FARegistrator[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

FARegistrator.exe
Size

128KB
MD5

2a6e9d396a090baaf8ab9707baf1cb2f
SHA1

25e36241a7c6c817bd8ef20320db1a5a38167a92
SHA256

a4e51ed579fecdfd61857220d016fe2447bc7af828f6b5a3513d31cbacfb9e86
SHA512

21ae96a4fdb7d5bd7788893c6248a4c1cf5996b565a9da0780250d99f7ce2cb00b06e81e80da73e0a16ec37cdece218c88fbe33747203bad6741d4c50b270361
SSDEEP

1536:15EJdTsYnZWpy41OBhPFvp2orlqfDGzf7yaX2mXjAw1zdA4oEizGEM12tqlEpJeV:15E3FnQczDPFvvYf6zfbXzjAQjoZ5CV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FARegistrator.exe

Files

FARegistrator.exe
.exe windows x86

b0685ba2f39b9353da6280a62b25fd8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

gdi32

BitBlt

user32

GetDC

comctl32

DefSubclassProc

oleaut32

OleLoadPicture

ole32

CoTaskMemFree

msvcrt

free

advapi32

RegCloseKey

imagehlp

ImageNtHeader

psapi

EnumProcesses

version

VerQueryValueA

winmm

waveOutOpen

gdiplus

GdiplusStartup

Sections

ONLYONE
Size: 90KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ONLYONE
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ONLYONE
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE