| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| disable_antivirus |
| hijack_network |
| escalate_priv |
| screenshot |
| keylogger |
| win_registry |
| win_token |
| win_private_profile |
| win_files_operation |
| Borland |
| BobSoftMiniDelphiBoBBobSoft |
| File Name: | Mirillis_Action_2.8.2.0_FULL.exe |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | 6172fb25474ce1f0fed4ae64e71a5e618283a641 |
| MD5: | 015c4dfc9423143fc1406f01048f0769 |
| First Seen Date: | 2018-01-05 22:07:01.415426 ( ) |
| Number of Clients Seen: | 7 |
| Last Analysis Date: | 2019-01-25 20:21:44.632372 ( ) |
| Human Expert Analysis Result: | No human expert analysis verdict given to this sample yet. |
| Property | Value |
|---|---|
| magic literal enum | 3 |
| file type enum | 6 |
| debug artifacts | [] |
| number of sections | 8 |
| trid | [[53.2, u'InstallShield setup'], [17.5, u'Win32 Executable Delphi generic'], [16.1, u'Windows screen saver'], [5.5, u'Win32 Executable (generic)'], [2.5, u'Win16/32 Executable Delphi generic']] |
| compilation time stamp | 0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC] [SUSPICIOUS] |
| LegalCopyright | Mirillis |
| FileDescription | Action! 2.8.2.0 Installation |
| FileVersion | 2.8.2.0 |
| Comments | |
| CompanyName | Mirillis |
| Translation | 0x0409 0x04e4 |
| entry point | 0x425468 (CODE) |
| machine type | Intel 386 or later - 32Bit |
| file size | 19018299 |
| ssdeep | 393216:YdsvXwsJSix8N2yizfJ0bGSymoHrunFOpohN17u:YdsvAsJnx8QyizfCfLIpoH17u |
| sha256 | e405f788f5445c7bdf9c5617604053fcec7a4860eea877b9441425d8f0310133 |
| exifinfo | [{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/6/1/7/2/6172fb25474ce1f0fed4ae64e71a5e618283a641', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2019:01:25 15:32:34+00:00', u'EXE:InitializedDataSize': 314880, u'File:FileModifyDate': u'2018:01:05 22:06:24+00:00', u'EXE:FileVersionNumber': u'2.8.2.0', u'EXE:FileVersion': u'2.8.2.0 ', u'File:FileSize': u'18 MB', u'EXE:CharacterSet': u'Windows, Latin1', u'EXE:MachineType': u'Intel 386 or later, and compatibles', u'EXE:FileOS': u'Win32', u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win32 EXE', u'EXE:CompanyName': u'Mirillis ', u'File:FileName': u'6172fb25474ce1f0fed4ae64e71a5e618283a641', u'EXE:ImageVersion': 0.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 4.0, u'EXE:PEType': u'PE32', u'EXE:TimeStamp': u'1992:06:19 22:22:17+00:00', u'EXE:FileFlagsMask': u'0x003f', u'EXE:LegalCopyright': u'Mirillis ', u'EXE:LinkerVersion': 2.25, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/6/1/7/2', u'EXE:FileDescription': u'Action! 2.8.2.0 Installation ', u'EXE:EntryPoint': u'0x25468', u'EXE:SubsystemVersion': 4.0, u'EXE:CodeSize': 148992, u'EXE:Comments': u'', u'File:FileInodeChangeDate': u'2018:01:05 22:06:24+00:00', u'EXE:UninitializedDataSize': 0, u'EXE:LanguageCode': u'English (U.S.)', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'0.0.0.0'}] |
| mime type | application/x-dosexec |
| imphash | c9adc83b45e363b21cd6b11b5da0501f |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| CODE | 0x1000 | 0x244cc | 0x24600 | 6.59442804845 | 5e14e4ede2e2215bc7d72837b9871f8f |
| DATA | 0x26000 | 0x2894 | 0x2a00 | 3.79375704099 | abafcbfbd7f8ac0226ca496a92a0cf06 |
| BSS | 0x29000 | 0x10f5 | 0x0 | 0.0 | d41d8cd98f00b204e9800998ecf8427e |
| .idata | 0x2b000 | 0x1798 | 0x1800 | 4.88554506065 | a4e0ac39d5ed487ceea059fa23dfce5e |
| .tls | 0x2d000 | 0x8 | 0x0 | 0.0 | d41d8cd98f00b204e9800998ecf8427e |
| .rdata | 0x2e000 | 0x18 | 0x200 | 0.20448815744 | c4fdd0c5c9efb616fcc85d66056ca490 |
| .reloc | 0x2f000 | 0x1884 | 0x1a00 | 6.58664786461 | 867a1120317d51734587a74f6ee70016 |
| .rsrc | 0x31000 | 0x46f60 | 0x47000 | 5.79644438 | eb8e41ac06d7921f08b4cf7f5395db62 |
-
kernel32.dll
- DeleteCriticalSection
- LeaveCriticalSection
- EnterCriticalSection
- InitializeCriticalSection
- VirtualFree
- VirtualAlloc
- LocalFree
- LocalAlloc
- GetVersion
- GetCurrentThreadId
- WideCharToMultiByte
- GetThreadLocale
- GetStartupInfoA
- GetLocaleInfoA
- GetCommandLineA
- FreeLibrary
- ExitProcess
- WriteFile
- UnhandledExceptionFilter
- RtlUnwind
- RaiseException
- GetStdHandle
-
user32.dll
- GetKeyboardType
- MessageBoxA
-
advapi32.dll
- RegQueryValueExA
- RegOpenKeyExA
- RegCloseKey
-
oleaut32.dll
- SysFreeString
- SysReAllocStringLen
-
kernel32.dll
- TlsSetValue
- TlsGetValue
- LocalAlloc
- GetModuleHandleA
-
advapi32.dll
- RegCloseKey
- OpenThreadToken
- OpenProcessToken
- GetTokenInformation
- FreeSid
- EqualSid
- AllocateAndInitializeSid
- AdjustTokenPrivileges
-
kernel32.dll
- WriteFile
- WinExec
- WaitForSingleObject
- TerminateProcess
- SystemTimeToFileTime
- Sleep
- SetFileTime
- SetFilePointer
- SetErrorMode
- SetEndOfFile
- ReadFile
- OpenProcess
- MultiByteToWideChar
- LocalFileTimeToFileTime
- LoadLibraryA
- GlobalFree
- GlobalAlloc
- GetVersion
- GetUserDefaultLangID
- GetProcAddress
- GetModuleHandleA
- GetLocalTime
- GetLastError
- GetFileTime
- GetFileSize
- GetExitCodeProcess
- GetCurrentThread
- GetCurrentProcess
- FreeLibrary
- FindClose
- FileTimeToSystemTime
- FileTimeToLocalFileTime
- DosDateTimeToFileTime
- CompareFileTime
- CloseHandle
-
gdi32.dll
- StretchDIBits
- StretchBlt
- SetWindowOrgEx
- SetTextColor
- SetStretchBltMode
- SetRectRgn
- SetROP2
- SetPixel
- SetDIBits
- SetBrushOrgEx
- SetBkMode
- SetBkColor
- SelectObject
- SaveDC
- RestoreDC
- OffsetRgn
- MoveToEx
- IntersectClipRect
- GetStockObject
- GetPixel
- GetDIBits
- ExtSelectClipRgn
- ExcludeClipRect
- DeleteObject
- DeleteDC
- CreateSolidBrush
- CreateRectRgn
- CreateDIBitmap
- CreateDIBSection
- CreateCompatibleDC
- CreateCompatibleBitmap
- CreateBrushIndirect
- CreateBitmap
- CombineRgn
- BitBlt
-
user32.dll
- WaitMessage
- ValidateRect
- TranslateMessage
- ShowWindow
- SetWindowPos
- SetTimer
- SetParent
- SetForegroundWindow
- SetFocus
- SetCursor
- SendMessageA
- ScreenToClient
- ReleaseDC
- PostQuitMessage
- OffsetRect
- KillTimer
- IsZoomed
- IsWindowVisible
- IsWindowEnabled
- IsWindow
- IsIconic
- InvalidateRect
- GetWindowRgn
- GetWindowRect
- GetWindowDC
- GetUpdateRgn
- GetSystemMetrics
- GetSystemMenu
- GetSysColor
- GetParent
- GetWindow
- GetKeyState
- GetFocus
- GetDCEx
- GetDC
- GetCursorPos
- GetClientRect
- GetCapture
- FillRect
- ExitWindowsEx
- EnumWindows
- EndPaint
- EnableWindow
- EnableMenuItem
- DrawIcon
- DestroyWindow
- DestroyIcon
- DeleteMenu
- CopyImage
- ClientToScreen
- BeginPaint
- CharLowerBuffA
-
winmm.dll
- timeKillEvent
- timeSetEvent
-
oleaut32.dll
- SysAllocStringLen
-
ole32.dll
- OleInitialize
-
comctl32.dll
- ImageList_Draw
- ImageList_SetBkColor
- ImageList_Create
- InitCommonControls
-
shell32.dll
- SHGetFileInfoA
-
user32.dll
- wvsprintfA
- SetWindowLongA
- SetPropA
- SendMessageA
- RemovePropA
- RegisterClassA
- PostMessageA
- PeekMessageA
- MessageBoxA
- LoadIconA
- LoadCursorA
- GetWindowTextLengthA
- GetWindowTextA
- GetWindowLongA
- GetPropA
- GetClassLongA
- GetClassInfoA
- FindWindowA
- DrawTextA
- DispatchMessageA
- DefWindowProcA
- CreateWindowExA
- CallWindowProcA
-
gdi32.dll
- GetTextExtentPoint32A
- GetObjectA
- CreateFontIndirectA
- AddFontResourceA
-
kernel32.dll
- WritePrivateProfileStringA
- SetFileAttributesA
- SetCurrentDirectoryA
- RemoveDirectoryA
- LoadLibraryA
- GetWindowsDirectoryA
- GetVersionExA
- GetTimeFormatA
- GetTempPathA
- GetSystemDirectoryA
- GetShortPathNameA
- GetPrivateProfileStringA
- GetModuleHandleA
- GetModuleFileNameA
- GetFullPathNameA
- GetFileAttributesA
- GetDiskFreeSpaceA
- GetDateFormatA
- GetComputerNameA
- GetCommandLineA
- FindNextFileA
- FindFirstFileA
- ExpandEnvironmentStringsA
- DeleteFileA
- CreateFileA
- CreateDirectoryA
- CompareStringA
-
advapi32.dll
- RegSetValueExA
- RegQueryValueExA
- RegQueryInfoKeyA
- RegOpenKeyExA
- RegEnumKeyExA
- RegCreateKeyExA
- LookupPrivilegeValueA
- GetUserNameA
-
shell32.dll
- ShellExecuteExA
- ShellExecuteA
-
cabinet.dll
- FDIDestroy
- FDICopy
- FDICreate
-
ole32.dll
- OleInitialize
- CoTaskMemFree
- CoCreateInstance
- CoUninitialize
- CoInitialize
-
shell32.dll
- SHGetSpecialFolderLocation
- SHGetPathFromIDListA
- SHGetMalloc
- SHChangeNotify
- SHBrowseForFolderA
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 201376, u'sha256': u'656453d85cd9b2f5d6e13300af37fff561b3fc05f02f0fcfdf06af568c5d98cb', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1128}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 202504, u'sha256': u'5dc2f7c255d948a42795cc941c33a2e08573de885ef14c1f5a43dace2fba7886', u'type': u'data', u'size': 2440}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 204944, u'sha256': u'da2ea1c0097e75c2677345eee13d53ad55e6581eac6a9ef35cf2868541161c77', u'type': u'data', u'size': 4264}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 209208, u'sha256': u'583b52c9b248794539a41158d9d201afa7234d72b557eed1f600f13e27a8a44e', u'type': u'data', u'size': 9640}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_ICON', u'offset': 218848, u'sha256': u'6cda1c94f4a168c4de5c5a5114f3feb955b60f737987ae38275702b48edeffeb', u'type': u'dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 16777215, next used block 16777215', u'size': 270376}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 489224, u'sha256': u'88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610', u'type': u'Sendmail frozen configuration ', u'size': 16}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_RCDATA', u'offset': 489240, u'sha256': u'0d9a7ca2193a69f7048c46748a3e98e7e101bda4e5bbe903858539e20ffed78d', u'type': u'data', u'size': 272}
{u'lang': u'LANG_NEUTRAL', u'name': u'RT_GROUP_ICON', u'offset': 489512, u'sha256': u'956a9528d0fe75126c1628391a8f48d38b15048fd1d817b29635b2a5eea5e1c2', u'type': u'MS Windows icon resource - 5 icons, 16x16', u'size': 76}
{u'lang': u'LANG_RUSSIAN', u'name': u'RT_VERSION', u'offset': 489588, u'sha256': u'bb2e91b28b55fbc496b313a31219c0c912eb93f22c30d5df601a1b47d502dab2', u'type': u'data', u'size': 884}
{u'lang': u'LANG_RUSSIAN', u'name': u'RT_MANIFEST', u'offset': 490472, u'sha256': u'1e9cffb6544cb40c042cf9413e0481026699ef5f8e74613293bd60ae098f3c09', u'type': u'XML 1.0 document, ASCII text, with CRLF line terminators', u'size': 886}