Random stats from 300k malicious samples – Borland Libraries

July 2, 2012 in Batch Analysis, Malware Analysis

Quick & dirty script for pulling info out of the Borland samples helped to provide the following statistics for libraries being used by malware:

  29458 SysInit
  29068 System
  28330 Windows
  24572 Types
  20368 Messages
  17403 ActiveX
  16312 SysUtils
  15845 SysConst
  15516 ShellAPI
  14179 WinInet
  13267 UrlMon
  12689 Classes
  12594 TypInfo
  11574 Variants
  11574 VarUtils
  10892 WinSock
  10836 Consts
  10801 Registry
  10745 RTLConsts
  10704 ShlObj
  10704 RegStr
  10662 IniFiles
  10515 Graphics
  10358 Imm
  10273 CommDlg
  10256 Math
  10037 WinSpool
  10033 Forms
  10032 Controls
  10031 Printers
  10031 Menus
  10025 StdCtrls
  10007 ExtCtrls
   9933 Dlgs
   9907 Dialogs
   9704 Clipbrd
   9647 CommCtrl
   9632 ImgList
   9632 FlatSB
   9631 StdActns
   9630 ActnList
   9626 MultiMon
   9344 Contnrs
   8858 SyncObjs
   8799 StrUtils
   8751 RichEdit
   8739 TlHelp32
   8441 Buttons
   8376 HelpIntfs
   8090 ComCtrls
   8086 ToolWin
   8086 ComStrs
   7792 WinHelpViewer
   7276 Mapi
   7261 ListActns
   7257 ExtDlgs
   7165 ExtActns
   7074 Themes
   7071 UxTheme
   6270
   5086 WinSvc
   5063 IdResourceStrings
   5063 IdException
   5061 IdGlobal
   5043 IdStackConsts
   5043 IdStack
   5042 IdBaseComponent
   5028 IdAntiFreezeBase
   5013 IdComponent
   5001 IdSocketHandle
   4964 IdURI
   4898 IdTCPClient
   4871 IdIntercept
   4870 IdTCPConnection
   4866 IdSocks
   4783 IdStackWindows
   4666 IdAssignedNumbers
   4648 IdStream
   4645 IdIOHandler
   4644 IdIOHandlerSocket
   4642 IdWinSock2
   4392 MMSystem
   4364 jpeg
   4222 IdTCPStream
   4155 IdRFCReply
   4103 Unit1
   3997 ComObj
   3931 ComConst
   3868 JConsts
   3177 ScktComp
   3092 IdCoder
   3071 IdHeaderList
   2906 IdCoder3to4
   2903 IdCoderMIME
   2880 Reg
   2706 Project1
   2679 Main
   2641 IdStrings
   2619 ImageHlp
   2509 WinSvcEx


Share this :)

Comments are closed.