pikabot_unpack[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

pikabot_unpack.dll
Size

840KB
MD5

5136d5a4242e220ec1111719bbeda528
SHA1

62f72ce2f5e69630c518861ccf747a3c14d6a27f
SHA256

5384e7de6b8d95a7df1d841b7a6a77e3f9418fcda9851e2b120a10019222047c
SHA512

428cc36c48b1d7a0cb8026a1c1f4540556e2d289dbbb96546ebbbe0ace53a48d9eaee929f77a78756f6e497e688da37d2798b1dd71d824ce70d04bf3694410e9
SSDEEP

24576:hS3sU7vy4scPRr8eYq5Jyb8J1uN0APDcJkdV4K:hysUe4skrYq6wJ1uiAQJIV4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pikabot_unpack.dll

Files

pikabot_unpack.dll
.dll windows:6 windows x86 arch:x86

4861a945a5f1fd36416a6562ca477bd3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

crypt32

CryptProtectData
CryptUnprotectData
CertOpenStore
CertFindCertificateInStore
CertFreeCertificateChain
CertCloseStore
CryptQueryObject
CertEnumCertificatesInStore
CertFindExtension
CertCreateCertificateChainEngine
CryptBinaryToStringA
CertFreeCertificateChainEngine
CryptStringToBinaryA
CertFreeCertificateContext
CertGetCertificateChain
CertAddEncodedCertificateToStore
CryptDecodeObjectEx
CertDeleteCertificateFromStore
PFXImportCertStore
CertCreateCertificateContext
CertGetNameStringA
CertAddCertificateContextToStore

advapi32

QueryServiceStatus
LookupPrivilegeValueW
SetSecurityDescriptorDacl
AdjustTokenPrivileges
CryptAcquireContextA
RevertToSelf
RegNotifyChangeKeyValue
GetSecurityDescriptorDacl
RegCloseKey
RegDeleteKeyExW
RegEnumKeyW
RegOpenCurrentUser
CryptAcquireContextW
RegQueryInfoKeyW
AccessCheck
GetAce
EqualSid
CloseServiceHandle
RegQueryValueExA
CryptGenRandom
OpenSCManagerW
RegDeleteKeyW
AllocateAndInitializeSid
GetSecurityDescriptorGroup
RegCreateKeyExW
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
GetTokenInformation
CryptReleaseContext
LookupAccountNameW
RegEnumKeyExA
RegQueryValueExW
RegEnumValueW
RegOpenKeyW
QueryServiceStatusEx
LookupAccountSidW
OpenThreadToken
AddAccessAllowedAce
DuplicateTokenEx
GetUserNameW
CryptGetHashParam
GetLengthSid
EnumServicesStatusW
OpenServiceW
RegDeleteValueW
QueryServiceConfigW
DuplicateToken
CreateProcessAsUserW
RegGetValueW
RegOpenKeyExW
InitializeAcl
RegOpenKeyExA
InitializeSecurityDescriptor
CheckTokenMembership
GetFileSecurityW
StartServiceW
FreeSid
OpenProcessToken
CryptDestroyHash
RegSetValueExW
IsValidSid
ImpersonateLoggedOnUser
CryptHashData
ImpersonateSelf
CryptCreateHash
RegEnumKeyExW

rpcrt4

RpcServerListen
RpcMgmtStopServerListening
UuidCreate
RpcAsyncInitializeHandle
RpcSsDestroyClientContext
UuidFromStringW
RpcStringFreeA
RpcServerUseProtseqEpW
I_RpcBindingInqLocalClientPID
RpcBindingFromStringBindingA
RpcAsyncCancelCall
RpcStringBindingParseW
RpcStringFreeW
RpcAsyncCompleteCall
RpcServerRegisterIf2
RpcStringBindingComposeW
RpcServerUnregisterIf
RpcBindingFromStringBindingW
UuidToStringW
RpcStringBindingComposeA
RpcBindingFree
RpcBindingSetAuthInfoExA

ws2_32

getsockname
send
socket
ntohs
connect
getservbyname
gethostname
recvfrom
recv
getsockopt
htonl
getpeername
sendto
ioctlsocket
setsockopt
WSAGetLastError
ntohl
select
closesocket
bind
__WSAFDIsSet
WSACleanup
WSAStartup
WSASetLastError
shutdown
htons

mpr

WNetGetConnectionW

winmm

timeKillEvent
timeSetEvent

bcrypt

BCryptFinalizeKeyPair
BCryptGenerateKeyPair
BCryptOpenAlgorithmProvider
BCryptExportKey
BCryptDeriveKey
BCryptDestroyKey
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptSecretAgreement
BCryptSetProperty
BCryptImportKeyPair
BCryptDestroySecret
BCryptCloseAlgorithmProvider

ntdll

VerSetConditionMask

kernel32

GetTickCount
WaitNamedPipeW
SetDllDirectoryW
GetProcessHandleCount
CreateIoCompletionPort
InitializeSListHead
MulDiv
LocalUnlock
VirtualQuery
GetProcessTimes
GetDriveTypeW
OpenThread
LoadLibraryExW
IsDebuggerPresent
ConnectNamedPipe
ResetEvent
GetDateFormatW
GetOEMCP
lstrlenA
GetLargePageMinimum
GetExitCodeProcess
FlushFileBuffers
SetUnhandledExceptionFilter
CreateTimerQueue
AreFileApisANSI
CreateDirectoryW
GetStartupInfoW
GetCPInfoExW
ReadFile
GetModuleFileNameA
OpenEventA
SizeofResource
QueryDosDeviceW
TryEnterCriticalSection
RemoveVectoredExceptionHandler
GetVolumeInformationW
GetLogicalDrives
CancelIo
GetFileInformationByHandleEx
SetThreadLocale
CompareFileTime
InitOnceBeginInitialize
FindFirstFileW
GetFileSizeEx
InitOnceExecuteOnce
SetHandleInformation
CreateTimerQueueTimer
WritePrivateProfileStringW
FindFirstFileExW
SetWaitableTimer
CompareStringW
TlsSetValue
FindFirstVolumeW
GetSystemDefaultLCID
VirtualProtect
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
VirtualFree
GetCommandLineW
GetFullPathNameW
FindNextFileW
GetLongPathNameW
GetCurrentProcess
CreateWaitableTimerW
ReleaseSemaphore
WriteFile
RegisterWaitForSingleObject
GetModuleHandleExW
ExpandEnvironmentStringsW
GetSystemDefaultUILanguage
UnregisterWait
GetShortPathNameW
OutputDebugStringA
GetStringTypeExW
DeviceIoControl
VirtualAlloc
TerminateProcess
RemoveDirectoryW
GetFinalPathNameByHandleW
GetProcessIdOfThread
LoadLibraryExA
GetUserDefaultLangID
GetModuleFileNameW
CreateNamedPipeW
GetSystemTimes
WaitForMultipleObjects
InitializeProcThreadAttributeList
GetThreadLocale
SetEnvironmentVariableW
SetProcessShutdownParameters
GetGeoInfoW
GetLocaleInfoEx
GetUserDefaultLocaleName
GetProcessId
DeleteTimerQueueEx
GetUserDefaultUILanguage
SetThreadPriority
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CreatePipe
InitializeCriticalSection
ExpandEnvironmentStringsA
SetErrorMode
SetFilePointer
GetFullPathNameA
GetQueuedCompletionStatus
GetEnvironmentVariableW
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
InitializeCriticalSectionEx
WaitForMultipleObjectsEx
GetEnvironmentVariableA
FindClose
GetLocaleInfoW
GetVolumePathNameW
WaitForSingleObject
LocalAlloc
CreateFileW
GetFileAttributesW
GetCurrentThreadId
OpenEventW
GetVersionExW
QueryThreadCycleTime
ReleaseMutex
GetSystemDirectoryW
GetComputerNameExW
GlobalDeleteAtom
ResumeThread
UnmapViewOfFile
DuplicateHandle
GetModuleHandleA
DisconnectNamedPipe
GlobalAddAtomW
OpenProcess
HeapSize
SetFileAttributesW
GetLogicalDriveStringsW
CreateEventW
MultiByteToWideChar
GetExitCodeThread
ProcessIdToSessionId
GetPrivateProfileStringW
Sleep
GetFileInformationByHandle
FormatMessageW
GetTimeZoneInformation
LocalFileTimeToFileTime
GetTickCount64
GetLastError
UpdateProcThreadAttribute
GetFileAttributesExW
ReleaseSRWLockExclusive
OutputDebugStringW
MoveFileExA
CreateFileA
GetUserDefaultLCID
SetEvent
FileTimeToSystemTime
GetDiskFreeSpaceExW
GetCurrentThread
InitOnceComplete
AcquireSRWLockExclusive
GetSystemDirectoryA
TerminateThread
LoadLibraryA
WaitForSingleObjectEx
TlsAlloc
GetVersionExA
LockResource
QueryPerformanceFrequency
GetThreadPriority
DeleteFileW
OpenSemaphoreW
HeapReAlloc
CloseHandle
ReleaseSRWLockShared
GetNativeSystemInfo
GetNumberFormatW
RaiseException
GetSystemInfo
LoadLibraryW
CreateThread
FindResourceExW
QueryPerformanceCounter
GetWindowsDirectoryA
LoadResource
FindResourceW
HeapAlloc
FileTimeToLocalFileTime
GetLocalTime
GetUserGeoID
GetCurrentDirectoryW
CreateWaitableTimerA
AddVectoredExceptionHandler
HeapDestroy
UnlockFile
GetWindowsDirectoryW
GetPriorityClass
GetProcAddress
SetFilePointerEx
CreateMutexExW
UnregisterWaitEx
LocalFree
GetTimeFormatW
MoveFileExW
GetThreadId
LockFileEx
AcquireSRWLockShared
IsProcessorFeaturePresent
WTSGetActiveConsoleSessionId
GetFileSize
DeleteCriticalSection
ExitProcess
LCMapStringW
ReadProcessMemory
GetComputerNameW
FindVolumeClose
GetCurrentProcessId
UnhandledExceptionFilter
GetProcessHeap
SystemTimeToFileTime
GlobalMemoryStatusEx
CreateProcessW
GetModuleHandleW
FreeLibrary
CreateSemaphoreW
CopyFileW
FlushInstructionCache
WideCharToMultiByte
GetVolumePathNamesForVolumeNameW
SleepEx
VerifyVersionInfoW
TlsGetValue
GetThreadTimes
SystemTimeToTzSpecificLocalTime
QueryFullProcessImageNameW
GetTempFileNameW
GetSystemTimeAsFileTime
GetFileType
DeleteTimerQueueTimer
TlsFree
GetSystemTime
FormatMessageA
IsBadReadPtr
DebugBreak
SetProcessWorkingSetSize
CreateFileMappingW
CreateEventA
MapViewOfFile
FindNextVolumeW
CheckRemoteDebuggerPresent

user32

ReleaseCapture
DrawFrameControl
UpdateWindow
PtInRect
RegisterWindowMessageW
GetParent
GetProcessWindowStation
OpenDesktopW
GetClassInfoExW
SystemParametersInfoW
EnableMenuItem
SetScrollPos
GetDesktopWindow
PostQuitMessage
KillTimer
DrawIconEx
SetRect
DrawTextW
ActivateKeyboardLayout
GetDlgItem
GetClientRect
CheckMenuItem
SetWindowLongW
SetScrollRange
SwitchDesktop
wsprintfW
GetUserObjectInformationW
SetCursor
SetClipboardData
InsertMenuW
GetWindowDC
SetParent
GetClassNameW
IsGUIThread
LoadCursorW
EnumDesktopWindows
FindWindowW
LoadIconW
TranslateMessage
SetPropW
OpenInputDesktop
SendNotifyMessageW
SetFocus
DrawTextExW
DestroyMenu
LoadBitmapW
EnumWindows
MoveWindow
IsWindowEnabled
GetForegroundWindow
GetSysColor
SendDlgItemMessageW
SetMenuDefaultItem
CreateDesktopW
SetWindowDisplayAffinity
GetKeyboardLayout
TrackMouseEvent
DrawStateW
SetWindowPlacement
MapWindowPoints
RegisterClassW
GetKeyboardLayoutList
PeekMessageW
ExitWindowsEx
CloseClipboard
ClientToScreen
GetDlgCtrlID
GetKeyboardLayoutNameW
SetForegroundWindow
GetMonitorInfoW
IsHungAppWindow
DestroyIcon
RedrawWindow
SetTimer
DispatchMessageW
GetCapture
OffsetRect
OpenClipboard
CloseDesktop
InSendMessage
GetAsyncKeyState
IsWindow
ShowWindow
GetSubMenu
LoadStringW
GetThreadDesktop
TrackPopupMenu
SetThreadDesktop
DrawIcon
GetWindowPlacement
GetScrollPos
WindowFromPoint
RegisterClassExW
MsgWaitForMultipleObjects
NotifyWinEvent
SetWindowTextW
UnregisterClassW
GetSystemMetrics
LoadImageW
SendMessageW
ScreenToClient
DeleteMenu
UnionRect
GetIconInfo
CreateWindowExW
FillRect
SetWindowRgn
MonitorFromWindow
CopyImage
GetPropW
keybd_event
MessageBoxW
EqualRect
SetWindowPos
IsWindowVisible
GrayStringW
GetDC
InflateRect
DestroyWindow
GetFocus
SendMessageTimeoutW
GetMenuItemID
GetWindowRect
GetLastInputInfo
FindWindowExW
GetWindow
MonitorFromPoint
MapVirtualKeyW
PostMessageW
CallWindowProcW
AllowSetForegroundWindow
LoadMenuW
CharLowerW
GetKeyState
ModifyMenuW
DefWindowProcW
TabbedTextOutW
CreateDialogParamW
GetMessageW
GetWindowTextLengthW
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsZoomed
GetDialogBaseUnits
InvalidateRect
GetAncestor
IsIconic
ReleaseDC
GetCursorPos
GetGUIThreadInfo
BeginPaint
EndPaint
GetWindowRgn
SendInput
EnableWindow
GetWindowTextW
CopyRect
WaitForInputIdle

gdi32

PtVisible
SetTextAlign
Escape
CreateFontIndirectW
CreateBitmap
CreateSolidBrush
DeleteObject
Polygon
GetViewportExtEx
RoundRect
GetRgnBox
ExtTextOutW
GetObjectW
ExtCreatePen
CreatePen
BitBlt
CreateCompatibleBitmap
AddFontResourceExW
SelectObject
RemoveFontResourceW
CreateCompatibleDC
RectVisible
SetPixel
PatBlt
EnumFontFamiliesExW
StretchBlt
GetTextExtentPointW
CreateFontW
GetStockObject
GetClipBox
GetCurrentPositionEx
CreateRoundRectRgn
GetBitmapBits
GetDIBits
GetDeviceCaps
CreatePatternBrush
GetPixel
GetTextAlign
CreateRectRgn
DeleteDC
TextOutW
GetTextExtentPoint32W
SetTextColor
SetBitmapBits
SetBkMode
AddFontResourceW

msimg32

GradientFill

comdlg32

GetSaveFileNameW
GetOpenFileNameW

ole32

CoUninitialize
CLSIDFromString
OleRun
CoInitializeSecurity
CoTaskMemFree
CoInitializeEx
CoCreateGuid
CoTaskMemAlloc
CoInitialize

oleaut32

VariantClear
SysAllocStringLen
SafeArrayCreate
SysStringLen
SafeArrayLock
SysAllocString
SysFreeString
SafeArrayUnlock
LoadTypeLi
VariantInit
SafeArrayDestroy

Exports

Exports

Excpt
asw_process_storage_allocate_connector
asw_process_storage_deallocate_connector
on_avast_dll_unload
onexit_register_connector_avast_2

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 585KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4861a945a5f1fd36416a6562ca477bd3

Headers

DLL Characteristics

File Characteristics

Imports

version

crypt32

advapi32

rpcrt4

ws2_32

mpr

winmm

bcrypt

ntdll

kernel32

user32

gdi32

msimg32

comdlg32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 161KB - Virtual size: 160KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 11KB - Virtual size: 10KB

.rsrc Size: 585KB - Virtual size: 584KB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 161KB - Virtual size: 160KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 585KB - Virtual size: 584KB

.reloc
Size: 13KB - Virtual size: 12KB