TotalReg[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

TotalReg.exe
Size

1.7MB
MD5

657f66dc948cc7ae32bb64cc6316d09b
SHA1

9965695bd6c6b7814971d0d97bf2dea79e43b5bd
SHA256

ad3db638738eb5433fec88ad6b3954e55f9ce3f8dcba45256d70f78b3d6dff8c
SHA512

c7884fc5fc9142f29ebe5e53f4022b42a2d00ae530144c088b6769714ec489be05ba4e551065ab1ec67a714895c91ff442325142e7aaecf05c586e074676c818
SSDEEP

24576:jgpmrM9FRj36oLUyPrE0A8+h0lhSMXlOtxTM7pMcXoT4gSRF6:jdrM9FRj3ZwyPrY8ro6Mc4T4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TotalReg.exe

Files

TotalReg.exe
.exe windows:6 windows x64 arch:x64

47608614f7825beeccb3fc51ce498473

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Dev\TotalRegistry\x64\Release\TotalReg.pdb

Imports

kernel32

GetCurrentProcess
VirtualQuery
VirtualProtect
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
CreateThread
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetFilePointerEx
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
GetStdHandle
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlPcToFileHeader
CreateEventW
GetCurrentProcessId
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
GetCPInfo
GetSystemTimeAsFileTime
GetStringTypeW
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
GetPrivateProfileStructW
WritePrivateProfileStructW
WritePrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetPrivateProfileStringW
GlobalUnlock
GlobalAlloc
GetThreadId
SetEvent
VirtualFree
VirtualAlloc
GetCurrentThread
SetThreadPriority
LoadLibraryExW
lstrcmpiW
DecodePointer
GetComputerNameW
ExpandEnvironmentStringsW
DeleteFileW
CreateMutexW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
LoadLibraryW
FreeLibrary
GetFileAttributesW
lstrcmpW
lstrlenW
ReadFile
GetFileSize
QueryDosDeviceW
GetLogicalDrives
DuplicateHandle
QueryFullProcessImageNameW
WaitForSingleObject
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LocalFree
GetWindowsDirectoryW
DeviceIoControl
WriteFile
CreateFileW
GetSystemDirectoryW
CloseHandle
GetModuleFileNameW
WideCharToMultiByte
GetModuleHandleExW
FormatMessageW
QueryPerformanceCounter
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
GlobalUnfix
GlobalLock
MulDiv
SetLastError
WaitForMultipleObjects
RaiseException
FreeResource
VerSetConditionMask
VerifyVersionInfoW
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
InitializeCriticalSectionEx
GetLastError
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
RtlUnwindEx

user32

PtInRect
GetMessagePos
InflateRect
FrameRect
SetCursorPos
RemoveMenu
SetWindowPos
UpdateWindow
GetClientRect
GetMenuItemCount
GetWindowRect
FillRect
MonitorFromWindow
SystemParametersInfoW
TrackPopupMenuEx
MonitorFromPoint
SetRectEmpty
MapWindowPoints
IsMenu
GetSystemMetrics
PostQuitMessage
LoadStringA
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CharNextW
SetMenuDefaultItem
GetParent
GetWindowLongW
SetMenuInfo
CloseClipboard
SetClipboardData
EmptyClipboard
DrawEdge
GetMonitorInfoW
OpenClipboard
DrawIconEx
SetWindowsHookExW
CallNextHookEx
GetWindow
SetDlgItemTextW
GetWindowTextW
GetWindowTextLengthW
GetDlgItem
SetMenuItemInfoW
CheckMenuRadioItem
SendMessageW
LoadImageW
EndDialog
SetWindowLongPtrW
GetWindowDC
GetSysColorBrush
RegisterWindowMessageW
CreatePopupMenu
InsertMenuW
CreateDialogParamW
DialogBoxParamW
AppendMenuW
DrawMenuBar
EnumThreadWindows
SetForegroundWindow
SetTimer
LockWindowUpdate
SetWindowPlacement
KillTimer
GetWindowPlacement
DeleteMenu
GetMenu
FindWindowExW
ChangeWindowMessageFilterEx
DrawTextW
SetActiveWindow
GetFocus
IsDialogMessageW
IsWindowVisible
GetMenuStringW
DestroyAcceleratorTable
TrackPopupMenu
LoadAcceleratorsW
SetWindowLongW
TranslateAcceleratorW
GetMenuItemInfoW
LoadIconW
InvalidateRect
MessageBeep
ReleaseCapture
GetCapture
RedrawWindow
ReleaseDC
GetDC
SetScrollInfo
SetCaretBlinkTime
SetCaretPos
GetKeyState
SetCapture
DestroyCaret
HideCaret
ShowCaret
CreateCaret
GetScrollInfo
GetCursorPos
GetClassNameW
SetWindowTextW
IsWindowEnabled
SetCursor
LoadStringW
MessageBoxW
GetActiveWindow
IsDlgButtonChecked
CheckDlgButton
RegisterClipboardFormatW
EnableWindow
EndPaint
BeginPaint
EndDeferWindowPos
DeferWindowPos
GetDlgCtrlID
BeginDeferWindowPos
LoadMenuW
GetSubMenu
LoadCursorW
GetClassInfoExW
RegisterClassExW
DestroyWindow
IsWindow
DestroyMenu
ClientToScreen
CopyRect
MoveWindow
SetFocus
PostMessageW
OffsetRect
ShowWindow
ScreenToClient
CreateWindowExW
GetSysColor
UnregisterClassW
CallWindowProcW
DefWindowProcW
GetWindowLongPtrW

gdi32

Polygon
CreatePatternBrush
CreateBitmap
CreatePen
MoveToEx
LineTo
ExcludeClipRect
CreateSolidBrush
GetTextExtentPoint32W
GetObjectW
DeleteObject
DeleteDC
SelectObject
SetBkMode
SetBkColor
SetTextColor
PolyTextOutW
GetTextMetricsW
CreateFontIndirectW
TextOutW
PatBlt
DPtoLP
ExtTextOutW
GetDeviceCaps
GetStockObject

comdlg32

ChooseFontW
GetOpenFileNameW
GetSaveFileNameW
ChooseColorW

advapi32

RegRestoreKeyW
RegSaveKeyExW
RegSaveKeyW
RegQueryValueExW
CloseServiceHandle
QueryServiceStatus
RegLoadKeyW
OpenServiceW
OpenSCManagerW
RegOpenKeyExW
RegCopyTreeW
RegCreateKeyExW
RegDeleteTreeW
RegCloseKey
GetSecurityInfo
SetKernelObjectSecurity
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
OpenProcessToken
RegConnectRegistryW
RegRenameKey
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegLoadMUIStringW
RegDeleteValueW
RegSetValueExW
RegUnLoadKeyW

shell32

SHGetStockIconInfo
ExtractIconW
ShellExecuteW

ole32

CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoInitializeEx
CoTaskMemAlloc
ReleaseStgMedium
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

SHAutoComplete
ord354

comctl32

ImageList_DrawEx
InitCommonControlsEx
CreateStatusWindowW
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create

uxtheme

EndBufferedPaint
BufferedPaintInit
BeginBufferedPaint
SetWindowTheme
BufferedPaintUnInit

msimg32

GradientFill

ntdll

NtOpenKey
RtlInitUnicodeString
NtQueryObject
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlNtStatusToDosError
NtCreateKey
NtQuerySystemInformation

aclui

ord2

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 592KB - Virtual size: 592KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 745KB - Virtual size: 744KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47608614f7825beeccb3fc51ce498473

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

uxtheme

msimg32

ntdll

aclui

version

Sections

.text Size: 592KB - Virtual size: 592KB

.rdata Size: 292KB - Virtual size: 291KB

.data Size: 27KB - Virtual size: 35KB

.pdata Size: 25KB - Virtual size: 24KB

_RDATA Size: 512B - Virtual size: 500B

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 745KB - Virtual size: 744KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 592KB - Virtual size: 592KB

.rdata
Size: 292KB - Virtual size: 291KB

.data
Size: 27KB - Virtual size: 35KB

.pdata
Size: 25KB - Virtual size: 24KB

_RDATA
Size: 512B - Virtual size: 500B

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 745KB - Virtual size: 744KB

.reloc
Size: 6KB - Virtual size: 5KB