2c927ddf5916cc712bbfcbce32a0b663

Sharing

Copy URL Twitter E-mail

General

Target

2c927ddf5916cc712bbfcbce32a0b663
Size

156KB
MD5

2c927ddf5916cc712bbfcbce32a0b663
SHA1

fd1e0a9a04c79f0a0dd37a77b36ef93fb462ff01
SHA256

62b63d93941ead60000d1d8298a49d33e0c93e3e90bf4ef16a889a7d57ac6bfd
SHA512

1b34d703978e4d885b3bbc065921c2c8f15524912bf6d8770bd1be9bd003de4bba108131fd8c1f5b4db604be27ff07f43e7e964dba2f7e30d915d7abf556ba47
SSDEEP

3072:zGnEklxV4c/xe7kWlqsUgyfSjPMum1wHDx/jzC8P+CiA+L7vUtshzt+0EPcXWrW+:DYxV9xizm+HV/jz/+xA+stshztiASzf1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HA_Regmon7.02_yfy/Regmon.exe

Files

2c927ddf5916cc712bbfcbce32a0b663
.rar
HA_Regmon7.02_yfy/README.TXT
HA_Regmon7.02_yfy/REGMON.HLP
HA_Regmon7.02_yfy/Regmon.exe
.exe windows:4 windows x86 arch:x86

b84db81653a769fc727fb616940061d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FormatMessageA
WaitForMultipleObjects
WaitForSingleObject
FreeLibrary
LoadLibraryA
SetFileAttributesA
GetTimeFormatA
DosDateTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateEventA
GetCurrentProcessId
GetEnvironmentVariableA
DeleteFileA
GetModuleFileNameA
GetSystemDirectoryA
GetCurrentDirectoryA
GetVersion
QueryPerformanceFrequency
CreateProcessA
GetCommandLineA
ExpandEnvironmentStringsA
GetFileAttributesA
GlobalMemoryStatus
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
ReadFile
GetStringTypeW
GetStringTypeA
LocalFree
FlushFileBuffers
SetStdHandle
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
TerminateProcess
TlsGetValue
TlsAlloc
GetCurrentThreadId
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
HeapReAlloc
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
InitializeCriticalSection
WriteFile
LeaveCriticalSection
EnterCriticalSection
ExitProcess
GetStartupInfoA
ExitThread
TlsSetValue
CreateThread
ResumeThread
InterlockedIncrement
InterlockedDecrement
RtlUnwind
GetUserDefaultLangID
GetVersionExA
Sleep
OpenProcess
ReadProcessMemory
GetProcessHeap
HeapAlloc
lstrcpyA
lstrlenA
HeapFree
lstrcatA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GetTickCount
DeviceIoControl
SetEvent
GetModuleHandleA
GetProcAddress
SetLastError
CreateFileA
FindResourceA
LoadResource
SizeofResource
LockResource
GetCurrentProcess
GetLastError
SetFilePointer
CloseHandle

user32

GetMessageA
TranslateAcceleratorA
IsDialogMessageA
SetCursor
InvalidateRect
ChildWindowFromPoint
GetSysColor
GetSysColorBrush
LoadCursorA
TranslateMessage
LoadAcceleratorsA
UpdateWindow
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemCount
InsertMenuItemA
CheckMenuItem
BeginPaint
EndPaint
LoadMenuA
TrackPopupMenu
IsZoomed
IsIconic
DispatchMessageA
DestroyMenu
EnableMenuItem
LoadStringA
GetDlgItem
MoveWindow
GetWindowRect
GetParent
WinHelpA
ReleaseDC
wsprintfA
PostQuitMessage
EnumDisplaySettingsA
FindWindowA
WaitForInputIdle
GetWindowThreadProcessId
SetForegroundWindow
FindWindowExA
SetWindowTextA
SetWindowPos
LoadIconA
SetWindowLongA
DrawIconEx
GetClientRect
CreateWindowExA
CallWindowProcA
SetCapture
ReleaseCapture
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetDC
DrawTextA
GetFocus
GetSystemMetrics
ShowWindow
SetTimer
ClientToScreen
ScreenToClient
GetCursorPos
DestroyWindow
DefWindowProcA
GetDlgItemTextA
InvalidateRgn
IsWindowEnabled
SetDlgItemTextA
CheckDlgButton
MessageBoxA
EnableWindow
IsDlgButtonChecked
SendMessageA
PostMessageA
RegisterWindowMessageA
CheckRadioButton
SetFocus
EndDialog
DialogBoxParamA

gdi32

CreateSolidBrush
CreateCompatibleDC
DeleteObject
GetTextMetricsA
ExtTextOutA
GetTextExtentPoint32A
SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
GetObjectA
SetBkColor
GetStockObject

comdlg32

GetSaveFileNameA
GetOpenFileNameA
FindTextA
ChooseColorA
ChooseFontA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteKeyA
RegQueryValueExA
RegDeleteValueA
RegOpenKeyA
GetTokenInformation
LookupAccountSidA
RegCreateKeyA
RegSetValueExA
RegCloseKey
OpenProcessToken

shell32

SHGetFileInfoA
ShellExecuteA
ShellExecuteExA

comctl32

CreateToolbarEx
ord17

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 308KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HA_Regmon7.02_yfy/下载说明.htm
.html .js polyglot
HA_Regmon7.02_yfy/汉化说明.txt

Sharing

General

Malware Config

Signatures

Files

b84db81653a769fc727fb616940061d4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

version

Sections

.text Size: 68KB - Virtual size: 65KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 12KB - Virtual size: 116KB

.rsrc Size: 308KB - Virtual size: 305KB

.text
Size: 68KB - Virtual size: 65KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 116KB

.rsrc
Size: 308KB - Virtual size: 305KB