{"id":1093,"date":"2012-07-02T10:10:44","date_gmt":"2012-07-02T10:10:44","guid":{"rendered":"http:\/\/www.hexacorn.com\/blog\/?p=1093"},"modified":"2012-10-14T23:47:36","modified_gmt":"2012-10-14T23:47:36","slug":"random-stats-from-300k-malicious-samples-borland-libraries","status":"publish","type":"post","link":"https:\/\/www.hexacorn.com\/blog\/2012\/07\/02\/random-stats-from-300k-malicious-samples-borland-libraries\/","title":{"rendered":"Random stats from 300k malicious samples &#8211; Borland Libraries"},"content":{"rendered":"<p>Quick &amp; dirty script for pulling info out of the Borland samples helped to provide the following statistics for libraries being used by malware:<\/p>\n<pre>\u00a0 29458 SysInit\r\n\u00a0 29068 System\r\n\u00a0 28330 Windows\r\n\u00a0 24572 Types\r\n\u00a0 20368 Messages\r\n\u00a0 17403 ActiveX\r\n\u00a0 16312 SysUtils\r\n\u00a0 15845 SysConst\r\n\u00a0 15516 ShellAPI\r\n\u00a0 14179 WinInet\r\n\u00a0 13267 UrlMon\r\n\u00a0 12689 Classes\r\n\u00a0 12594 TypInfo\r\n\u00a0 11574 Variants\r\n\u00a0 11574 VarUtils\r\n\u00a0 10892 WinSock\r\n\u00a0 10836 Consts\r\n\u00a0 10801 Registry\r\n\u00a0 10745 RTLConsts\r\n\u00a0 10704 ShlObj\r\n\u00a0 10704 RegStr\r\n\u00a0 10662 IniFiles\r\n\u00a0 10515 Graphics\r\n\u00a0 10358 Imm\r\n\u00a0 10273 CommDlg\r\n\u00a0 10256 Math\r\n\u00a0 10037 WinSpool\r\n\u00a0 10033 Forms\r\n\u00a0 10032 Controls\r\n\u00a0 10031 Printers\r\n\u00a0 10031 Menus\r\n\u00a0 10025 StdCtrls\r\n\u00a0 10007 ExtCtrls\r\n\u00a0\u00a0 9933 Dlgs\r\n\u00a0\u00a0 9907 Dialogs\r\n\u00a0\u00a0 9704 Clipbrd\r\n\u00a0\u00a0 9647 CommCtrl\r\n\u00a0\u00a0 9632 ImgList\r\n\u00a0\u00a0 9632 FlatSB\r\n\u00a0\u00a0 9631 StdActns\r\n\u00a0\u00a0 9630 ActnList\r\n\u00a0\u00a0 9626 MultiMon\r\n\u00a0\u00a0 9344 Contnrs\r\n\u00a0\u00a0 8858 SyncObjs\r\n\u00a0\u00a0 8799 StrUtils\r\n\u00a0\u00a0 8751 RichEdit\r\n\u00a0\u00a0 8739 TlHelp32\r\n\u00a0\u00a0 8441 Buttons\r\n\u00a0\u00a0 8376 HelpIntfs\r\n\u00a0\u00a0 8090 ComCtrls\r\n\u00a0\u00a0 8086 ToolWin\r\n\u00a0\u00a0 8086 ComStrs\r\n\u00a0\u00a0 7792 WinHelpViewer\r\n\u00a0\u00a0 7276 Mapi\r\n\u00a0\u00a0 7261 ListActns\r\n\u00a0\u00a0 7257 ExtDlgs\r\n\u00a0\u00a0 7165 ExtActns\r\n\u00a0\u00a0 7074 Themes\r\n\u00a0\u00a0 7071 UxTheme\r\n\u00a0\u00a0 6270\r\n\u00a0\u00a0 5086 WinSvc\r\n\u00a0\u00a0 5063 IdResourceStrings\r\n\u00a0\u00a0 5063 IdException\r\n\u00a0\u00a0 5061 IdGlobal\r\n\u00a0\u00a0 5043 IdStackConsts\r\n\u00a0\u00a0 5043 IdStack\r\n\u00a0\u00a0 5042 IdBaseComponent\r\n\u00a0\u00a0 5028 IdAntiFreezeBase\r\n\u00a0\u00a0 5013 IdComponent\r\n\u00a0\u00a0 5001 IdSocketHandle\r\n\u00a0\u00a0 4964 IdURI\r\n\u00a0\u00a0 4898 IdTCPClient\r\n\u00a0\u00a0 4871 IdIntercept\r\n\u00a0\u00a0 4870 IdTCPConnection\r\n\u00a0\u00a0 4866 IdSocks\r\n\u00a0\u00a0 4783 IdStackWindows\r\n\u00a0\u00a0 4666 IdAssignedNumbers\r\n\u00a0\u00a0 4648 IdStream\r\n\u00a0\u00a0 4645 IdIOHandler\r\n\u00a0\u00a0 4644 IdIOHandlerSocket\r\n\u00a0\u00a0 4642 IdWinSock2\r\n\u00a0\u00a0 4392 MMSystem\r\n\u00a0\u00a0 4364 jpeg\r\n\u00a0\u00a0 4222 IdTCPStream\r\n\u00a0\u00a0 4155 IdRFCReply\r\n\u00a0\u00a0 4103 Unit1\r\n\u00a0\u00a0 3997 ComObj\r\n\u00a0\u00a0 3931 ComConst\r\n\u00a0\u00a0 3868 JConsts\r\n\u00a0\u00a0 3177 ScktComp\r\n\u00a0\u00a0 3092 IdCoder\r\n\u00a0\u00a0 3071 IdHeaderList\r\n\u00a0\u00a0 2906 IdCoder3to4\r\n\u00a0\u00a0 2903 IdCoderMIME\r\n\u00a0\u00a0 2880 Reg\r\n\u00a0\u00a0 2706 Project1\r\n\u00a0\u00a0 2679 Main\r\n\u00a0\u00a0 2641 IdStrings\r\n\u00a0\u00a0 2619 ImageHlp\r\n\u00a0\u00a0 2509 WinSvcEx\r\n\r\n\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Quick &amp; dirty script for pulling info out of the Borland samples helped to provide the following statistics for libraries being used by malware: \u00a0 29458 SysInit \u00a0 29068 System \u00a0 28330 Windows \u00a0 24572 Types \u00a0 20368 Messages \u00a0 &hellip; <a href=\"https:\/\/www.hexacorn.com\/blog\/2012\/07\/02\/random-stats-from-300k-malicious-samples-borland-libraries\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[28,9],"tags":[],"_links":{"self":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/1093"}],"collection":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/comments?post=1093"}],"version-history":[{"count":3,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/1093\/revisions"}],"predecessor-version":[{"id":1095,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/1093\/revisions\/1095"}],"wp:attachment":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/media?parent=1093"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/categories?post=1093"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/tags?post=1093"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}