09f8797c380399923edd04d71a2eb2aa

Sharing

Copy URL Twitter E-mail

General

Target

09f8797c380399923edd04d71a2eb2aa
Size

693KB
MD5

09f8797c380399923edd04d71a2eb2aa
SHA1

e5edc2b87c49cbd743ebb56f000818b11e0b326e
SHA256

70da5a029dfaead6dbfd819b7ba98e33c3d08cfe4cae6188d1734421620ac9eb
SHA512

7942f0aad015d9bdbb71953260a73926fa5c81d53a1337919bb3e6eca4f13650348bc9672bfb42a21f792a6e2c9fbf8f11c300f3b7f2360bd9052523b6fb486b
SSDEEP

12288:83AJmJM3kNvLZUAffaNOY0y89GkZIDPSye80vZIZtS41NuNl4ou3OYO/:83AS6kNvLiVUTy89TQaye8+evuNG93G/

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/iisfixer/IIsfixer.exe
unpack001/iisfixer/data/OO.exe
unpack001/iisfixer/data/SetACL.ocx
unpack001/iisfixer/data/com.run
unpack001/iisfixer/krnln.fnr

Files

09f8797c380399923edd04d71a2eb2aa
.rar
iisfixer/IIsfixer.exe
.exe windows:4 windows x86 arch:x86

ae0a5112fe1176f4e5f6e1bc95e4c209

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

FreeLibrary
lstrcatA
GetModuleFileNameA
ExitProcess
LoadLibraryA
GetProcAddress
lstrlenA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ecode
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
iisfixer/data/OO.exe
.exe windows:4 windows x86 arch:x86

ae0a5112fe1176f4e5f6e1bc95e4c209

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

FreeLibrary
lstrcatA
GetModuleFileNameA
ExitProcess
LoadLibraryA
GetProcAddress
lstrlenA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ecode
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
iisfixer/data/SetACL.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

10fe2f9995f183a2e9bcc6b753a047f6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

netapi32

DsGetDcNameW
NetApiBufferFree
DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

mpr

WNetOpenEnumW
WNetEnumResourceW

kernel32

GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
IsBadWritePtr
GetTimeZoneInformation
GetStringTypeA
GetStartupInfoA
GetCPInfo
GetOEMCP
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
InterlockedExchange
HeapSize
TerminateProcess
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapReAlloc
HeapFree
HeapAlloc
ExitProcess
GetCommandLineA
RtlUnwind
lstrcpyA
GetProfileIntW
GetFileTime
GetFileAttributesW
FileTimeToLocalFileTime
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFlags
WritePrivateProfileStringW
FileTimeToSystemTime
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
GlobalFindAtomW
LoadLibraryA
lstrcatW
GetVersionExA
GetUserDefaultLCID
IsDBCSLeadByte
GetModuleHandleA
lstrcmpiW
InterlockedIncrement
GlobalAddAtomW
GetCurrentThread
GetCurrentThreadId
lstrcmpW
GlobalDeleteAtom
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
LoadLibraryW
GetLocaleInfoW
InterlockedDecrement
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WideCharToMultiByte
SetLastError
GlobalFree
CopyFileW
MulDiv
lstrcpyW
lstrlenW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynW
CreateFileW
FindFirstFileW
FindNextFileW
FindClose
LoadLibraryExW
FormatMessageW
FreeLibrary
GetCurrentProcess
CloseHandle
GetLastError
LocalAlloc
LocalFree
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
GetStringTypeW

user32

CharUpperW
DestroyIcon
GetSysColorBrush
IsWindowEnabled
SetWindowTextW
RegisterWindowMessageW
WinHelpW
CreateWindowExW
GetClassInfoExW
GetClassLongW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
LoadIconW
MapWindowPoints
MessageBoxW
SetForegroundWindow
AdjustWindowRectEx
EqualRect
GetClassInfoW
GetDlgCtrlID
GetWindowLongW
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetClassNameW
SetRect
SetRectEmpty
LoadCursorW
SetCapture
GetCapture
GetClientRect
PtInRect
ReleaseCapture
GetSystemMetrics
RegisterClipboardFormatW
MoveWindow
IsChild
IsRectEmpty
IntersectRect
CreateMenu
DestroyMenu
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
CallWindowProcW
GetMenu
SetWindowPos
DestroyWindow
GetDesktopWindow
SetWindowLongW
InvalidateRect
UpdateWindow
GetWindowRect
OffsetRect
InflateRect
DefWindowProcW
GetTabbedTextExtentA
CopyRect
ShowWindow
GetDCEx
SetParent
wsprintfW
SetMenuItemBitmaps
GetFocus
GetParent
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SendMessageW
SetCursor
PostMessageW
PostQuitMessage
UnhookWindowsHookEx
UnregisterClassW
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
DrawEdge
EnableWindow
LoadBitmapW
RegisterClassW

gdi32

PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
UnrealizeObject
Rectangle
PatBlt
SetRectRgn
CreateRectRgnIndirect
GetTextMetricsW
GetTextAlign
GetTextExtentPoint32W
CombineRgn
CreateSolidBrush
CreatePen
GetStockObject
CreatePatternBrush
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
CreateRectRgn
SelectClipRgn
DeleteObject
GetObjectW
GetDeviceCaps
CopyMetaFileW
CreateDCW
CreateBitmap
LPtoDP
CreateMetaFileW
CloseMetaFile
DeleteMetaFile
DeleteDC
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetROP2
SetTextColor
SetMapMode
GetClipBox
MoveToEx
SetViewportOrgEx

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

IsValidSecurityDescriptor
RegDeleteValueW
RegSetValueExW
RegCreateKeyW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyW
RegSetValueW
GetSecurityDescriptorControl
ConvertSecurityDescriptorToStringSecurityDescriptorW
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetNamedSecurityInfoW
GetKernelObjectSecurity
GetNamedSecurityInfoW
MakeAbsoluteSD
AddAce
IsValidSid
ConvertStringSidToSidW
LookupAccountNameW
MapGenericMask
LookupAccountSidW
ConvertSidToStringSidW
RegEnumKeyExW
RegConnectRegistryW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
EqualSid
CopySid
IsValidAcl
GetAce
DeleteAce
GetAclInformation
GetLengthSid
InitializeAcl
AddAccessAllowedAce

shell32

ExtractIconW

comctl32

ord17

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

ole32

ReadClassStm
CreateStreamOnHGlobal
CoCreateInstance
CoDisconnectObject
CreateOleAdviseHolder
OleSaveToStream
CreateDataAdviseHolder
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateDataCache
StringFromGUID2
CoRevokeClassObject
StringFromCLSID
OleDuplicateData
ReleaseStgMedium
CoTaskMemAlloc
ReadFmtUserTypeStg
CoTaskMemFree
OleLoadFromStream
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterClassObject

oleaut32

OleCreateFontIndirect
OleLoadPicture
SysFreeString
VariantCopy
OleCreatePictureIndirect
VariantInit
SysAllocString
VariantChangeType
VariantClear
OleCreatePropertyFrame
LoadTypeLi
RegisterTypeLi
SysStringByteLen
SysStringLen
SysAllocStringLen
LoadRegTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 236KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iisfixer/data/com.run
.dll windows:4 windows x86 arch:x86

1e7533366a641f8159cfe207ceac1e3f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
RtlUnwind
GetCommandLineA
ExitProcess
TerminateProcess
RaiseException
HeapSize
GetACP
GetTimeZoneInformation
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileTime
GetFileSize
GetFileAttributesA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetOEMCP
GetCPInfo
FileTimeToLocalFileTime
FileTimeToSystemTime
GetProcessVersion
GetLastError
WritePrivateProfileStringA
GlobalFlags
lstrcpynA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GlobalUnlock
MulDiv
SetLastError
GetThreadLocale
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
FormatMessageA
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
FindResourceA
LoadResource
LockResource
CloseHandle
GetModuleFileNameA
GlobalLock
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GetProcAddress
GlobalAlloc
GlobalFree
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetVersionExA
LoadLibraryA
LoadLibraryExA
FreeLibrary
lstrlenW
lstrlenA
GetFileType
GetUserDefaultLCID

user32

CreateDialogIndirectParamA
EndDialog
MessageBeep
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableA
LoadStringA
GetSysColorBrush
GetDesktopWindow
PtInRect
GetClassNameA
UnregisterClassA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
CharNextA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
LoadIconA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
SetActiveWindow
AdjustWindowRectEx
CopyRect
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
wsprintfA
LoadBitmapA
IsWindow
GetClientRect
LoadCursorA
EnableWindow
SetFocus
GetSysColor
SetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
OffsetRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
UnhookWindowsHookEx
PostThreadMessageA
RegisterClipboardFormatA
MapDialogRect
SetWindowPos
IsRectEmpty
PostQuitMessage
PostMessageA
SendMessageA
SetCursor
MessageBoxA
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
PeekMessageA
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
GetMenuCheckMarkDimensions
SetWindowContextHelpId
GetWindow
CharUpperA
DestroyMenu

gdi32

GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
ExtTextOutA
Escape
DPtoLP
LPtoDP
GetMapMode
TextOutA
DeleteObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SelectObject
RestoreDC
SaveDC
DeleteDC
GetBkColor
GetTextColor
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
PatBlt
CreateCompatibleDC
BitBlt
GetObjectA
GetStockObject

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueA
RegOpenKeyA

comctl32

ord17

oledlg

ord8

ole32

OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoTaskMemAlloc
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromProgID
CreateStreamOnHGlobal
StringFromIID
CoTaskMemFree
IIDFromString
CLSIDFromString
CoCreateInstance
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

olepro32

ord252
ord253
ord250

oleaut32

LoadRegTypeLi
SysFreeString
VariantClear
VariantChangeType
VariantInit
VariantCopyInd
GetRecordInfoFromTypeInfo
SysAllocString
VariantCopy
SysAllocStringLen
VariantTimeToSystemTime
SysStringLen
SysAllocStringByteLen

Exports

Exports

InitCtl
InitCtl2

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iisfixer/krnln.fnr
.dll windows:4 windows x86 arch:x86

1b0da3e29e53b02ba3878395bf7338f6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundA
midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader

kernel32

CreateMutexA
ReleaseMutex
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
TerminateProcess
ExitThread
HeapSize
GetACP
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
SuspendThread
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetEnvironmentVariableW
SetEnvironmentVariableA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetStdHandle
SetThreadPriority
ResumeThread
GetCurrentThread
lstrcmpA
FormatMessageA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileTime
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetVersion
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpynA
SetLastError
SetCommTimeouts
SetCommMask
GetCommState
SetCommState
WriteFile
ReadFile
PurgeComm
WaitCommEvent
ClearCommError
GetLastError
WaitForMultipleObjects
GetOverlappedResult
GetCommModemStatus
SetEvent
GetProfileStringA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetComputerNameA
EscapeCommFunction
CreateEventA
ResetEvent
OutputDebugStringA
ExpandEnvironmentStringsA
GlobalAlloc
GetTempPathA
SetFileAttributesA
GetFileAttributesA
MoveFileA
CopyFileA
CreateDirectoryA
SetVolumeLabelA
GetDiskFreeSpaceA
SetLocalTime
GetCommandLineA
CreateProcessA
SetCurrentDirectoryA
GetCurrentThreadId
GetModuleHandleA
GlobalSize
GlobalLock
GlobalFree
lstrcatA
WinExec
lstrcpyA
GetCurrentDirectoryA
GetLogicalDriveStringsA
GetDriveTypeA
GetVolumeInformationA
GlobalUnlock
GlobalReAlloc
HeapFree
HeapReAlloc
ExitProcess
HeapAlloc
WaitForSingleObject
GetProcessHeap
FindResourceA
LoadResource
LockResource
CreateThread
DeleteFileA
RemoveDirectoryA
FindFirstFileA
FindNextFileA
FindClose
GetModuleFileNameA
Sleep
MulDiv
OpenFile
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileA
CloseHandle
DeviceIoControl
GetVersionExA
GetFullPathNameA
lstrlenW
lstrlenA
GetUserDefaultLCID
GetTickCount
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
HeapDestroy

user32

LoadStringA
UnregisterClassA
GetDesktopWindow
GetClassNameA
CharUpperA
EndDialog
CreateDialogIndirectParamA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
GetNextDlgTabItem
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
GetScrollPos
GetClassInfoA
RegisterClassA
GetMenuItemCount
GetMenuItemID
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
RegisterWindowMessageA
GetWindowPlacement
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
CopyAcceleratorTableA
IsZoomed
GetSystemMenu
DeleteMenu
WindowFromPoint
LoadIconA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
GetMessageA
SetRectEmpty
RegisterClipboardFormatA
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
SetCursor
InvertRect
TrackPopupMenu
SetForegroundWindow
ValidateRect
LockWindowUpdate
MessageBeep
IsClipboardFormatAvailable
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
WaitForInputIdle
SetCursorPos
SetMenu
SetFocus
PeekMessageA
IsIconic
SetActiveWindow
DestroyMenu
SetWindowPos
GetActiveWindow
GetTopWindow
GetWindow
DestroyAcceleratorTable
DestroyCursor
SetWindowRgn
ScreenToClient
ChildWindowFromPointEx
PostMessageA
WinHelpA
KillTimer
SetTimer
GetScrollRange
SetScrollRange
SetScrollPos
SetParent
IsWindowVisible
GetWindowLongA
SetWindowLongA
TranslateMessage
DispatchMessageA
UpdateWindow
GetDC
ReleaseDC
LoadImageA
MessageBoxA
LoadBitmapA
GetKeyState
DestroyIcon
IsChild
IsRectEmpty
GetFocus
IntersectRect
EqualRect
GetMenu
GetSubMenu
EnableMenuItem
PostQuitMessage
GetSysColorBrush
AdjustWindowRect
LoadCursorA
GetCapture
ClientToScreen
wsprintfA
GetDlgCtrlID
InvalidateRect
ReleaseCapture
GetMessagePos
PtInRect
GetClientRect
GetCursorPos
SetCapture
SystemParametersInfoA
EnableWindow
SetRect
IsWindow
RedrawWindow
CopyRect
FillRect
GetSystemMetrics
DrawFrameControl
DrawEdge
InflateRect
OffsetRect
DrawFocusRect
GetWindowRect
GetParent
SendMessageA
GetSysColor
ScrollDC

gdi32

CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetClipBox
SetTextColor
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExcludeClipRect
MoveToEx
LineTo
GetBkMode
GetSystemPaletteEntries
ExtSelectClipRgn
GetViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextMetricsA
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
StartPage
EndPage
DPtoLP
CreateBrushIndirect
CreateHatchBrush
CreatePatternBrush
Ellipse
RoundRect
FillRgn
GetCurrentObject
CombineRgn
CreateRectRgn
GetClipRgn
CreatePolygonRgn
SelectPalette
GetDIBits
CreateDIBSection
ExtCreateRegion
CreateRectRgnIndirect
CreateDCA
StartDocA
GetPixel
SetPixelV
LPtoDP
GetObjectA
GetDeviceCaps
RealizePalette
CreatePen
GetTextExtentPoint32A
CreateFontIndirectA
CreatePalette
Pie
Chord
Arc
Polygon
EndDoc
Rectangle
SelectClipRgn
CreateDIBitmap
CreateCompatibleBitmap
CreateBitmap
SetBkColor
SelectObject
SetStretchBltMode
StretchBlt
DeleteDC
DeleteObject
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
PatBlt
CreateCompatibleDC
BitBlt
CreateSolidBrush
GetStockObject
GetTextColor

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseFontA
PrintDlgA
CommDlgExtendedError
ChooseColorA

winspool.drv

SetFormA
AddFormA
ClosePrinter
DocumentPropertiesA
OpenPrinterA
EnumFormsA
GetFormA
DeleteFormA

advapi32

RegQueryValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

shell32

Shell_NotifyIconA
ShellExecuteA

comctl32

ord17
ImageList_Destroy
ImageList_LoadImageA

ole32

OleRun
CoCreateInstance
CreateStreamOnHGlobal
CLSIDFromString
OleUninitialize
OleInitialize
CLSIDFromProgID

olepro32

ord252
ord253

oleaut32

VarDateFromStr
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantCopy
UnRegisterTypeLi
SysAllocString
VariantCopyInd
VariantInit
VariantChangeType
VariantClear
GetActiveObject
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi

ws2_32

closesocket
WSAAsyncSelect
htons
bind
htonl
socket
setsockopt
sendto
recvfrom
select
gethostbyname
inet_ntoa
inet_addr
gethostbyaddr
gethostname
WSACleanup
WSAStartup
send
ioctlsocket
connect
recv
listen
getpeername
accept

Exports

Exports

GetNewInf
GetNewSock

Sections

.text
Size: 772KB - Virtual size: 769KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iisfixer/绿色软件站.txt
iisfixer/绿色软件站.url
.url

Sharing

General

Malware Config

Signatures

Files

ae0a5112fe1176f4e5f6e1bc95e4c209

Headers

File Characteristics

Imports

user32

kernel32

advapi32

Sections

.text Size: 1024B - Virtual size: 556B

.rdata Size: 512B - Virtual size: 404B

.ecode Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

ae0a5112fe1176f4e5f6e1bc95e4c209

Headers

File Characteristics

Imports

user32

kernel32

advapi32

Sections

.text Size: 1024B - Virtual size: 556B

.rdata Size: 512B - Virtual size: 404B

.ecode Size: 16KB - Virtual size: 16KB

.rsrc Size: 1KB - Virtual size: 1KB

10fe2f9995f183a2e9bcc6b753a047f6

Headers

File Characteristics

Imports

netapi32

mpr

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 236KB - Virtual size: 234KB

.rdata Size: 64KB - Virtual size: 61KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 24KB - Virtual size: 21KB

.reloc Size: 28KB - Virtual size: 26KB

1e7533366a641f8159cfe207ceac1e3f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

oledlg

ole32

olepro32

oleaut32

Exports

Exports

Sections

.text Size: 172KB - Virtual size: 171KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 24KB - Virtual size: 59KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 24KB - Virtual size: 20KB

1b0da3e29e53b02ba3878395bf7338f6

Headers

File Characteristics

.text
Size: 1024B - Virtual size: 556B

.rdata
Size: 512B - Virtual size: 404B

.ecode
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 1024B - Virtual size: 556B

.rdata
Size: 512B - Virtual size: 404B

.ecode
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 236KB - Virtual size: 234KB

.rdata
Size: 64KB - Virtual size: 61KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 24KB - Virtual size: 21KB

.reloc
Size: 28KB - Virtual size: 26KB

.text
Size: 172KB - Virtual size: 171KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 24KB - Virtual size: 59KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 24KB - Virtual size: 20KB

.text
Size: 772KB - Virtual size: 769KB

.rdata
Size: 108KB - Virtual size: 106KB

.data
Size: 68KB - Virtual size: 130KB

.rsrc
Size: 60KB - Virtual size: 57KB

.reloc
Size: 68KB - Virtual size: 66KB