RegExp[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

RegExp.exe
Size

1.7MB
MD5

968d60a0d7a93265618125331f11cef9
SHA1

055555233f9d4674e5e960b5b1e6dadfeabf3e39
SHA256

0fec65da399172f889b67c3ec320aa30cb43ac23ce87ccf1e4f93c6302315ac3
SHA512

b4987c2f7d5fc2dd33c1df188722203797d5350de4021d00e5c9f6334601d5aeb4f5f3cb7c2585ef6219d20623030e954fc626533144f2ffde164eb29ef884a6
SSDEEP

24576:3oz2PGq+n9eT6n/aSiCWchVpshSMXlgwGBHDYpMckspyG4BZqi3:3U2PGH9eTOapCNhdBHDUMcsG4BL

Score

1^/10

Malware Config

Signatures

Files

RegExp.exe
.exe windows:6 windows x64 arch:x64

5c3e68b152e8e4bacc0c188bc656f677

Code Sign

01:0f:b2:5b:4d:e7:64:43:a4:05:69:85:7a:38:4f:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2020, 00:00

Not After

06/10/2023, 12:00

Subject

CN=Pavel Yosifovich,O=Pavel Yosifovich,L=Kefar Sava,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:61:5f:0b:16:3d:5e:9b:36:65:86:91:e4:ce:d2:61:25:de:a8:18:c3:6c:68:1c:ba:f9:97:10:82:8d:9d:fb
Signer

Actual PE Digest

0c:61:5f:0b:16:3d:5e:9b:36:65:86:91:e4:ce:d2:61:25:de:a8:18:c3:6c:68:1c:ba:f9:97:10:82:8d:9d:fb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Dev\RegExp\x64\Release\RegExp.pdb

Imports

kernel32

VirtualQuery
VirtualProtect
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetFilePointerEx
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlPcToFileHeader
RtlUnwindEx
GetCurrentProcessId
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjects
GetSystemTimeAsFileTime
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
WideCharToMultiByte
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
LoadLibraryExA
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
GetPrivateProfileStructW
WritePrivateProfileStructW
WritePrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetFileAttributesW
GlobalUnlock
GlobalAlloc
GetThreadId
CreateThread
CreateEventW
SetEvent
VirtualFree
VirtualAlloc
GetCurrentThread
SetThreadPriority
LoadLibraryExW
lstrcmpiW
DecodePointer
GetComputerNameW
ExpandEnvironmentStringsW
DeleteFileW
CreateMutexW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
LoadLibraryW
FreeLibrary
GetDriveTypeW
lstrcmpW
lstrlenW
QueryDosDeviceW
GetLogicalDrives
DuplicateHandle
QueryFullProcessImageNameW
WaitForSingleObject
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LocalFree
GetWindowsDirectoryW
GetModuleFileNameW
DeviceIoControl
WriteFile
CreateFileW
GetSystemDirectoryW
CloseHandle
GetCurrentProcess
GetModuleHandleExW
FormatMessageW
QueryPerformanceCounter
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
GlobalUnfix
GlobalLock
MulDiv
SetLastError
RaiseException
FreeResource
VerSetConditionMask
VerifyVersionInfoW
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
InitializeCriticalSectionEx
GetLastError
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetCPInfo

user32

SetClipboardData
EmptyClipboard
OpenClipboard
SetMenuInfo
CloseClipboard
SetWindowPos
DrawEdge
RemoveMenu
MonitorFromPoint
TrackPopupMenuEx
GetMenuItemCount
SetRectEmpty
UpdateWindow
SetCursorPos
PtInRect
GetMessagePos
FrameRect
SetWindowsHookExW
CallNextHookEx
ValidateRect
MapWindowPoints
GetClientRect
GetParent
FillRect
SystemParametersInfoW
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindow
SetDlgItemTextW
GetWindowTextW
GetWindowTextLengthW
GetDlgItem
SendMessageW
InflateRect
IsMenu
LoadImageW
EndDialog
SetWindowLongPtrW
GetWindowLongPtrW
GetSystemMetrics
PostQuitMessage
LoadStringA
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CharNextW
GetWindowDC
GetSysColorBrush
RegisterWindowMessageW
CreatePopupMenu
InsertMenuW
CreateDialogParamW
DialogBoxParamW
AppendMenuW
DrawMenuBar
EnumThreadWindows
SetForegroundWindow
SetTimer
LockWindowUpdate
SetWindowPlacement
KillTimer
GetWindowPlacement
DeleteMenu
GetMenu
FindWindowExW
ChangeWindowMessageFilterEx
DrawTextW
SetActiveWindow
GetFocus
IsDialogMessageW
IsWindowVisible
GetMenuStringW
DestroyAcceleratorTable
TrackPopupMenu
LoadAcceleratorsW
SetWindowLongW
TranslateAcceleratorW
LoadIconW
InvalidateRect
MessageBeep
ReleaseCapture
GetCapture
RedrawWindow
ReleaseDC
GetDC
SetScrollInfo
SetCaretBlinkTime
SetCaretPos
GetKeyState
SetCapture
DestroyCaret
HideCaret
ShowCaret
CreateCaret
GetScrollInfo
GetCursorPos
GetClassNameW
SetWindowTextW
IsWindowEnabled
SetCursor
LoadStringW
MessageBoxW
GetActiveWindow
IsDlgButtonChecked
CheckDlgButton
RegisterClipboardFormatW
EnableWindow
EndPaint
BeginPaint
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetDlgCtrlID
LoadMenuW
GetSubMenu
LoadCursorW
GetClassInfoExW
RegisterClassExW
DestroyWindow
IsWindow
DestroyMenu
ClientToScreen
CopyRect
MoveWindow
SetFocus
PostMessageW
OffsetRect
ShowWindow
ScreenToClient
CreateWindowExW
GetSysColor
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuItemInfoW
CheckMenuRadioItem
UnregisterClassW
CallWindowProcW
DefWindowProcW

gdi32

PolyTextOutW
SetTextColor
SetBkColor
GetTextMetricsW
SelectObject
DeleteDC
DeleteObject
ExcludeClipRect
ExtTextOutW
TextOutW
GetDeviceCaps
DPtoLP
CreateFontIndirectW
GetObjectW
GetTextExtentPoint32W
CreateSolidBrush
Polygon
MoveToEx
LineTo
PatBlt
SetBkMode
CreateBitmap
CreatePatternBrush
CreatePen
GetTextColor
GetStockObject

comdlg32

ChooseFontW
GetOpenFileNameW
GetSaveFileNameW
ChooseColorW

advapi32

RegRenameKey
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegLoadMUIStringW
RegDeleteValueW
RegUnLoadKeyW
RegLoadKeyW
RegRestoreKeyW
RegSaveKeyExW
RegSaveKeyW
RegConnectRegistryW
RegQueryValueExW
CloseServiceHandle
QueryServiceStatus
CreateServiceW
StartServiceW
OpenServiceW
OpenSCManagerW
RegOpenKeyExW
RegCopyTreeW
RegCreateKeyExW
RegDeleteTreeW
RegCloseKey
RegSetValueExW
GetSecurityInfo
SetKernelObjectSecurity
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
OpenProcessToken

shell32

ShellExecuteW
SHGetStockIconInfo
ExtractIconW

ole32

CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoInitializeEx
CoTaskMemAlloc
ReleaseStgMedium
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

SHAutoComplete

comctl32

ImageList_DrawEx
InitCommonControlsEx
CreateStatusWindowW
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create

uxtheme

EndBufferedPaint
BufferedPaintInit
BeginBufferedPaint
SetWindowTheme
BufferedPaintUnInit

msimg32

GradientFill

ntdll

NtOpenKey
RtlInitUnicodeString
NtQueryObject
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlNtStatusToDosError
NtCreateKey
NtQuerySystemInformation

aclui

ord2

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 561KB - Virtual size: 561KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 807KB - Virtual size: 807KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c3e68b152e8e4bacc0c188bc656f677

Code Sign

01:0f:b2:5b:4d:e7:64:43:a4:05:69:85:7a:38:4f:24Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0c:61:5f:0b:16:3d:5e:9b:36:65:86:91:e4:ce:d2:61:25:de:a8:18:c3:6c:68:1c:ba:f9:97:10:82:8d:9d:fbSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

uxtheme

msimg32

ntdll

aclui

version

Sections

.text Size: 561KB - Virtual size: 561KB

.rdata Size: 285KB - Virtual size: 285KB

.data Size: 23KB - Virtual size: 31KB

.pdata Size: 24KB - Virtual size: 23KB

_RDATA Size: 512B - Virtual size: 244B

.detourc Size: 9KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 807KB - Virtual size: 807KB

.reloc Size: 5KB - Virtual size: 5KB

01:0f:b2:5b:4d:e7:64:43:a4:05:69:85:7a:38:4f:24
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0c:61:5f:0b:16:3d:5e:9b:36:65:86:91:e4:ce:d2:61:25:de:a8:18:c3:6c:68:1c:ba:f9:97:10:82:8d:9d:fb
Signer

.text
Size: 561KB - Virtual size: 561KB

.rdata
Size: 285KB - Virtual size: 285KB

.data
Size: 23KB - Virtual size: 31KB

.pdata
Size: 24KB - Virtual size: 23KB

_RDATA
Size: 512B - Virtual size: 244B

.detourc
Size: 9KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 807KB - Virtual size: 807KB

.reloc
Size: 5KB - Virtual size: 5KB