RegScanner[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

RegScanner.exe
Size

151KB
MD5

93554351c3f94178711fdf5f2ecfb20d
SHA1

f4107efcab86aff6d88d7e3916e37130fd0950c4
SHA256

544e5be03c0722bd98df17ef795967e94bbeb4aa14ae981fa1537fccef0649a9
SHA512

5a6420f9a79fefe8856b16f66c73d15b34fecbbca0ca3defa94741f8def69bef5e503c3a68379ed26482939d004429c01e4eb36d3e7ae33ca1a73ce1f08d6f0c
SSDEEP

3072:lG5Y43rsXhmkByYCOsTmK1CoE4EmGigQ0k/vnALuczttJi9ConN7UqJqPf:S3QvBJffwA4EmIpk4ucz/ye

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RegScanner.exe

Files

RegScanner.exe
.exe windows:4 windows x64 arch:x64

97968c1907381cff0ccc74bab3b848c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\RegScanner\x64\Release\RegScanner.pdb

Imports

msvcrt

__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_initterm
__C_specific_handler
_onexit
__dllonexit
??_U@YAPEAX_K@Z
??_V@YAXPEAX@Z
__setusermatherr
_commode
_fmode
__set_app_type
_XcptFilter
calloc
isdigit
strncmp
_strlwr
_purecall
_itoa
_strnicmp
_ultoa
_memicmp
_mbctoupper
strcmp
strrchr
malloc
strtol
free
_snprintf
atoi
strtoul
_strcmpi
strchr
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memmove
memcmp
_mbsicmp
_stricmp
memcpy
_mbschr
strlen
strcpy
memset
strncat
sprintf
strcat

comctl32

ImageList_SetImageCount
ImageList_AddMasked
ord6
CreateToolbarEx
ImageList_Create
ord17
ImageList_ReplaceIcon

kernel32

CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentThreadId
Sleep
SetEnvironmentVariableA
GetStartupInfoA
GetLastError
FreeLibrary
GetProcAddress
GetLocalTime
GetTickCount
GetSystemTimeAsFileTime
MultiByteToWideChar
GetDriveTypeA
CloseHandle
SystemTimeToFileTime
CompareFileTime
FileTimeToSystemTime
LoadLibraryA
lstrlenA
GetModuleFileNameA
lstrcpyA
GetNumberFormatA
GetLocaleInfoA
GetModuleHandleA
FormatMessageA
LoadLibraryExA
GetWindowsDirectoryA
GetTempFileNameA
ReadFile
GetDateFormatA
GetSystemDirectoryA
WriteFile
SystemTimeToTzSpecificLocalTime
GlobalAlloc
GlobalLock
CreateFileA
GetVersionExA
WideCharToMultiByte
GetFileSize
GlobalUnlock
GetTimeFormatA
FileTimeToLocalFileTime
GetTempPathA
LocalFree
SetFilePointer
GetFileAttributesA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
EnumResourceNamesA
OpenProcess
CreateProcessA
GetModuleFileNameW
GetCurrentDirectoryA
ExpandEnvironmentStringsA
GetSystemTime
DeleteFileA
ExitProcess
GetCurrentProcess
ReadProcessMemory
GetCurrentProcessId
RaiseException

user32

ChildWindowFromPoint
ReleaseDC
GetDC
GetSysColorBrush
LoadCursorA
ShowWindow
SetCursor
GetWindow
GetClientRect
SetDlgItemTextA
DrawFrameControl
GetDlgItemTextA
SetWindowTextA
GetSystemMetrics
DeferWindowPos
SendDlgItemMessageA
GetWindowRect
GetDlgItemInt
EndDialog
GetDlgItem
CreateWindowExA
EndPaint
InvalidateRect
SetDlgItemInt
BeginPaint
RegisterClassA
UpdateWindow
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
DispatchMessageA
LoadIconA
TranslateMessage
LoadImageA
PeekMessageA
GetWindowLongA
SetWindowLongA
SetFocus
GetMenuStringA
GetCursorPos
SetClipboardData
EnableWindow
MapWindowPoints
GetSysColor
InsertMenuItemA
GetMenu
OpenClipboard
GetParent
MoveWindow
EmptyClipboard
EnableMenuItem
GetClassNameA
CheckMenuItem
GetSubMenu
CloseClipboard
GetMenuItemCount
EnumChildWindows
DestroyWindow
GetMenuItemInfoA
GetWindowTextA
LoadMenuA
ModifyMenuA
LoadStringA
DialogBoxParamA
GetDlgCtrlID
DestroyMenu
CreateDialogParamA
IsDialogMessageA
EndDeferWindowPos
TrackPopupMenu
PostQuitMessage
GetMessageA
RegisterWindowMessageA
GetFocus
BeginDeferWindowPos
DeleteMenu
GetWindowThreadProcessId
EnumWindows
AttachThreadInput
SetForegroundWindow
GetClipboardData

gdi32

GetStockObject
GetTextExtentPoint32A
SetBkColor
CreateFontIndirectA
SetBkMode
DeleteObject
SetTextColor
GetDeviceCaps

comdlg32

FindTextA
GetSaveFileNameA
GetOpenFileNameA
ChooseFontA

advapi32

ControlService
ChangeServiceConfigA
OpenServiceA
OpenSCManagerA
CloseServiceHandle
RegEnumValueA
RegQueryValueExA
RegCreateKeyA
RegQueryValueExW
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegDeleteKeyA
QueryServiceStatus
RegCloseKey
RegGetKeySecurity
RegConnectRegistryA
StartServiceA

shell32

ShellExecuteA
ShellExecuteExA

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97968c1907381cff0ccc74bab3b848c1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 108KB - Virtual size: 108KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 1024B - Virtual size: 4KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 19KB - Virtual size: 18KB

.text
Size: 108KB - Virtual size: 108KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 1024B - Virtual size: 4KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 19KB - Virtual size: 18KB