PE Compile Time

2012-03-23 21:07:01

PE Imphash

44be92e8682bb60864ce3aa523405aa8

PEiD Signatures

BobSoft Mini Delphi -> BoB / BobSoft

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000d004 0x0000d200 4.38143902672
.itext 0x0000f000 0x00016200 0x00016200 0.0565612650545
.data 0x00026000 0x00001388 0x00001400 5.0436872073
.bss 0x00028000 0x00004908 0x00000000 0.0
.idata 0x0002d000 0x000006b2 0x00000800 4.24929229204
.tls 0x0002e000 0x00000008 0x00000000 0.0
.rdata 0x0002f000 0x00000018 0x00000200 0.20448815744
.reloc 0x00030000 0x00000b5c 0x00000c00 6.36942566564
.rsrc 0x00031000 0x000363f4 0x00036400 7.9612313035

Resources

Name Offset Size Language Sub-language File type
RT_BITMAP 0x00031270 0x000354d4 LANG_NEUTRAL SUBLANG_NEUTRAL GIF image data
RT_ICON 0x00066744 0x000002e8 LANG_ENGLISH SUBLANG_ENGLISH_US Device independent bitmap graphic, 32 x 64 x 4, image size 512
RT_STRING 0x00067150 0x00000280 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x00067150 0x00000280 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x00067150 0x00000280 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x00067150 0x00000280 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x00067150 0x00000280 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_RCDATA 0x000673d0 0x00000010 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x000673e0 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US data

Imports

Library oleaut32.dll:
0x42d1a4 SysFreeString
Library advapi32.dll:
0x42d1ac RegQueryValueExA
0x42d1b0 RegOpenKeyExA
0x42d1b4 RegCloseKey
Library user32.dll:
0x42d1bc GetKeyboardType
0x42d1c0 DestroyWindow
0x42d1c4 LoadStringA
0x42d1c8 MessageBoxA
0x42d1cc CharNextA
Library kernel32.dll:
0x42d1d4 GetACP
0x42d1d8 Sleep
0x42d1dc VirtualFree
0x42d1e0 VirtualAlloc
0x42d1e4 GetCurrentThreadId
0x42d1e8 VirtualQuery
0x42d1ec WideCharToMultiByte
0x42d1f0 lstrlenA
0x42d1f4 lstrcpynA
0x42d1f8 LoadLibraryExA
0x42d1fc GetThreadLocale
0x42d200 GetStartupInfoA
0x42d204 GetProcAddress
0x42d208 GetModuleHandleA
0x42d20c GetModuleFileNameA
0x42d210 GetLocaleInfoA
0x42d214 GetCommandLineA
0x42d218 FreeLibrary
0x42d21c FindFirstFileA
0x42d220 FindClose
0x42d224 ExitProcess
0x42d228 WriteFile
0x42d230 RtlUnwind
0x42d234 RaiseException
0x42d238 GetStdHandle
Library kernel32.dll:
0x42d240 TlsSetValue
0x42d244 TlsGetValue
0x42d248 LocalAlloc
0x42d24c GetModuleHandleA
Library user32.dll:
0x42d254 MessageBoxA
0x42d258 LoadStringA
0x42d25c GetSystemMetrics
0x42d260 CharNextA
0x42d264 CharToOemA
Library kernel32.dll:
0x42d26c WriteFile
0x42d270 VirtualQuery
0x42d274 LoadLibraryA
0x42d278 GetVersionExA
0x42d27c GetThreadLocale
0x42d280 GetStdHandle
0x42d284 GetProcAddress
0x42d288 GetModuleHandleA
0x42d28c GetModuleFileNameA
0x42d290 GetLocaleInfoA
0x42d294 GetDiskFreeSpaceA
0x42d298 GetCPInfo
0x42d29c FreeLibrary
0x42d2a0 EnumCalendarInfoA

This program must be run under Win32
`.itext
`.data
.idata
.rdata
@.reloc
B.rsrc
stringX
TObject
FastMM Borland Edition
2004, 2005 Pierre le Riche / Professional Software Development
An unexpected memory leak has occurred.
The unexpected small block leaks are:
bytes:
Unknown
String
The sizes of unexpected leaked medium and large blocks are:
Unexpected Memory Leak
~KxI[)
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
ZTUWVSPRTj
tChLH@
kernel32.dll
GetLongPathNameA
Software\Borland\Locales
Software\Borland\Delphi\Locales
_^[YY]
Exception R@
EHeapException
EOutOfMemory
EInOutError0S@
EExternal
EExternalException
EIntError
EDivByZero
ERangeError
EIntOverflow
EMathError
EInvalidOp
EZeroDivideTV@
EOverflow
EUnderflow
EInvalidPointer`W@
EInvalidCast
EConvertError
EAccessViolation
EPrivilege
EStackOverflow
EControlC
EVariantError
EAssertionFailed
EAbstractError
EIntfCastError
ESafecallException
SysUtils
SysUtils
<*t"<0r=<9w9i
INFNAN
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
QQQQQQSVW3
QQQQQSVW
_^[YY]
TErrorRec
TExceptRec
m/d/yy
mmmm d, yyyy
:mm:ss
TUnitHashArray
SysUtils
TModuleInfo
kernel32.dll
GetDiskFreeSpaceExA
Runtime error at 00000000
0123456789ABCDEF
'Sk<B{,,*
T;t@O0v{
NY/{zXY
HMw}?l
NY6&(ubEA
oleaut32.dll
SysFreeString
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
user32.dll
GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
kernel32.dll
GetACP
VirtualFree
VirtualAlloc
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
user32.dll
MessageBoxA
LoadStringA
GetSystemMetrics
CharNextA
CharToOemA
kernel32.dll
WriteFile
VirtualQuery
LoadLibraryA
GetVersionExA
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetDiskFreeSpaceA
GetCPInfo
FreeLibrary
EnumCalendarInfoA
0,080<0@0D0H0L0P0T0b0j0r0z0
1"1*121:1B1n1v1~1
4%454j4x4
829<9T9Z9r9
9.:K:W:j:s:z:
>>)>B>
0V3a3p3
8'9=9+:1:O:q:|:L;P;V;Z;d;w;{;
;"<*<7<=<K<Z<g<z<
<:=O=\=|=
=$>(>,>0>4>8><>@>D>
31K1\1x1
354E4[4y4
6B7V7^7t7
<8<@<K<w<
=>=B=H=L=Q=X=^=f=q=
>0>:>_>i>s>{>
?&?2?K?
1K3f4o4K6
="=J=t=
>">*>2>:>B>J>R>Z>b>j>r>z>
?$?,?4?<?D?L?T?\?d?l?t?|?
0$0,040<0D0L0T0\0d0l0t0|0
1$1,141<1D1L1T1\1d1l1x1
202P2X2\2`2d2h2l2p2t2x2
3 3$3(3,3<3\3d3h3l3p3t3x3|3
4 4$4(4,4044484<4L4l4t4x4|4
5 5(5,5054585<5@5D5H5X5x5
6(6064686<6@6D6H6L6P6`6
747<7@7D7H7L7P7T7X7\7p7
8,8L8T8X8\8`8d8h8l8p8t8
9 9$9(989X9`9d9h9l9p9t9x9|9
: :$:(:,:0:4:8:<:P:p:x:|:
;!;0;=;E;p;*=
m0q0u0y0}0
4!4)41494
:K:P:j:
;+;G;f;x;
<"<]<}<
=E=^=n=
? ?(?R?c?l?
!0+0u0
3#3+373w3
6Q6c6w6
6"717@7\7
88+81898B8N8S8\8e8n8w8
819O9x9
:6;;;I;R;
<,<5<P<c<v<
=#=7=E=Y=w=
>">7>?>\>i>(?X?q?
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2l2p2x2|2
3 3$3,30383<3D3H3P3T3\3`3h3l3t3x3
4 4(4,44484@4D4S4_4j4t4
5&505;5E5P5Z5`5j5p5z5
00%0)0/060:0T0]0f0r0|0
1;1E1S1
,0L0l0
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
9$9,949<9D9L9T9\9d9l9t9
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
{>57]#
=EQDiH
d5?TSH
F`p$P[
cF.,zS+
.xEag
S!/V#nd
a=OCTZ
vf6b!?
ib5Hs&
.p5HWa
EHu,b/D
;S2$(.
[ ;* 3@
fg(j^Y
f+>n'=
ymvMl=
,-<Eui_
[Ms8e!
:?oA>,
:n-` BI
|jSC?{?5
yrQSWYs
R75|Fd[
*<%3FoK
}u['0@+P3
;yaDUp~G
;yaDS|~kepG
s%ZcTKY
"R}:vl
ivU(c";xA
mX<eY3
>kca~^
X#*p5NC
s%RQ K
F"9Qai)
C$D/5;
4k*S*k
wUr(f>
&.TSh"
oJ~$+J
$x[33*
0!S#h$s
"4r0+/d
hLk?{p:Ho
n@whR{P
sxLYUW
+@wh3(
x(6mvJH
[:!oqJ,*
DO[&@>
PGS%^m
$x<w6@
OAY3._
N.45H2{v
/VMEdLH
wSYc)K
)pviW#U
__o)fT
p,5fM3
5Mb=pu
(tFO:'
-|AaRS
3nW#h
Ag$Pq%F
h.{=4O
:G4A$w
Pu&:mw
mcIOO(
*yY!CL
,c!OM%H
v,_(ph
659.^N
FHp%+w
m3HQ/
*31Q+8?.
fOpyrkfyI
M-X=#]k
>e5qQ{
2m#H_/@
6Cgc_i-
-p&A(
O@j./Qe
E~U,:c
r^$pv
Ap1o,"r
ht%hwc_
V0>E&@
TveG[?
J=v}2T
C:p5(G
~la`@q
IzA?{DR
^I;6l0
`+SG!0
pxrMF
vm{x+E4Ho
.`/w4'[
D~>fRfO
~[(#\VVB
-rfBICOs
c!Sv-~
r\k_wXu
ni5;X CU3$
8U$55@9
Dw.Pc*
x{=VcY,
##^,iYr
&?D?Sv
!*4`v;B
^FYn5?p
9|3!aRq
Wh)nsF
-ft7:F
m?(=zFm
=sEOYu<
x_+lqC
T~%+-5
7 L<~-
UJIHp{
%zk>(V
0~=DUM
cfbPQs<|I
[gt={<
,`n%:=3
68(&#m{pJ
ppe~v
?z<5hG
=g<j{
,$roPAX[Uv
/mC?'l
w#hkm>i
'eE2S3
#8a0^3
Fv]/;L
>R8FQl
g[?+}/
d,!v5`(
s(mV(J
g0Pk1]
BnLk?zz
-5!Q+K
v)f?C)
:rbQ[
;VKYf#
/Pt>;Wq2
=0%h@h
_,$:~/
.0b{w5*
:/f1c,
/A31c!
_u5vR#[
u<l}[U
KhQFNz
fM%O1]"
~l$@+o
.p5(Gh^
s?+EQQ
&\30yA
ba.W=$
MYkX^-
*pfv[,[
f`PI|m
F*7qab>|
E9_._{=
4EbSyW
/o{\mG
e#IK*h
mDMK7>
xFcftuK
|5{#P
B&|(<
& )i6&h
wTM-yL
nb7;s;
duUn3`?7eId
T5(3{K][Zllc
W~p3wY
rLI;vhL
&Ec}G
fsjO!X
:g}ZY&
*3!33L
3W+/[o
pJYnqX
jt"*SE
Ehc\/>
[p)Lckz[
+@|5`S
5u$27"
pf3a3>
{D3~'%K
~qHFh#qvO
\cf:L"]
KqYq2|"
H3C\nN
s_\MyW
oAU:y30;
;H,uH*
iDbu`p7
t_IMm4
'b3<^s7
o<5]LwZiQ^
g}*Df!
|fSfBw
f}]yHg
m%0f!#
*9OP_p
,k>}aF|
~Y8*N
zm4ddnZ
oEzA:2sb
d7yZ)v
BE8HG`y
xI"6}]g
mJ(u2H
0y`pww
la$tT#J
(,02h
P-~Y2`
fD;{xf|r
4p,}!ps
927p#?
gk-rfBI
)V)Kl82=
MYd`08=
dhNm*F
f!I_(+
@I$Y+9
C=:I5Q
08)7pR
)_7;sY
e?HS!mPyr[_ay@>
^ai0"+
`__]?f
LI;]Z0
CM`>^5
f:}b?k
EYOX>O
_=gb"'
{5x{6[L
`2~sIK
i]mQq7 \
Bpx1MF
}~%RU`{
p#1S7]
/v4s.%Z
U.;f8`
9u.;7q
g:jf0G
I)3WW/#
oPyrmB
H/#^,P
},}Wg?E}
>b,(vo
d,s$Di
h:;;C!
eLg.,H+
5[^]Y$
F{M9Q&
8L|0G57
no%3l3
9Kk}ke
_MOth-?!
`;rq=;
/a73w6l
K.&@{G
un%(K<
&C'fB/
l:84H=2
(J#[[*
(x(sjN
8>@z~v#k
&'-LK>>
^KUn7Y
E#2TW_@f
[%m]r>
PasHtASg2
Ng=ivwK
EPz/>x
z?tN$#
F,y[>fN
mg3UY
WO9~OUy
7!ZJa9
0e[{xO/
_nt=H&"
fF%ba,
VWFiXO{
_#>R[(
\.#Xd,
.0]`z:s
~"9*~=?
`4~,9Z+*
zi5lk_z~u[
PJ{IK{bL3
8 #c5C
&|u=3
d|5:C
V")YD^)
%64I$`
Tb8uE{
JyAJ&(L
%$&h$yH
8W#&@3|
[Wo(8p,
4pfk@O
?no[?N%
pVGp;8l
fT.q0
_m+[-9f
Sha0U]%k-wV
}"K-pv
#WQ(bp
% _Mk{in
^S;3WI
dmV[TNlF
TVJ%@
G`"UE
.J#B&
}=f}@#
m%[-wf
#*GW85`8
0Itg"<
GvPx*2
ra2"\P
AYzl:7
OM9V9pi[
#mj%9:
50uQ`TT
Mk{-fFZ
x& \Mg
m0fp*
U}eKg^_F
0&FHF?
VgkeZDL
JLZO\I
d;f.^K
[S)`"
]%k-wV
Q}aKc^[
w5oF$[
Nrh?CY
'58U#:
o^-Xtg
i@Z#,{b
G0q/v^
Gggfv@
&vvggd
wwgbvt
1wwwr"gf@
1wwwr"vv@
wr""gf@
wr""&f@
ww"w""@
wr'""@
{<:y&q?
PACKAGEINFO
DVCLAL
MAINICON
November
December
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
OctoberInvalid variant type conversion
Invalid variant operation
Invalid argument
External exception %x
Assertion failed
Interface not supported
Exception in safecall method
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Access violation
Stack overflow
Control-C hit
Privileged instruction(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
Write$Error creating variant or safe array)Variant or safe array index out of bounds
Out of memory
I/O error %d
File not found
Invalid filename
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow Invalid floating point operationFloating point division by zero
Floating point overflow
Floating point underflow
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Clean
Elastic malicious (high confidence)
ClamAV Win.Malware.Delf-9890071-0
CMC Clean
CAT-QuickHeal VirTool.DelfInject
Skyhigh BehavesLike.Win32.GenDownloader.fh
Cylance Unsafe
Zillya Trojan.Buzus.Win32.98958
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (D)
Alibaba Clean
K7GW Trojan ( 00592b501 )
K7AntiVirus Trojan ( 00592b501 )
huorong Clean
Baidu Win32.Trojan.Delf.k
VirIT Win32.DelfGen.DGZ
Paloalto Clean
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 Win32/Delf.OEN
APEX Malicious
Avast Win32:Delf-SES [Trj]
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.Win32.Agent.gen
BitDefender Trojan.GenericKD.48705378
NANO-Antivirus Trojan.Win32.Buzus.rggjy
ViRobot Clean
MicroWorld-eScan Trojan.GenericKD.48705378
Tencent Trojan.Win32.Delf.pe
Sophos ML/PE-A
F-Secure Trojan.TR/Dropper.Gen8
DrWeb Trojan.DownLoader5.60700
VIPRE Trojan.GenericKD.48705378
TrendMicro TROJ_NEOJIT.SMX
McAfeeD ti!B5DA11D0AA91
Trapmine malicious.high.ml.score
CTX exe.trojan.generic
Emsisoft Trojan.GenericKD.48705378 (B)
Ikarus Trojan-Downloader.Win32.Neojit
GData Trojan.GenericKD.48705378
Jiangmin TrojanDropper.Injector.ufb
Webroot W32.Trojan.Gen
Varist W32/Delf.DF.gen!Eldorado
Avira TR/Dropper.Gen8
Antiy-AVL Trojan/Win32.Buzus
Kingsoft malware.kb.a.1000
Gridinsoft Ransom.Win32.Zbot.oa!s1
Xcitium TrojWare.Win32.Buzus.krej@4t92vr
Arcabit Trojan.Generic.D2E72F62
SUPERAntiSpyware Trojan.Agent/Gen-Delf
ZoneAlarm Troj/DwnLdr-JYR
Microsoft Trojan:Win32/Dorv.A!rfn
Google Detected
AhnLab-V3 Dropper/Win32.Injector.R22749
Acronis Clean
VBA32 BScope.Trojan-Dropper.Injector
TACHYON Trojan/W32.DP-Agent.378368.K
Malwarebytes Generic.Malware.AI.DDS
Panda Generic Malware
Zoner Clean
TrendMicro-HouseCall TROJ_NEOJIT.SMX
Rising Malware.XPACK!1.6555 (CLASSIC)
Yandex Clean
TrellixENS GenDownloader.ne
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Buzus.DE!tr
AVG Win32:Delf-SES [Trj]
DeepInstinct MALICIOUS
alibabacloud Trojan:Win/Delf.ba5df07c
IRMA Signature
Trend Micro SProtect (Linux) TROJ_NEOJIT.SMX
Avast Core Security (Linux) Win32:Delf-SES [Trj]
C4S ClamAV (Linux) Win.Malware.Delf-9890071-0
Trellix (Linux) GenDownloader.ne trojan
Sophos Anti-Virus (Linux) Mal/Generic-S
Bitdefender Antivirus (Linux) Trojan.GenericKD.48705378
G Data Antivirus (Windows) Virus: Trojan.GenericKD.48705378 (Engine A)
WithSecure (Linux) Trojan.TR/Dropper.Gen8
ESET Security (Windows) Win32/Delf.OEN trojan
DrWeb Antivirus (Linux) Trojan.DownLoader5.60700
ClamAV (Linux) Win.Malware.Delf-9890071-0
eScan Antivirus (Linux) Trojan.GenericKD.48705378(DB)
Kaspersky Standard (Windows) HEUR:Trojan.Win32.Agent.gen
Emsisoft Commandline Scanner (Windows) Trojan.GenericKD.48705378 (B)
Cuckoo

We're processing your submission... This could take a few seconds.