Unistore[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Unistore.dll
Size

936KB
MD5

4b568e9b7b4bbc9aa10e547f8a862a9f
SHA1

a1ec97135e13961721ab6c7d42e7cce5e22b78e5
SHA256

0cea9950391a55cab785548e29c65b973d3ec28851749c7e9ae76a86d8607ea2
SHA512

c71f5e3597bc80f52a2c958bd34dc04f26e0efedd5fe553478497e486c9c21c92a1b52a0963d6d3c58853abddd10b7bad04df2637d7b3ba8e4e43b49423635e7
SSDEEP

24576:BOK+BEEO8NTVw4hpL0qXw2kM7A6guHV7Lo5b:8KSZxw4f0Z2kt7sa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Unistore.dll

Files

Unistore.dll
.dll windows:10 windows x86 arch:x86

dd8bfa0a31433660527c7991c8d0b596

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

unistore.pdb

Imports

msvcrt

_onexit
__dllonexit
_unlock
_lock
memmove
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
malloc
free
_vsnprintf
strtoul
_wcsnicmp
wcstol
wcscspn
wcsrchr
_wcsicmp
memcmp
strcpy_s
memcpy
_callnewh
memcpy_s
_purecall
_vsnwprintf
strrchr
_except_handler4_common
memset

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
CreateEventW
SetEvent
CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObjectEx
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
OpenEventW
OpenSemaphoreW
CreateMutexExW
InitializeSRWLock

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventWrite
EventSetInformation
EventUnregister

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
LocalReAlloc

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleW
FreeLibrary
GetModuleHandleExW
LoadLibraryExW
LoadStringW
GetModuleFileNameA

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegGetValueW
RegOpenKeyExW
RegCloseKey
RegFlushKey

api-ms-win-core-path-l1-1-0

PathCchCombine
PathAllocCombine

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetFileAttributesW
FindClose
GetTempFileNameW
CreateFileW
DeleteFileW
FindNextFileW
CompareFileTime
FindFirstFileExW
FindFirstFileW
GetFileSize
ReadFile
SetFilePointer
WriteFile
SetEndOfFile
RemoveDirectoryW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TlsFree
TlsAlloc
OpenThreadToken
TlsGetValue
TlsSetValue
GetCurrentThread
TerminateProcess
GetCurrentProcess
GetProcessId
GetThreadPriority
SetThreadPriority
SetThreadToken

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetSystemDefaultLCID

api-ms-win-security-base-l1-1-0

GetTokenInformation
GetSidSubAuthority
GetSidSubAuthorityCount

api-ms-win-core-synch-l1-2-0

SleepConditionVariableCS
InitOnceComplete
WakeAllConditionVariable
Sleep
InitOnceBeginInitialize
InitializeConditionVariable

esent

JetSetSystemParameterA
JetConvertDDLA
JetEscrowUpdate
JetTerm2
JetInit2
JetMove
JetBeginTransaction
JetSetColumns
JetGetTableIndexInfoA
JetRetrieveColumns
JetBeginSessionA
JetRetrieveColumn
JetEndSession
JetGetBookmark
JetMakeKey
JetCreateDatabaseW
JetDelete
JetResetSessionContext
JetCloseDatabase
JetCreateTableColumnIndex3A
JetGetTableColumnInfoA
JetBackupInstanceW
JetAttachDatabaseW
JetDeleteIndexA
JetIndexRecordCount
JetDetachDatabaseA
JetSetSessionContext
JetCommitTransaction
JetAddColumnA
JetCreateIndex3A
JetOpenTableW
JetRetrieveKey
JetGotoBookmark
JetEnumerateColumns
JetGetSecondaryIndexBookmark
JetResizeDatabase
JetStopServiceInstance
JetOpenDatabaseW
JetUpdate
JetPrepareUpdate
JetBeginTransaction2
JetCommitTransaction2
JetRollback
JetSetSystemParameterW
JetCreateInstance2W
JetSetIndexRange
JetGetErrorInfoW
JetSetCurrentIndex2A
JetSetCurrentIndexA
JetGetSessionParameter
JetGetResourceParam
JetIdle
JetSeek
JetGotoSecondaryIndexBookmark
JetCloseTable

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolThreadMaximum
CreateThreadpool
FreeLibraryWhenCallbackReturns
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
IsThreadpoolTimerSet
CloseThreadpoolTimer
SubmitThreadpoolWork
CloseThreadpoolWait
CloseThreadpool
CloseThreadpoolWork
CreateThreadpoolTimer
WaitForThreadpoolWaitCallbacks
CloseThreadpoolCleanupGroup
SetThreadpoolWait
CreateThreadpoolCleanupGroup
CreateThreadpoolWait

ntdll

RtlIsCriticalSectionLockedByThread
RtlNtStatusToDosError
RtlGetThreadWorkOnBehalfTicket

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AddDWORDPropertyRestrictions
AppRevisionBlobToUSBlob
ClearUSCache
CreateStoreManager
CreateStoreManagerWithToken
DetectExistingCorruption
DisableLocalUnistore
EnableLocalUnistore
EndUnifiedStoreWorkForClient
FindMaxSeenRevisionForAppInBlob
GetCurrentProcessRundownProtectionIdentifier
GetDeviceStoreDefaultName
GetRealStoreManager
GetUSDataFolderPath
GetUSDeviceStoreCorruptedVolumeFolderPath
GetUSDeviceStoreFolderPath
GetUSDeviceStoreVolumePath
GetUSFileStreamPath
GetUnistoreJetInstance
IsCEPropValPresent
IsUSPropValPresent
IsUnistoreInProc
IsUnistoreLocal
LowerRPCPriority
RegisterRundownProtectionForProcess
ReleaseUnistoreJetInstance
RemoveStaleChangeTrackingDataOnStore
ServiceMain
SetMaxRevisionBlobSize
SetUnistoreProcessEventFilter
SetUnistoreVersion
StartUnifiedStoreWorkForClient
SvchostPushServiceGlobals
USBlobToAppRevisionBlob
USComparePropVals
USCopyPropVals
USDeleteFileEx
USEventMaskToObjectType
USGetPropValsAncillaryBufferSize
USIsObjectHidden
USIsSameObject
USObjectTypeToEventMask

Sections

.text
Size: 866KB - Virtual size: 866KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd8bfa0a31433660527c7991c8d0b596

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-synch-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-synch-l1-2-0

esent

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-shell-shdirectory-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-threadpool-l1-2-0

ntdll

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 866KB - Virtual size: 866KB

.data Size: 4KB - Virtual size: 11KB

.idata Size: 8KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 388B

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 38KB - Virtual size: 38KB

.text
Size: 866KB - Virtual size: 866KB

.data
Size: 4KB - Virtual size: 11KB

.idata
Size: 8KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 388B

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 38KB - Virtual size: 38KB