error     at 00000000
0123456789ABCDEF
oleaut32.dll
SysFreeString
SysReAllocStringLen
SysAllocStringLen
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
user32.dll
GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
kernel32.dll
GetACP
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
kernel32.dll
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
user32.dll
MessageBoxA
LoadStringA
GetSystemMetrics
CharNextA
CharUpperBuffA
CharToOemA
kernel32.dll
WriteFile
WaitForSingleObject
VirtualQuery
SetFilePointer
SetEvent
SetEndOfFile
ResetEvent
ReadFile
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GetWindowsDirectoryA
GetVersionExA
GetThreadLocale
GetTempPathA
GetSystemDirectoryA
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCPInfo
FreeLibrary
FormatMessageA
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateFileA
CreateEventA
CompareStringA
CloseHandle
kernel32.dll
oleaut32.dll
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
mEXEFunc.dll
RunTimeExecute
Borland User Components
0,080<0@0D0H0L0P0T0`0m0
1 1(1,1014181<1@1D1H1b1j1r1z1
2"2*222:2B2J2R2Z2b2j2
5,5;5B5M5]5
6&616@6Y6
:$:Z:d:|:
> >7?G?Q?j?
0/090T0
5)565{5
9O:e:S;Y;w;
;t<x<~<
=J=R=_=e=s=
1C3[3l3
6E6U6k6
:2;N;Z;n;x;
;#<,<a<h<
>'?.?F?h?
0@0V0m0
1A1J1Q1
2&2K2U2_2g2m2{2
3E4X4!6?6]6w6
9R9Y9k9
?#?6?>?F?N?V?^?
00080F0K0d0t0
1"1*121:1B1J1R1Z1b1j1r1z1
2"2*272C2K2S2f2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5X5l5t5x5|5
60686<6@6D6H6L6P6T6X6l6
7<7D7H7L7P7T7X7\7`7d7|7
8,8L8T8X8\8`8d8h8l8p8t8
9 9$9(989X9`9d9h9l9p9t9x9|9
: :$:(:,:0:@:`:h:l:p:t:x:|:
; ;$;(;,;0;4;8;<;P;p;x;|;
<,<4<8<<<@<D<H<L<P<T<d<
=8=@=D=H=L=P=T=X=\=`=t=
>0>P>X>\>`>d>h>l>p>t>x>
? ?$?(?,?D?Q?Y?h?u?}?
80<0@0D0H0L0P0h0t0x0
9+:<:R:
Q0U0Y0]0a0e0i0m0q0u0y0}0
0a1h1*2
6V7k7v8
6*6?6,7@7
8#848K8~8
8(9<9M9]9p9|9
>P>U>c>
111H1Z1
2<2N2e2w2
525_5d5~5
6?6[6z6
7$767q7
7$8Y8r8
9/:4:<:f:w:
>/>7>C>
1.2=2L2h2
3"3+373=3E3N3Z3_3h3q3z3
7'7K7]7
8*9j9o9}9
:7:E:`:i:
;6;N;W;k;y;
</<><N<V<k<s<
?G?N?]?d?
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6(6,64686@6D6L6P6X6\6d6h6p6t6|6
7$7(70747<7@7H7L7T7X7`7d7l7p7
8(828=8G8R8\8g8q8|8
9(:5:^:
;6;l;y;
=S=r=z=
>!>'>,>7>=>B>M>S>X>c>i>n>y>
?)?/?4???E?J?U?[?`?k?q?v?
1"1:1H1L1h1p1t1x1|1
242<2@2D2H2L2P2T2X2\2x2
3 3$3@3`3h3l3p3t3x3|3
4(4044484<4@4D4H4L4P4l4
5<5\5d5h5l5p5t5x5|5
6(6064686<6@6D6H6L6P6l6
7/8k8z8
:,:C:R:i:x:
102_2z2
2,3C3\3
5"5&5*5.52565:5>5B5F5J5N5R5V5h5
:	;D;o;
<!<%<)<-<1<5<9<=<A<E<I<M<Q<U<Y<]<a<e<i<m<q<u<
6.646H6M6-7R7_7j7
8$8.848F8T8\8d8l8t8|8
9!909P9X9\9`9d9h9l9p9t9x9
: :$:(:,:0:4:H:h:p:t:x:|:
; ;$;(;,;0;4;8;<;@;P;p;x;|;
< <(<,<0<4<8<<<@<D<H<`<
=,=8=<=D=H=L=P=T=X=\=`=d=h=l=p=z=~=
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
?(?8?H?P?T?X?\?`?d?h?l?p?t?x?|?
0)0-0@0`0h0l0p0t0x0|0
1(141H1P1T1X1\1`1d1h1l1p1t1x1|1
2(2024282<2@2D2H2L2P2
5%575<5
5@6c6}6
9/9s9z9
8;8c8u8
:(;-;T;\;k;
0#0'0+0/03070;0?0C0G0T1x1
4-4K4W4^4h4
9,9K9`9
<K<W<^<h<r<
>=>[>l>
>	?G?k?
1&141>1K1R1o1
2 2%2+2[2g2l2r2
474F4f4
5.5N5|5
8(8,8084888<8H8L8X8\8h8l8
0%0)0/060:0T0]0f0r0|0
161K1W1_1i1n1s1x1}1
2$272C2M2T2^2e2o2|2
2#3P3}3
80X0x0
7 7$7(7,707
7$8,808T8X8|8
9L9T9\9d9l9t9|9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
UmEXEFunc
mUtils
IniFiles
KWindows
UTypes
SysInit
System
"RTLConsts
^Classes
SysConst
sActiveX
3Messages
QTypInfo
SysUtils
ImageHlp
CVariants
$VarUtils
 myhashedstringlist
YStrUtils
(ShlObj
UrlMon
?WinInet
RegStr
*ShellAPI
CommCtrl
Wildcard
2FastStrings
uSharedDLL