REGDestroyer[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

REGDestroyer.exe
Size

1002KB
MD5

b663fb09c64086b69c428aadfbb13b6f
SHA1

ae5c44fa48ff696eafb370fbc3d2374bf39b79f3
SHA256

e544d79537aa48a802a88d04d758557cc9602b2ee11b41fea1cb3c560ded9d3d
SHA512

86c12cfe2a6d819b6cd97bdcbafe32b67375f2c721d6a1a16c4dc019ed7f08e8a8112ae117a0ec119d48a62ac61927ea802716a4f34d3b01455f576e601a07b3
SSDEEP

12288:V1KK5m1BKEz2ngRzbeBQKwWxvxpw0JperH7msqLlhemhxcAe0tkVOdiRU/:F5WJOxvxpw0JperH7gLmulJtkYdiU/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
REGDestroyer.exe

Files

REGDestroyer.exe
.exe windows:4 windows x86 arch:x86

9ee0b0178fca3549281d12be8c4d1e61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

CreateFontA
CreateSolidBrush

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-private-l1-1-0

memcpy

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
__p__acmdln
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_initialize_narrow_environment
_set_app_type
_initialize_wide_environment
_initterm
_set_invalid_parameter_handler
abort
exit
signal

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
fwrite

api-ms-win-crt-string-l1-1-0

memset
strlen
strncmp

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset

api-ms-win-crt-utility-l1-1-0

rand

user32

CreateWindowExA
DefWindowProcA
DispatchMessageA
EnableWindow
GetDlgCtrlID
GetMessageA
GetSystemMetrics
LoadBitmapA
MessageBoxA
RegisterClassA
SendMessageA
SetWindowTextA
TranslateMessage

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 228B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 938KB - Virtual size: 937KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 512B - Virtual size: 175B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 512B - Virtual size: 119B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ee0b0178fca3549281d12be8c4d1e61

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

user32

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 124B

.rdata Size: 3KB - Virtual size: 3KB

/4 Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 228B

.idata Size: 3KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 48B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 938KB - Virtual size: 937KB

.reloc Size: 1024B - Virtual size: 728B

/14 Size: 512B - Virtual size: 56B

/29 Size: 3KB - Virtual size: 3KB

/41 Size: 512B - Virtual size: 175B

/55 Size: 512B - Virtual size: 160B

/67 Size: 512B - Virtual size: 56B

/80 Size: 512B - Virtual size: 119B

/91 Size: 512B - Virtual size: 372B

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 124B

.rdata
Size: 3KB - Virtual size: 3KB

/4
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 228B

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 48B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 938KB - Virtual size: 937KB

.reloc
Size: 1024B - Virtual size: 728B

/14
Size: 512B - Virtual size: 56B

/29
Size: 3KB - Virtual size: 3KB

/41
Size: 512B - Virtual size: 175B

/55
Size: 512B - Virtual size: 160B

/67
Size: 512B - Virtual size: 56B

/80
Size: 512B - Virtual size: 119B

/91
Size: 512B - Virtual size: 372B