iisreg[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

iisreg.dll
Size

107KB
MD5

7b5e4ff40965564e60d8e3e8333cf958
SHA1

803c9a71cadc19d713a25e6c8ff4676d45a0e1eb
SHA256

55c5b8689fe90e6bde69347f8fb2abbbf329b50dccd2f06d121d10f4d209844c
SHA512

d1988057340c8bb5f93dcb733cccbc0e8882ba85d3256b78b68f0d9c56617a0c3e8809351a22129a252ee347d23f14ab51f96262d75ea6143c3d32bd27e0fc94
SSDEEP

3072:BmZiwPxMzzIpH5AVOKKRb+bJafuu1/a/tBaaPVAV39bZjS:BmZiPzzIpH5AVOKKRb+bJafuu1/a/tB4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
iisreg.dll

Files

iisreg.dll
.dll windows:10 windows x64 arch:x64

24066fdc98041fba3af05ff89dcbf0f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

iisreg.pdb

Imports

msvcrt

memcpy
memset
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
wcspbrk
_wtoi
wcsnlen
sprintf_s
_wcsicmp
wcscmp

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

kernel32

HeapReAlloc
GetProcessHeap
HeapAlloc
GetLastError
GetModuleHandleW
ExpandEnvironmentStringsW
HeapFree
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
MultiByteToWideChar
DeleteCriticalSection
GetSystemWow64DirectoryW
CloseHandle
FlushFileBuffers
OutputDebugStringA
GlobalFree
SetLastError
LocalFree

advapi32

RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegDeleteKeyW
RegEnumValueW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW

user32

LoadStringA

Exports

Exports

InstallComponent
RemoveComponent

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24066fdc98041fba3af05ff89dcbf0f4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

advapi32

user32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 42KB - Virtual size: 43KB

.pdata Size: 1024B - Virtual size: 564B

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 42KB - Virtual size: 43KB

.pdata
Size: 1024B - Virtual size: 564B

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 6KB - Virtual size: 6KB