Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: d2ee83ec290893b8d2c4be9d2e9164f8 --

Hashes
MD5: d2ee83ec290893b8d2c4be9d2e9164f8
SHA1: e31dd90394b278580c540865a007da36b44a9c1b
SHA256: 6b44f9e0708e1751ebe1c909c4c54284ddd04d8a95fbe937c3a8bf5b29df1175
SSDEEP: 192:nt4s61A/0LiwxqfKD6Vk/gqWhiQ7ST92s2APu47hQjcW5kHO0RyQ:t3x0iwxqsRQmT92sPumhAzSJ
Details
File Type: PE32
Yara Hits
YRP/Borland_Delphi_40_additional | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_Setup_Module | YRP/Borland_Delphi_40 | YRP/Borland_Delphi_v40_v50 | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/Borland | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/borland_delphi_dll | YRP/domain | YRP/contentis_base64 | FlorianRoth/DragonFly_APT_Sep17_3 |
Parent Files
06623a1051ad739a268ff132cd62f25e
Strings
		This program must be run under Win32
.idata
.edata
P.reloc
P.rsrc
YZ]_^[
YZ]_^[
_^[YY]
YZ]_^[
~KxI[)
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
_^[YY]
VNConHook
u^h\6@
VNConHook
VNConHook
Runtime error     at 00000000
0123456789ABCDEF
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
GetThreadLocale
GetStartupInfoA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
user32.dll
GetKeyboardType
MessageBoxA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
kernel32.dll
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
kernel32.dll
UnmapViewOfFile
OpenFileMappingA
MapViewOfFile
CloseHandle
user32.dll
UnhookWindowsHookEx
SetWindowsHookExA
PostMessageA
CallNextHookEx
KeybDLL.dll
HooksOff
HooksOn
0"0*020:0B0J0R0Z0b0j0r0z0
8$868B8Q8]8e8p8v8
9*9K9c9
< <+<4<;<J<Q<s<
<Y=w=|=
>R>[>q>
?"?L?U?e?m?s?|?
000<0D0[0j0z0
1@1^1n1t1|1
2e2l2|2
4?4_4z4
8"868@8S8
8)909R9
;7;>;V;x;
<K<^<r<
=E=N=U=p=x=
>+>F>[>e>j>
>.?7?]?j?
!020r0y0
1I1k1w1~1
2%2/2V2k2|2
3#3-383K3S3x3
4'434@4R4_4k4x4
5(5:5T5b5h5x5
6$616<6J6x6
7%7+787?7E7R7Y7d7o7
$0(0,0
KeybDLL
UTypes
System
SysInit
3Messages
KWindows