RegexBuddy4[.]9[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

RegexBuddy4.9.exe
Size

6.8MB
MD5

33f5d27a80856e612fc42aa0a0832416
SHA1

d253cbd7e75ef4e04b8e83d98d66f5d59aded658
SHA256

e3f27096d0e8594c2ad4dda4d0e82ec3683c2f0b4de3eb6c58a81da0eef5a5aa
SHA512

299945637a7ccc396b9b4f33677e926376e48a59b131dca7961ffa41030425e2b079248f92ca6efbe5bb013ff7ebc9d2267fe8f3028cac7e7432a92b997d6aa0
SSDEEP

196608:49rKYZbbbz++PrfV6T0vEhIM/kwFVx+Qsjqv1B7dK:QKSvz/jV64WP+mv1z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RegexBuddy4.9.exe

Files

RegexBuddy4.9.exe
.exe windows x64

8b579c3a75486142d0a14f9b57c90d96

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

VariantInit

advapi32

RegQueryInfoKeyW

user32

ReleaseCapture

kernel32

GetVersion
GetVersionExW
GetVersion
FreeLibrary
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

msimg32

GradientFill

gdi32

SetPixel

version

GetFileVersionInfoSizeW

mpr

WNetGetUniversalNameW

ole32

CoTaskMemAlloc

comctl32

ImageList_Read

msvcrt

memcpy

shell32

ord18

comdlg32

GetOpenFileNameW

winspool.drv

ClosePrinter

shlwapi

StrCmpLogicalW

winmm

PlaySoundW

usp10

ScriptTextOut

Sections

.text
Size: - Virtual size: 10.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 964KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1.1MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 576B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 51B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b579c3a75486142d0a14f9b57c90d96

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

msimg32

gdi32

version

mpr

ole32

comctl32

msvcrt

shell32

comdlg32

winspool.drv

shlwapi

winmm

usp10

Sections

.text Size: - Virtual size: 10.3MB

.data Size: - Virtual size: 964KB

.bss Size: - Virtual size: 1.1MB

.idata Size: - Virtual size: 25KB

.didata Size: - Virtual size: 5KB

.tls Size: - Virtual size: 576B

.rdata Size: - Virtual size: 51B

.pdata Size: - Virtual size: 463KB

.vmp0 Size: - Virtual size: 2.9MB

.vmp1 Size: 6.5MB - Virtual size: 6.5MB

.rsrc Size: 290KB - Virtual size: 289KB

.text
Size: - Virtual size: 10.3MB

.data
Size: - Virtual size: 964KB

.bss
Size: - Virtual size: 1.1MB

.idata
Size: - Virtual size: 25KB

.didata
Size: - Virtual size: 5KB

.tls
Size: - Virtual size: 576B

.rdata
Size: - Virtual size: 51B

.pdata
Size: - Virtual size: 463KB

.vmp0
Size: - Virtual size: 2.9MB

.vmp1
Size: 6.5MB - Virtual size: 6.5MB

.rsrc
Size: 290KB - Virtual size: 289KB