Static | ZeroBOX

PE Compile Time

1992-06-20 07:22:17

PE Imphash

6d1f2b41411eacafcf447fc002d8cb00

PEiD Signatures

BobSoft Mini Delphi -> BoB / BobSoft

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
CODE 0x00001000 0x000196b0 0x00019800 6.18571648193
DATA 0x0001b000 0x0000066c 0x00000800 6.23165081255
BSS 0x0001c000 0x000008c5 0x00000000 0.0
.idata 0x0001d000 0x0000079e 0x00000800 4.58440849171
.reloc 0x0001e000 0x0000135c 0x00001400 6.66997106202

Imports

Library kernel32.dll:
0x41d0ec VirtualFree
0x41d0f0 VirtualAlloc
0x41d0f4 LocalFree
0x41d0f8 LocalAlloc
0x41d0fc GetTickCount
0x41d104 GetVersion
0x41d108 GetCurrentThreadId
0x41d10c WideCharToMultiByte
0x41d110 MultiByteToWideChar
0x41d114 GetThreadLocale
0x41d118 GetStartupInfoA
0x41d11c GetModuleFileNameA
0x41d120 GetLocaleInfoA
0x41d124 GetCommandLineA
0x41d128 FreeLibrary
0x41d12c ExitProcess
0x41d130 WriteFile
0x41d138 RtlUnwind
0x41d13c RaiseException
0x41d140 GetStdHandle
Library user32.dll:
0x41d148 GetKeyboardType
0x41d14c MessageBoxA
0x41d150 CharNextA
Library advapi32.dll:
0x41d158 RegQueryValueExA
0x41d15c RegOpenKeyExA
0x41d160 RegCloseKey
Library oleaut32.dll:
0x41d168 SysFreeString
0x41d16c SysReAllocStringLen
0x41d170 SysAllocStringLen
Library kernel32.dll:
0x41d178 GetModuleHandleA
Library advapi32.dll:
0x41d180 RegOpenKeyExA
0x41d184 RegEnumKeyA
0x41d188 FreeSid
Library kernel32.dll:
0x41d190 WriteFile
0x41d194 Sleep
0x41d198 LocalFree
0x41d19c LoadLibraryExW
0x41d1a0 LoadLibraryA
0x41d1a4 GlobalUnlock
0x41d1a8 GlobalLock
0x41d1ac GetTickCount
0x41d1b0 GetSystemInfo
0x41d1b4 GetProcAddress
0x41d1b8 GetModuleHandleA
0x41d1bc GetModuleFileNameA
0x41d1c0 GetFileAttributesW
0x41d1c4 GetCurrentProcessId
0x41d1c8 GetCurrentProcess
0x41d1cc FreeLibrary
0x41d1d0 FindNextFileW
0x41d1d4 FindFirstFileW
0x41d1d8 FindClose
0x41d1dc ExitProcess
0x41d1e0 DeleteFileW
0x41d1e4 CreateDirectoryW
0x41d1e8 CopyFileW
Library gdi32.dll:
0x41d1f0 SelectObject
0x41d1f4 DeleteObject
0x41d1f8 DeleteDC
0x41d1fc CreateCompatibleDC
0x41d204 BitBlt
Library user32.dll:
0x41d20c ReleaseDC
0x41d210 GetSystemMetrics
0x41d214 GetDC
0x41d218 CharToOemBuffA
Library ole32.dll:
0x41d220 OleInitialize
0x41d224 CoCreateInstance

This program must be run under Win32
.idata
.reloc
Cardinal
StringP
WideString
TObject
YZ]_^[
YZ]_^[
_^[YY]
YZ]_^[
C<"u1S
Q<"u8S
~KxI[)
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
YZ]_^[
YZ]_^[
_^[YY]
TSwdPwd
TPwdArray
GlobalVars
GlobalVars
2C5A87CB-758C-7293-47BC-475C65D699A584C5-7DC6-DC45-12A47C7DB587-F89F-78CD-96CA-FD478543C7F4
kernel32.dll
ExpandEnvironmentStringsW
GetComputerNameW
GlobalMemoryStatus
CreateFileW
GetFileSize
CloseHandle
ReadFile
GetFileAttributesW
CreateMutexA
ReleaseMutex
GetLastError
GetCurrentDirectoryW
SetEnvironmentVariableW
GetEnvironmentVariableW
SetCurrentDirectoryW
FindFirstFileW
FindNextFileW
LocalFree
GetTickCount
CopyFileW
FindClose
GlobalMemoryStatusEx
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleFileNameW
SetDllDirectoryW
GetLocaleInfoA
GetLocalTime
GetTimeZoneInformation
RemoveDirectoryW
DeleteFileW
GetLogicalDriveStringsA
GetDriveTypeA
CreateProcessW
advapi32.dll
GetUserNameW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
AllocateAndInitializeSid
LookupAccountSidA
CreateProcessAsUserW
CheckTokenMembership
RegOpenKeyW
RegEnumKeyW
RegEnumValueW
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
user32.dll
EnumDisplayDevicesW
wvsprintfA
GetKeyboardLayoutList
shell32.dll
ShellExecuteExW
ntdll.dll
RtlComputeCrc32
TStringArray
GLOBALFUNC
QQQQQQQSVW
IsWow64Process
kernel32.dll
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
QQQQQQSVW
YZ]_^[
QQQQQSVW
Windows
WTSGetActiveConsoleSessionId
kernel32.dll
WTSQueryUserToken
wtsapi32.dll
CreateEnvironmentBlock
userenv.dll
QQQQQQQSV
|||<[{99C3}]>|||
MTable
MozillaBased
CryptUnprotectData
crypt32.dll
taString
uURLHistory
uIE7_decodeU
uIE7_decodeU
QQQQQQSVW3
[($^|^$)]
InternetExplorer
PVAULT_CRED8
EdgePwds
outlookDecrU
Outlook
QQQQQQ3
QQQQQSVW
WinSCP
PsiPlus
<account>
</account>
<protocol>
</protocol>
<name>
</name>
<password>
</password>
Pidgin
QQQQQQ3
QQQQQQ
1610149366
SELECT DATETIME(moz_historyvisits.visit_date/1000000, "unixepoch", "localtime"),moz_places.title,moz_places.url FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id ORDER By moz_historyvisits.visit_date DESC LIMIT 0, 10000
SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch") , urls.title , urls.url FROM urls, visits WHERE urls.id = visits.url ORDER By visits.visit_time DESC LIMIT 0, 10000
Browsers\Cookies
Browsers\History
uFileFinderU
uCoins
uCoins
U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxs
RGlzcGxheU5hbWU=
U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxsXA==
RGlzcGxheVZlcnNpb24=
GlobalMemoryStatusEx
kernel32.dll
EnumDisplayDevicesW
user32.dll
UHJvY2Vzc29yTmFtZVN0cmluZw==
SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==
CPU Count:
GetRAM:
Video Info
uProgAndProc
Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90
kernel32.dll
UHJvY2VzczMyRmlyc3RX
UHJvY2VzczMyTmV4dFc=
a2VybmVsMzIuZGxs
MachineID :
EXE_PATH :
Windows :
Computer(Username) :
Screen:
Layouts:
LocalTime:
Zone:
[Soft]
GDIScreenShot
wcscmp
crtdll.dll
GdiplusStartup
Gdiplus.dll
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipDisposeImage
GdipSaveImageToStream
CreateStreamOnHGlobal
ole32.dll
GetHGlobalFromStream
QQQQQQS
DnsQuery_A
dnsapi.dll
https://dotbit.me/a/
wsock32.dll
WSAStartup
gethostbyname
socket
connect
closesocket
HTTP/1.0
Host:
Connection: close
User-agent:
Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
Content-Length:
wininet.dll
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetReadFile
InternetCloseHandle
InternetCrackUrlA
InternetSetOptionA
Host:
Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
PasswordsList.txt
scr.jpg
Files\
http://ip-api.com/json
"query":"
"countryCode":"
ip.txt
System.txt
Runtime error at 00000000
0123456789ABCDEF
f[ B'5
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetThreadLocale
GetStartupInfoA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
user32.dll
GetKeyboardType
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
SysReAllocStringLen
SysAllocStringLen
kernel32.dll
GetModuleHandleA
advapi32.dll
RegOpenKeyExA
RegEnumKeyA
FreeSid
kernel32.dll
WriteFile
LocalFree
LoadLibraryExW
LoadLibraryA
GlobalUnlock
GlobalLock
GetTickCount
GetSystemInfo
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetFileAttributesW
GetCurrentProcessId
GetCurrentProcess
FreeLibrary
FindNextFileW
FindFirstFileW
FindClose
ExitProcess
DeleteFileW
CreateDirectoryW
CopyFileW
gdi32.dll
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
user32.dll
ReleaseDC
GetSystemMetrics
CharToOemBuffA
ole32.dll
OleInitialize
CoCreateInstance
0(0@0L0\0|0
1"1*121:1B1J1R1Z1b1j1r1z1
9.9:9I9U9]9h9n9{9
:":C:[:z:
:?;_;};
=#=,=3=B=I=k=
=Q>o>t>z>
?J?S?i?
0D0M0]0e0k0t0{0
1(141<1S1b1r1
282V2f2l2t2
3]3d3t3~3
;';>;S;
>.>8>K>{>
>!?(?7?=?J?d?l?
1/161N1p1
1C2V2j2
33<3F3k3u3
<#<*<.<4<8<><E<I<c<l<u<
=#=*=4=K=W=d=v=
>&>.>6>>>F>N>V>^>f>n>v>~>
?(?:?@?U?]?e?m?u?}?
4.434<4O4T4]4p4u4~4
455K5S5
66$6)656B6G6T6Y6f6k6x6}6
77,717>7C7P7U7b7g7t7y7
8(8-8:8?8L8Q8^8c8p8u8
9#90959B9G9T9Y9f9k9x9}9
::$:/:4:9:D:I:S:X:]:h:m:w:|:
?&?,?B?J?
4&4<4O4e4x4
5J5\5t5
5'6W6\6
7,7z7-8
9-9@9T9]9
;c<o<z<
2#2@2Q2Z2~2
4&5\5|5
6K6o6|6
878R8W8q8v8
<8<e<o<
=*=D=^=x=
0*1F1_1k1r1x1
2*2J2q2
2G3L3T3`3
4I4N4q4v4
565Y5|5
6+6N6q6
7 7)727@7
8"848:8P8t8
9'909;9L9
:(:0:f:{:
;:;h;u;
1"1@1M1X1}1
2&242i2t2
2)343i3t3
575C5P5b5j5o5
6/6<6p6
7!7H7{7
9989F9d9
9&:9:K:\:
4&4?4K4X4j4p4
5$51565I5V5s5
6c6o6v6
9!:`:t:
:B;X;x;
;7<O<`<
=)=O=[=h=z=
P0U0b0
1*101s1
2E3]3w3
3'434@4R4z4
6*6Q6}6
8,979r9w9|9
:P:U:Z:_:d:i:n:s:x:
>O>[>h>z>
526@6\6
6B7T7a7H8
:#:0:B:w:
`0l0t0
0P1`1p1
4%424?4L4Y4f4s4
9 9N9X9b9
<<,<><K<W<a<k<u<
=.=4=:=B=W=]=c=i=
?#?/?6?@?R?b?
1Q1e1t1
2%2>2W2p2
404P4]4
616A6]6|6
7!7:7S7l7
7,8=8i9
;';7;S;r;
<+<D<]<v<
=<>T>m>|>
?B?J?k?
5$595\5i5v5
858=8y8d9=;
8%9;9a9
:F:a:z:
=2===V=l=
010<0U0`0y0
2-353V3
464;4@4E4
6(6i6w6
4;5G5T5f5
7(7;7N7a7w7
;+;G;`;s;
0"010<0c0
=,=E=S=q=v=
>5>G>X>
?(?:?f?n?
0C1T1g2s2
676E6Z617J7o7
808W8k8
:;P;};
?*?N?s?
363;3Z3
6d6o6t6
848D8W8g8
<.<F<b<
343D3e3
4-4@4P4c4s4
8.8H8b8
99,999F9S9
;*;/;?;D;I;Y;^;c;s;x;};
<)</=;=H=Z=x=
2#2:2Q2h2
3"3E3e3|3
132c2z2
4!4&4<4V4v4
7:8d8t8
94:l:w:
:);4;h;
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6
004080
0H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6
ProductName
SOFTWARE\Microsoft\Windows NT\CurrentVersion
MachineGuid
SOFTWARE\Microsoft\Cryptography
jjjjjj
jjjjjjj
jjjjjjj
%TEMP%\
%appdata%\
%TEMP%\
%TEMP%
Version
Software\Martin Prikryl\WinSCP 2\Sessions\
HostName
PortNumber
UserName
</jid>
\accounts.xml
%APPDATA%\.purple\accounts.xml
%TEMP%\curbuf.dat
%TEMP%
%TEMP%
%TEMP%
\Cookies
\*.txt
\*.coo
%TEMP%
%TEMP%
%TEMP%
%TEMP%
%TEMP%
\History
\places.sqlite
%APPDATA%\Skype
main.db
\main.db
SteamPath
Software\Valve\Steam
\ssfn*
\Config\*.vdf
\Config\
%APPDATA%\
\autoscan\
\Monero\
.address.txt
Software\
strDataDir
CPU Model:
jjjjjjjj
%TEMP%\
%PROGRAMDATA%\
Telegram
D877F783D5*,map*
%appdata%\Telegram Desktop\tdata\
image/jpeg
%comspec%
/c %WINDIR%\system32\timeout.exe 3 & del "
Antivirus Signature
Bkav W32.RultalinaTZ.Trojan
Lionic Trojan.Win32.Lmir.laiL
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CMC Clean
CAT-QuickHeal Trojan.GandcrabIH.S17569987
ALYac Trojan.GenericKD.36706914
Malwarebytes Spyware.AzorUlt
VIPRE Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Password-Stealer ( 0052f96e1 )
BitDefender Trojan.GenericKD.36706914
K7GW Password-Stealer ( 0052f96e1 )
CrowdStrike win/malicious_confidence_100% (W)
Baidu Clean
Cyren W32/Delf_Troj.D.gen!Eldorado
Symantec Infostealer.Rultazo
ESET-NOD32 Win32/PSW.Delf.OSF
APEX Malicious
Paloalto generic.ml
ClamAV Win.Malware.Delf-6957976-0
Kaspersky Trojan-PSW.Win32.Coins.nav
Alibaba TrojanPSW:Win32/Coins.078ffd84
NANO-Antivirus Trojan.Win32.Stealer.fitdqk
SUPERAntiSpyware Trojan.Agent/Gen-Downloader
MicroWorld-eScan Trojan.GenericKD.36706914
Rising Stealer.AZORult!1.B7AE (CLASSIC)
Ad-Aware Trojan.GenericKD.36706914
Emsisoft Trojan-PSW.Delf (A)
Comodo Clean
F-Secure Clean
DrWeb Trojan.PWS.Stealer.24943
Zillya Trojan.Delf.Win32.116381
TrendMicro TrojanSpy.Win32.COINSTEAL.SMPIS
McAfee-GW-Edition BehavesLike.Win32.Dropper.ch
FireEye Generic.mg.70ded05d874a95b1
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
GData Win32.Trojan-Stealer.KBot.B
Jiangmin Trojan.PSW.Generic.crd
Webroot Clean
Avira TR/Crypt.XPACK.Gen
MAX malware (ai score=100)
Antiy-AVL Clean
Kingsoft Win32.PSWTroj.Coins.n.(kcloud)
Gridinsoft Trojan.Win32.Agent.vb!s1
Arcabit Trojan.Generic.D2301A62
ViRobot Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Stimilina
AhnLab-V3 Trojan/Win32.Delf.R260844
Acronis suspicious
McAfee Trojan-FSEP!70DED05D874A
TACHYON Trojan-PWS/W32.Azorult.114688
VBA32 TrojanPSW.Stealer
Cylance Unsafe
Panda Trj/Genetic.gen
Zoner Clean
TrendMicro-HouseCall TrojanSpy.Win32.COINSTEAL.SMPIS
Tencent Malware.Win32.Gencirc.10b0cde2
Yandex Trojan.GenAsa!zpkWsvf3gpo
Ikarus Win32.Outbreak
eGambit Unsafe.AI_Score_96%
Fortinet W32/PSW.DELF.OSF!tr
BitDefenderTheta AI:Packer.F1D56E081D
AVG Win32:PWSX-gen [Trj]
Avast Win32:PWSX-gen [Trj]
MaxSecure Trojan.Malware.300983.susgen
No IRMA results available.