febbec6ea8faa66ab8c8bcb1fe17ed17

Sharing

Copy URL Twitter E-mail

General

Target

febbec6ea8faa66ab8c8bcb1fe17ed17
Size

16KB
MD5

febbec6ea8faa66ab8c8bcb1fe17ed17
SHA1

1d14043ef70df99b0bd2c50aa249d923904c6a37
SHA256

c9dd8c8fddf3bf83acb83e0f6aae0579e58176cacfe9ffc9c03ebe0263efaf6e
SHA512

94939f1c9f1014d1a60c73addcfadeed791326580b1119ef4125b63e363b83fa7a3c99e294efe7eb8df0090828797aa6a200caf70133438961a66fdeb347a18b
SSDEEP

384:vdABdKIq32c9yasj+2bgCEJN/8MhB95EAk0DUK1pbeu6:VAB98/sjCCEJBrhBdNDUKrba

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RegExpFileRename.exe

Files

febbec6ea8faa66ab8c8bcb1fe17ed17
.zip
RegExpFileRename.exe
.exe windows:4 windows x86 arch:x86

0df156cc196190c34440a71c6e3eadd3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr80

_crt_debugger_hook
__CxxExceptionFilter
__CxxRegisterExceptionObject
__CxxDetectRethrow
_except_handler4_common
__CxxUnregisterExceptionObject
_cexit
_amsg_exit
__set_app_type
_XcptFilter
__wgetmainargs
_configthreadlocale
__p__commode
__p__fmode
_encoded_null
__FrameUnwindFilter
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__CxxQueryExceptionSize
_encode_pointer

kernel32

Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

msvcm80

?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
__setusermatherr_m
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z

mscoree

_CorExeMain

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readme.txt

Sharing

General

Malware Config

Signatures

Files

0df156cc196190c34440a71c6e3eadd3

Headers

File Characteristics

Imports

msvcr80

kernel32

msvcm80

mscoree

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 476B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 476B