1. References
- Dumpulator (by mrexodia Duncan Ogilvie)
- Native function and Assembly Code Invocation
- OALABS Research
- And @herrcore (Thanks for his suggestion in private chat)
2. Code analysis
I received a suspicious Dll that needs to be analyzed. This Dll is packed. After unpacking it and throwing the Dll into IDA, IDA successfully analyzed it with over 7000 functions (including API/library function calls). Upon quickly examining at the Strings tab, I came across numerous strings in the following format:
(more…)