General

Malware Config

Signatures

Files

• pikabot_unpack.dll

  .dll windows:6 windows x86 arch:x86

  4861a945a5f1fd36416a6562ca477bd3

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  version

  VerQueryValueW

  GetFileVersionInfoW

  GetFileVersionInfoSizeW

  crypt32

  CryptProtectData

  CryptUnprotectData

  CertOpenStore

  CertFindCertificateInStore

  CertFreeCertificateChain

  CertCloseStore

  CryptQueryObject

  CertEnumCertificatesInStore

  CertFindExtension

  CertCreateCertificateChainEngine

  CryptBinaryToStringA

  CertFreeCertificateChainEngine

  CryptStringToBinaryA

  CertFreeCertificateContext

  CertGetCertificateChain

  CertAddEncodedCertificateToStore

  CryptDecodeObjectEx

  CertDeleteCertificateFromStore

  PFXImportCertStore

  CertCreateCertificateContext

  CertGetNameStringA

  CertAddCertificateContextToStore

  advapi32

  QueryServiceStatus

  LookupPrivilegeValueW

  SetSecurityDescriptorDacl

  AdjustTokenPrivileges

  CryptAcquireContextA

  RevertToSelf

  RegNotifyChangeKeyValue

  GetSecurityDescriptorDacl

  RegCloseKey

  RegDeleteKeyExW

  RegEnumKeyW

  RegOpenCurrentUser

  CryptAcquireContextW

  RegQueryInfoKeyW

  AccessCheck

  GetAce

  EqualSid

  CloseServiceHandle

  RegQueryValueExA

  CryptGenRandom

  OpenSCManagerW

  RegDeleteKeyW

  AllocateAndInitializeSid

  GetSecurityDescriptorGroup

  RegCreateKeyExW

  GetSecurityDescriptorControl

  GetSecurityDescriptorOwner

  GetTokenInformation

  CryptReleaseContext

  LookupAccountNameW

  RegEnumKeyExA

  RegQueryValueExW

  RegEnumValueW

  RegOpenKeyW

  QueryServiceStatusEx

  LookupAccountSidW

  OpenThreadToken

  AddAccessAllowedAce

  DuplicateTokenEx

  GetUserNameW

  CryptGetHashParam

  GetLengthSid

  EnumServicesStatusW

  OpenServiceW

  RegDeleteValueW

  QueryServiceConfigW

  DuplicateToken

  CreateProcessAsUserW

  RegGetValueW

  RegOpenKeyExW

  InitializeAcl

  RegOpenKeyExA

  InitializeSecurityDescriptor

  CheckTokenMembership

  GetFileSecurityW

  StartServiceW

  FreeSid

  OpenProcessToken

  CryptDestroyHash

  RegSetValueExW

  IsValidSid

  ImpersonateLoggedOnUser

  CryptHashData

  ImpersonateSelf

  CryptCreateHash

  RegEnumKeyExW

  rpcrt4

  RpcServerListen

  RpcMgmtStopServerListening

  UuidCreate

  RpcAsyncInitializeHandle

  RpcSsDestroyClientContext

  UuidFromStringW

  RpcStringFreeA

  RpcServerUseProtseqEpW

  I_RpcBindingInqLocalClientPID

  RpcBindingFromStringBindingA

  RpcAsyncCancelCall

  RpcStringBindingParseW

  RpcStringFreeW

  RpcAsyncCompleteCall

  RpcServerRegisterIf2

  RpcStringBindingComposeW

  RpcServerUnregisterIf

  RpcBindingFromStringBindingW

  UuidToStringW

  RpcStringBindingComposeA

  RpcBindingFree

  RpcBindingSetAuthInfoExA

  ws2_32

  getsockname

  send

  socket

  ntohs

  connect

  getservbyname

  gethostname

  recvfrom

  recv

  getsockopt

  htonl

  getpeername

  sendto

  ioctlsocket

  setsockopt

  WSAGetLastError

  ntohl

  select

  closesocket

  bind

  __WSAFDIsSet

  WSACleanup

  WSAStartup

  WSASetLastError

  shutdown

  htons

  mpr

  WNetGetConnectionW

  winmm

  timeKillEvent

  timeSetEvent

  bcrypt

  BCryptFinalizeKeyPair

  BCryptGenerateKeyPair

  BCryptOpenAlgorithmProvider

  BCryptExportKey

  BCryptDeriveKey

  BCryptDestroyKey

  BCryptEncrypt

  BCryptGenerateSymmetricKey

  BCryptSecretAgreement

  BCryptSetProperty

  BCryptImportKeyPair

  BCryptDestroySecret

  BCryptCloseAlgorithmProvider

  ntdll

  VerSetConditionMask

  kernel32

  GetTickCount

  WaitNamedPipeW

  SetDllDirectoryW

  GetProcessHandleCount

  CreateIoCompletionPort

  InitializeSListHead

  MulDiv

  LocalUnlock

  VirtualQuery

  GetProcessTimes

  GetDriveTypeW

  OpenThread

  LoadLibraryExW

  IsDebuggerPresent

  ConnectNamedPipe

  ResetEvent

  GetDateFormatW

  GetOEMCP

  lstrlenA

  GetLargePageMinimum

  GetExitCodeProcess

  FlushFileBuffers

  SetUnhandledExceptionFilter

  CreateTimerQueue

  AreFileApisANSI

  CreateDirectoryW

  GetStartupInfoW

  GetCPInfoExW

  ReadFile

  GetModuleFileNameA

  OpenEventA

  SizeofResource

  QueryDosDeviceW

  TryEnterCriticalSection

  RemoveVectoredExceptionHandler

  GetVolumeInformationW

  GetLogicalDrives

  CancelIo

  GetFileInformationByHandleEx

  SetThreadLocale

  CompareFileTime

  InitOnceBeginInitialize

  FindFirstFileW

  GetFileSizeEx

  InitOnceExecuteOnce

  SetHandleInformation

  CreateTimerQueueTimer

  WritePrivateProfileStringW

  FindFirstFileExW

  SetWaitableTimer

  CompareStringW

  TlsSetValue

  FindFirstVolumeW

  GetSystemDefaultLCID

  VirtualProtect

  CreateSemaphoreExW

  HeapFree

  SetLastError

  EnterCriticalSection

  VirtualFree

  GetCommandLineW

  GetFullPathNameW

  FindNextFileW

  GetLongPathNameW

  GetCurrentProcess

  CreateWaitableTimerW

  ReleaseSemaphore

  WriteFile

  RegisterWaitForSingleObject

  GetModuleHandleExW

  ExpandEnvironmentStringsW

  GetSystemDefaultUILanguage

  UnregisterWait

  GetShortPathNameW

  OutputDebugStringA

  GetStringTypeExW

  DeviceIoControl

  VirtualAlloc

  TerminateProcess

  RemoveDirectoryW

  GetFinalPathNameByHandleW

  GetProcessIdOfThread

  LoadLibraryExA

  GetUserDefaultLangID

  GetModuleFileNameW

  CreateNamedPipeW

  GetSystemTimes

  WaitForMultipleObjects

  InitializeProcThreadAttributeList

  GetThreadLocale

  SetEnvironmentVariableW

  SetProcessShutdownParameters

  GetGeoInfoW

  GetLocaleInfoEx

  GetUserDefaultLocaleName

  GetProcessId

  DeleteTimerQueueEx

  GetUserDefaultUILanguage

  SetThreadPriority

  InitializeCriticalSectionAndSpinCount

  LeaveCriticalSection

  CreatePipe

  InitializeCriticalSection

  ExpandEnvironmentStringsA

  SetErrorMode

  SetFilePointer

  GetFullPathNameA

  GetQueuedCompletionStatus

  GetEnvironmentVariableW

  SetEndOfFile

  UnlockFileEx

  GetTempPathW

  CreateMutexW

  InitializeCriticalSectionEx

  WaitForMultipleObjectsEx

  GetEnvironmentVariableA

  FindClose

  GetLocaleInfoW

  GetVolumePathNameW

  WaitForSingleObject

  LocalAlloc

  CreateFileW

  GetFileAttributesW

  GetCurrentThreadId

  OpenEventW

  GetVersionExW

  QueryThreadCycleTime

  ReleaseMutex

  GetSystemDirectoryW

  GetComputerNameExW

  GlobalDeleteAtom

  ResumeThread

  UnmapViewOfFile

  DuplicateHandle

  GetModuleHandleA

  DisconnectNamedPipe

  GlobalAddAtomW

  OpenProcess

  HeapSize

  SetFileAttributesW

  GetLogicalDriveStringsW

  CreateEventW

  MultiByteToWideChar

  GetExitCodeThread

  ProcessIdToSessionId

  GetPrivateProfileStringW

  Sleep

  GetFileInformationByHandle

  FormatMessageW

  GetTimeZoneInformation

  LocalFileTimeToFileTime

  GetTickCount64

  GetLastError

  UpdateProcThreadAttribute

  GetFileAttributesExW

  ReleaseSRWLockExclusive

  OutputDebugStringW

  MoveFileExA

  CreateFileA

  GetUserDefaultLCID

  SetEvent

  FileTimeToSystemTime

  GetDiskFreeSpaceExW

  GetCurrentThread

  InitOnceComplete

  AcquireSRWLockExclusive

  GetSystemDirectoryA

  TerminateThread

  LoadLibraryA

  WaitForSingleObjectEx

  TlsAlloc

  GetVersionExA

  LockResource

  QueryPerformanceFrequency

  GetThreadPriority

  DeleteFileW

  OpenSemaphoreW

  HeapReAlloc

  CloseHandle

  ReleaseSRWLockShared

  GetNativeSystemInfo

  GetNumberFormatW

  RaiseException

  GetSystemInfo

  LoadLibraryW

  CreateThread

  FindResourceExW

  QueryPerformanceCounter

  GetWindowsDirectoryA

  LoadResource

  FindResourceW

  HeapAlloc

  FileTimeToLocalFileTime

  GetLocalTime

  GetUserGeoID

  GetCurrentDirectoryW

  CreateWaitableTimerA

  AddVectoredExceptionHandler

  HeapDestroy

  UnlockFile

  GetWindowsDirectoryW

  GetPriorityClass

  GetProcAddress

  SetFilePointerEx

  CreateMutexExW

  UnregisterWaitEx

  LocalFree

  GetTimeFormatW

  MoveFileExW

  GetThreadId

  LockFileEx

  AcquireSRWLockShared

  IsProcessorFeaturePresent

  WTSGetActiveConsoleSessionId

  GetFileSize

  DeleteCriticalSection

  ExitProcess

  LCMapStringW

  ReadProcessMemory

  GetComputerNameW

  FindVolumeClose

  GetCurrentProcessId

  UnhandledExceptionFilter

  GetProcessHeap

  SystemTimeToFileTime

  GlobalMemoryStatusEx

  CreateProcessW

  GetModuleHandleW

  FreeLibrary

  CreateSemaphoreW

  CopyFileW

  FlushInstructionCache

  WideCharToMultiByte

  GetVolumePathNamesForVolumeNameW

  SleepEx

  VerifyVersionInfoW

  TlsGetValue

  GetThreadTimes

  SystemTimeToTzSpecificLocalTime

  QueryFullProcessImageNameW

  GetTempFileNameW

  GetSystemTimeAsFileTime

  GetFileType

  DeleteTimerQueueTimer

  TlsFree

  GetSystemTime

  FormatMessageA

  IsBadReadPtr

  DebugBreak

  SetProcessWorkingSetSize

  CreateFileMappingW

  CreateEventA

  MapViewOfFile

  FindNextVolumeW

  CheckRemoteDebuggerPresent

  user32

  ReleaseCapture

  DrawFrameControl

  UpdateWindow

  PtInRect

  RegisterWindowMessageW

  GetParent

  GetProcessWindowStation

  OpenDesktopW

  GetClassInfoExW

  SystemParametersInfoW

  EnableMenuItem

  SetScrollPos

  GetDesktopWindow

  PostQuitMessage

  KillTimer

  DrawIconEx

  SetRect

  DrawTextW

  ActivateKeyboardLayout

  GetDlgItem

  GetClientRect

  CheckMenuItem

  SetWindowLongW

  SetScrollRange

  SwitchDesktop

  wsprintfW

  GetUserObjectInformationW

  SetCursor

  SetClipboardData

  InsertMenuW

  GetWindowDC

  SetParent

  GetClassNameW

  IsGUIThread

  LoadCursorW

  EnumDesktopWindows

  FindWindowW

  LoadIconW

  TranslateMessage

  SetPropW

  OpenInputDesktop

  SendNotifyMessageW

  SetFocus

  DrawTextExW

  DestroyMenu

  LoadBitmapW

  EnumWindows

  MoveWindow

  IsWindowEnabled

  GetForegroundWindow

  GetSysColor

  SendDlgItemMessageW

  SetMenuDefaultItem

  CreateDesktopW

  SetWindowDisplayAffinity

  GetKeyboardLayout

  TrackMouseEvent

  DrawStateW

  SetWindowPlacement

  MapWindowPoints

  RegisterClassW

  GetKeyboardLayoutList

  PeekMessageW

  ExitWindowsEx

  CloseClipboard

  ClientToScreen

  GetDlgCtrlID

  GetKeyboardLayoutNameW

  SetForegroundWindow

  GetMonitorInfoW

  IsHungAppWindow

  DestroyIcon

  RedrawWindow

  SetTimer

  DispatchMessageW

  GetCapture

  OffsetRect

  OpenClipboard

  CloseDesktop

  InSendMessage

  GetAsyncKeyState

  IsWindow

  ShowWindow

  GetSubMenu

  LoadStringW

  GetThreadDesktop

  TrackPopupMenu

  SetThreadDesktop

  DrawIcon

  GetWindowPlacement

  GetScrollPos

  WindowFromPoint

  RegisterClassExW

  MsgWaitForMultipleObjects

  NotifyWinEvent

  SetWindowTextW

  UnregisterClassW

  GetSystemMetrics

  LoadImageW

  SendMessageW

  ScreenToClient

  DeleteMenu

  UnionRect

  GetIconInfo

  CreateWindowExW

  FillRect

  SetWindowRgn

  MonitorFromWindow

  CopyImage

  GetPropW

  keybd_event

  MessageBoxW

  EqualRect

  SetWindowPos

  IsWindowVisible

  GrayStringW

  GetDC

  InflateRect

  DestroyWindow

  GetFocus

  SendMessageTimeoutW

  GetMenuItemID

  GetWindowRect

  GetLastInputInfo

  FindWindowExW

  GetWindow

  MonitorFromPoint

  MapVirtualKeyW

  PostMessageW

  CallWindowProcW

  AllowSetForegroundWindow

  LoadMenuW

  CharLowerW

  GetKeyState

  ModifyMenuW

  DefWindowProcW

  TabbedTextOutW

  CreateDialogParamW

  GetMessageW

  GetWindowTextLengthW

  GetWindowThreadProcessId

  GetWindowLongW

  GetLastActivePopup

  IsZoomed

  GetDialogBaseUnits

  InvalidateRect

  GetAncestor

  IsIconic

  ReleaseDC

  GetCursorPos

  GetGUIThreadInfo

  BeginPaint

  EndPaint

  GetWindowRgn

  SendInput

  EnableWindow

  GetWindowTextW

  CopyRect

  WaitForInputIdle

  gdi32

  PtVisible

  SetTextAlign

  Escape

  CreateFontIndirectW

  CreateBitmap

  CreateSolidBrush

  DeleteObject

  Polygon

  GetViewportExtEx

  RoundRect

  GetRgnBox

  ExtTextOutW

  GetObjectW

  ExtCreatePen

  CreatePen

  BitBlt

  CreateCompatibleBitmap

  AddFontResourceExW

  SelectObject

  RemoveFontResourceW

  CreateCompatibleDC

  RectVisible

  SetPixel

  PatBlt

  EnumFontFamiliesExW

  StretchBlt

  GetTextExtentPointW

  CreateFontW

  GetStockObject

  GetClipBox

  GetCurrentPositionEx

  CreateRoundRectRgn

  GetBitmapBits

  GetDIBits

  GetDeviceCaps

  CreatePatternBrush

  GetPixel

  GetTextAlign

  CreateRectRgn

  DeleteDC

  TextOutW

  GetTextExtentPoint32W

  SetTextColor

  SetBitmapBits

  SetBkMode

  AddFontResourceW

  msimg32

  GradientFill

  comdlg32

  GetSaveFileNameW

  GetOpenFileNameW

  ole32

  CoUninitialize

  CLSIDFromString

  OleRun

  CoInitializeSecurity

  CoTaskMemFree

  CoInitializeEx

  CoCreateGuid

  CoTaskMemAlloc

  CoInitialize

  oleaut32

  VariantClear

  SysAllocStringLen

  SafeArrayCreate

  SysStringLen

  SafeArrayLock

  SysAllocString

  SysFreeString

  SafeArrayUnlock

  LoadTypeLi

  VariantInit

  SafeArrayDestroy

  Exports

  Exports

  Excpt

  asw_process_storage_allocate_connector

  asw_process_storage_deallocate_connector

  on_avast_dll_unload

  onexit_register_connector_avast_2

  Sections

  .text

  Size: 161KB - Virtual size: 160KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 53KB - Virtual size: 53KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 11KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 585KB - Virtual size: 584KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 13KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ