8c46b5dec5533d360158e1318d3fce43

Sharing

Copy URL Twitter E-mail

General

Target

8c46b5dec5533d360158e1318d3fce43
Size

2.4MB
MD5

8c46b5dec5533d360158e1318d3fce43
SHA1

3166d06a290dca7e5fad5ca7548058cceb45b99f
SHA256

e12f35a8525f21f39e70fad697d0672bd2c1881462bce480f12178bd97ec55e8
SHA512

7d54aa1789cee39a4219f6d6dc6e8feab9b570df93b7f02b5720cebe8ae3deb5b9f4ed195524ebeaa82c12a73476bc3d05c3e06b14fadd36b00c5bfed12bf3ee
SSDEEP

49152:xg0w1K8gAmOA+Bn1spA71zCiec7QgW8P3M:xgAUmORn1spAxCpilM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RegistryDoktor.exe

Files

8c46b5dec5533d360158e1318d3fce43
.rar
RegistryDoktor.exe
.exe windows:4 windows x86 arch:x86

178d8c66546815147b96d54ab163b7ed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Ger2\Bin\release\RegistryDoktor.pdb

Imports

kernel32

GetCurrentDirectoryA
HeapSize
RtlUnwind
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
ExitProcess
GetCommandLineA
GetStartupInfoA
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
Sleep
GetACP
GetStringTypeA
GetStringTypeW
LCMapStringA
WritePrivateProfileStringA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetDriveTypeA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetFileTime
GetFileAttributesA
SetErrorMode
GetOEMCP
GetCPInfo
GlobalFlags
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetThreadLocale
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
GetCurrentProcessId
InterlockedDecrement
GetModuleFileNameW
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
lstrcmpW
FreeResource
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
GetModuleFileNameA
GetCurrentProcess
CloseHandle
GetVersionExA
ExpandEnvironmentStringsA
DeleteFileA
GetExitCodeProcess
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetProcAddress
GetModuleHandleA
LoadLibraryA
MulDiv
FindResourceA
LoadResource
LockResource
SizeofResource
lstrlenA
CompareStringW
CompareStringA
lstrlenW
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
InterlockedExchange

user32

GetCursorPos
ValidateRect
PostQuitMessage
GetWindowThreadProcessId
MoveWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
PeekMessageA
MapWindowPoints
ScrollWindow
SetScrollPos
IsWindowVisible
GetMenu
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
SetScrollInfo
GetDlgCtrlID
CallWindowProcA
SetWindowPos
IsIconic
GetWindowPlacement
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
IsWindow
GetDlgItem
IsWindowEnabled
EndDialog
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
DrawIcon
GetSysColorBrush
SystemParametersInfoA
GetWindowDC
RedrawWindow
SetRect
LoadIconA
GetMessageA
DispatchMessageA
TranslateMessage
RegisterClassExA
CreateWindowExA
ShowWindow
UpdateWindow
DefWindowProcA
DestroyWindow
UnregisterClassA
BeginPaint
EndPaint
MessageBoxA
GetSystemMetrics
FillRect
InflateRect
ReleaseCapture
GetWindowInfo
DestroyMenu
SetForegroundWindow
SetCapture
DrawTextA
ReleaseDC
GetDC
GetWindowLongA
SetWindowLongA
GetKeyState
GetNextDlgTabItem
SendMessageA
LoadImageA
GetWindowRect
SetWindowRgn
PostMessageA
GetSysColor
LoadCursorA
GetMessagePos
SetCursor
LoadBitmapA
GetParent
KillTimer
SetTimer
InvalidateRect
ScreenToClient
GetClientRect
CopyRect
PtInRect
CharUpperA
EnableWindow

gdi32

ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SetViewportExtEx
DPtoLP
GetClipBox
SetMapMode
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetObjectA
GetDIBits
CreateFontIndirectA
SetPixelV
CreateDCA
GetDeviceCaps
CreateSolidBrush
CreateBitmap
SetBkColor
SaveDC
SetBkMode
SetTextColor
RestoreDC
GetTextExtentPoint32A
SelectObject
DeleteDC
DeleteObject
CreateFontA
GetStockObject
GetPixel
BitBlt
CombineRgn
CreateRectRgn
CreateCompatibleBitmap
CreateCompatibleDC

msimg32

TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

GetTokenInformation
RegSetValueExA
RegQueryValueA
RegQueryValueExA
RegOpenKeyA
OpenProcessToken
RegDeleteValueA
RegEnumKeyA
RegDeleteKeyA
RegEnumValueA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

shell32

SHBrowseForFolderA
ShellExecuteExA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA

comctl32

_TrackMouseEvent
ImageList_Create

shlwapi

PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathFindFileNameA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocStringLen
VariantChangeType

ws2_32

WSACreateEvent
WSASetEvent
WSAEventSelect
WSARecv
WSAResetEvent
WSASend
WSAGetOverlappedResult
WSAStartup
WSAGetLastError
WSAEnumNetworkEvents
WSACloseEvent
getaddrinfo
freeaddrinfo
WSACleanup
closesocket
WSASocketA
WSAConnect

Sections

.text
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12.4MB - Virtual size: 12.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

178d8c66546815147b96d54ab163b7ed

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

ws2_32

Sections

.text Size: 360KB - Virtual size: 359KB

.rdata Size: 200KB - Virtual size: 199KB

.data Size: 16KB - Virtual size: 27KB

.rsrc Size: 12.4MB - Virtual size: 12.4MB

.text
Size: 360KB - Virtual size: 359KB

.rdata
Size: 200KB - Virtual size: 199KB

.data
Size: 16KB - Virtual size: 27KB

.rsrc
Size: 12.4MB - Virtual size: 12.4MB