regsvr32[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

regsvr32.exe
Size

44KB
MD5

af0cdef5f6ecb9b8ebef4e480ebaaa5a
SHA1

ddde7fd394416798eb2cda8b723faa5ed2baf6cd
SHA256

02779144af756aab953f13f9e4d28ab3d01a77eb3962756d74099c06babf21b1
SHA512

cdec3249f61002a22c5f07c92504bad607c2210b6994bc7df60b88f07a23b0d0d36f1a8f158229443108cb701d7b5eccfa55ea73e8be26a38b3b88cb35ff87cf
SSDEEP

384:dTF2a4mqZ7zTKybz6ZO8zytx3O/fO+QFoQl/kP4brAuWr8LHW:FFLOzTKiuZODtx3O/mxo4/kP4b3L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
regsvr32.exe

Files

regsvr32.exe
.exe windows:10 windows x64 arch:x64

939d090d03567fad6f1ac6f2c641a4b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

regsvr32.pdb

Imports

msvcrt

wprintf
__setusermatherr
_initterm
__C_specific_handler
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcsncpy_s
strcat_s
__wargv
?terminate@@YAXXZ
exit
_fmode
swprintf_s
wcscat_s
wcscpy_s
_wsplitpath_s
__argc
_commode
memset

ntdll

RtlCaptureContext
EtwEventWriteNoRegistration
RtlWow64IsWowGuestMachineSupported
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetErrorMode
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
CreateProcessW
GetCurrentProcess
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
LoadLibraryExW
LoadLibraryExA
GetModuleHandleW
FreeLibrary
GetProcAddress

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-file-l1-1-0

SetFilePointer
CreateFileW
ReadFile

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-misc-l1-1-0

lstrcmpW
LocalAlloc
LocalFree

api-ms-win-core-wow64-l1-1-1

IsWow64Process2
GetSystemWow64Directory2W

api-ms-win-core-wow64-l1-1-0

Wow64EnableWow64FsRedirection

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

939d090d03567fad6f1ac6f2c641a4b2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-misc-l1-1-0

api-ms-win-core-wow64-l1-1-1

api-ms-win-core-wow64-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-apiquery-l1-1-0

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 396B

.didat Size: 4KB - Virtual size: 40B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 84B

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 396B

.didat
Size: 4KB - Virtual size: 40B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 84B