unpackme-FIJdll-child[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

unpackme-FIJdll-child.zip
Size

3.2MB
MD5

f08f5f9d5590ef3559fcd99b4fdb03c1
SHA1

699ce28149de580a8ea70d026a200dc72af656a2
SHA256

28006ea5e1e9ee754463658c1368cde2b09fc31b503f91f7d3a0ff533dd46678
SHA512

627df1d17984ca58df28f09ce8d7860be71e33320f9709fe17dc98efa5254c398510ecdb9c7f0d4993bfd88f246be56ae8de0deed60800c4072fea46912d5c6a
SSDEEP

98304:/R6UzWeiszL/eKZ6hp5AOZvIo0yOO2JCy0t:pzWuL/eKSjdIDyOO2Jfo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/32c6b39e73081567ea1482b9205591285ef522ff634b03b38934d6d0d4f97bc4

Files

unpackme-FIJdll-child.zip
.zip

Password: infected
32c6b39e73081567ea1482b9205591285ef522ff634b03b38934d6d0d4f97bc4
.dll windows:5 windows x86 arch:x86

Password: infected

3b6a94037081450d3ad7f00717328ae1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit
CreateErrorInfo
GetErrorInfo
SetErrorInfo
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetThreadToken
SetSecurityDescriptorDacl
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegFlushKey
RegCloseKey
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
LookupAccountSidW
LookupAccountNameW
IsValidSid
IsTextUnicode
InitializeSecurityDescriptor
InitializeAcl
GetUserNameW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSecurityDescriptorSacl
GetCurrentHwProfileA
GetCurrentHwProfileW
FreeSid
EqualSid
DuplicateTokenEx
DuplicateToken
CreateProcessAsUserW
AllocateAndInitializeSid
AdjustTokenPrivileges
AddAccessAllowedAce
CryptGetUserKey
CryptDestroyKey
CryptGenKey
CryptReleaseContext
CryptAcquireContextW
LsaFreeMemory
LsaClose
LsaRetrievePrivateData
LsaOpenPolicy
ConvertSidToStringSidA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
CryptSignHashA
CryptVerifySignatureW
CryptDecrypt
CryptImportKey
CryptEncrypt
CryptDeriveKey
CryptDestroyKey
CryptExportKey
CryptGenKey
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
CreateWellKnownSid

user32

CharNextW
LoadStringW
SetWindowLongA
GetWindowLongA
SetWindowLongW
GetWindowLongW
CreateWindowExW
wvsprintfW
mouse_event
keybd_event
WindowFromPoint
UpdateWindow
UnregisterClassW
TranslateMessage
ToUnicodeEx
SystemParametersInfoW
ShowWindow
SetTimer
SetThreadDesktop
SetClipboardData
SendMessageA
SendMessageW
ScreenToClient
ReleaseDC
RegisterWindowMessageW
RegisterClassW
RealGetWindowClassW
PostThreadMessageW
PostMessageA
PostMessageW
PeekMessageW
OpenDesktopW
OpenClipboard
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MenuItemFromPoint
MapVirtualKeyW
LoadStringW
LoadIconW
LoadCursorW
KillTimer
IsWindowVisible
IsWindow
InvalidateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowInfo
GetTopWindow
GetThreadDesktop
GetSystemMetrics
GetWindow
GetMessageW
GetMenuItemID
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDC
GetCursorInfo
GetClipboardData
GetClassInfoW
FindWindowExW
FindWindowA
FindWindowW
EnumWindows
EndDeferWindowPos
EmptyClipboard
DrawIcon
DispatchMessageW
DestroyWindow
DeferWindowPos
DefWindowProcW
CreateDesktopW
CloseWindow
CloseClipboard
CharUpperBuffW
CharUpperW
CharLowerBuffW
BeginDeferWindowPos
AttachThreadInput
PrintWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
SetCurrentDirectoryW
GetCurrentDirectoryW
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
lstrcpyA
lstrcmpW
WriteProcessMemory
WritePrivateProfileStringW
WriteFile
WideCharToMultiByte
WaitForSingleObjectEx
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFreeEx
VirtualFree
VirtualAllocEx
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
UnmapViewOfFile
UnlockFileEx
UnlockFile
TryEnterCriticalSection
TerminateThread
TerminateProcess
SystemTimeToFileTime
SwitchToThread
SuspendThread
Sleep
SetThreadPriority
SetPriorityClass
SetLastError
SetFileTime
SetFilePointerEx
SetFilePointer
SetFileAttributesW
SetEvent
SetErrorMode
SetEndOfFile
SetCurrentDirectoryW
ResumeThread
ResetEvent
RemoveDirectoryW
ReleaseSemaphore
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceW
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
OpenProcess
OpenEventW
MultiByteToWideChar
MoveFileW
MapViewOfFile
LockFileEx
LockFile
LocalFree
LocalAlloc
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
LCMapStringW
IsValidLocale
IsBadReadPtr
InitializeCriticalSection
HeapValidate
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapCompact
HeapAlloc
GlobalUnlock
GlobalSize
GlobalMemoryStatusEx
GlobalMemoryStatus
GlobalLock
GlobalFree
GlobalAlloc
GetWindowsDirectoryW
GetVolumeInformationW
GetVersionExA
GetVersionExW
GetUserDefaultLangID
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathA
GetTempPathW
GetSystemTimeAsFileTime
GetSystemTime
GetSystemPowerStatus
GetSystemInfo
GetSystemDirectoryW
GetSystemDefaultLangID
GetStdHandle
GetShortPathNameW
GetProcessHeap
GetProcAddress
GetPrivateProfileStringW
GetPrivateProfileIntW
GetModuleHandleW
GetModuleFileNameW
GetLogicalDrives
GetLogicalDriveStringsW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameA
GetFullPathNameW
GetFileSizeEx
GetFileSize
GetFileAttributesExW
GetFileAttributesA
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryW
GetComputerNameW
GetCommandLineW
GetCPInfoExW
GetCPInfo
GetBinaryTypeW
GetACP
FreeLibrary
FormatMessageA
FormatMessageW
FlushViewOfFile
FlushInstructionCache
FlushFileBuffers
FindResourceA
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
EnumSystemLocalesW
EnumCalendarInfoW
EnterCriticalSection
DuplicateHandle
DisconnectNamedPipe
DeleteFileA
DeleteFileW
DeleteCriticalSection
CreateThread
CreateSemaphoreA
CreateRemoteThread
CreateProcessW
CreateNamedPipeW
CreateMutexW
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
CreateDirectoryW
CopyFileW
ConnectNamedPipe
CompareStringW
CloseHandle
AreFileApisANSI
Sleep
Wow64EnableWow64FsRedirection
Wow64DisableWow64FsRedirection

gdi32

StretchBlt
SetStretchBltMode
SelectObject
Rectangle
GetStockObject
GetPixel
GetObjectW
GetDeviceCaps
GetDIBits
DeleteObject
DeleteDC
CreatePen
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

netapi32

NetApiBufferFree
NetWkstaGetInfo
NetApiBufferFree
NetUserEnum

ole32

OleInitialize
CreateBindCtx
MkParseDisplayName
CoTaskMemFree
CLSIDFromProgID
CLSIDFromString
StringFromCLSID
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitialize

ws2_32

WSAIoctl
WSAEventSelect
WSAGetLastError
WSASetLastError
WSAStartup
gethostbyname
socket
setsockopt
send
select
recv
listen
inet_addr
htons
getsockname
ioctlsocket
connect
closesocket
bind
accept
__WSAFDIsSet

shell32

ShellExecuteExW
SHAppBarMessage
SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation

wininet

InternetSetOptionW
InternetCrackUrlW

msvcrt

realloc
_ftol
memmove
memcmp
free
malloc
strncmp
memset
strlen
memcpy
localtime
memset
memmove
memcpy
_beginthreadex

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertCreateSelfSignCertificate
CertOpenSystemStoreW
CertGetNameStringW
CertStrToNameW
CertNameToStrW
CryptExportPKCS8
CryptAcquireCertificatePrivateKey
CryptExportPublicKeyInfoEx
CryptSignAndEncodeCertificate
CertAddCertificateContextToStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertCreateCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptEncodeObject
PFXExportCertStoreEx

wsock32

__WSAFDIsSet
send
recv

iphlpapi

GetAdaptersInfo

winmm

mmioStringToFOURCCW

winspool.drv

GetDefaultPrinterW

rasapi32

RasGetEntryDialParamsA
RasEnumEntriesA

cryptui

CryptUIDlgViewCertificateW

avifil32

AVIFileRelease
AVIStreamRelease
AVIStreamWrite
AVIMakeCompressedStream
AVIStreamSetFormat
AVIFileCreateStreamW
AVIFileOpenW
AVIFileExit
AVIFileInit

shlwapi

StrStrW

ntdll

RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
RtlAllocateHeap

wtsapi32

WTSQueryUserToken

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
init
run
start

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 34KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 197B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

3b6a94037081450d3ad7f00717328ae1

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

mpr

netapi32

ole32

ws2_32

shell32

wininet

msvcrt

crypt32

wsock32

iphlpapi

winmm

winspool.drv

rasapi32

cryptui

avifil32

shlwapi

ntdll

wtsapi32

Exports

Exports

Sections

.text Size: 5.0MB - Virtual size: 5.0MB

.itext Size: 5KB - Virtual size: 5KB

.data Size: 252KB - Virtual size: 252KB

.bss Size: - Virtual size: 34KB

.idata Size: 16KB - Virtual size: 16KB

.didata Size: 1024B - Virtual size: 796B

.edata Size: 512B - Virtual size: 197B

.rdata Size: 512B - Virtual size: 68B

.reloc Size: 243KB - Virtual size: 242KB

.rsrc Size: 21KB - Virtual size: 21KB

.text
Size: 5.0MB - Virtual size: 5.0MB

.itext
Size: 5KB - Virtual size: 5KB

.data
Size: 252KB - Virtual size: 252KB

.bss
Size: - Virtual size: 34KB

.idata
Size: 16KB - Virtual size: 16KB

.didata
Size: 1024B - Virtual size: 796B

.edata
Size: 512B - Virtual size: 197B

.rdata
Size: 512B - Virtual size: 68B

.reloc
Size: 243KB - Virtual size: 242KB

.rsrc
Size: 21KB - Virtual size: 21KB