pikabot | 59f42ecde152f78731e54ea27e761bba748c9309a6ad1c2fd17f0e8b90f8aed1

Resubmissions

21-02-2023 11:37

230221-nq9lzaef54 10

17-02-2023 05:38

230217-gbzd5aea25 10

13-02-2023 12:09

230213-pbskksce6y 10

08-02-2023 04:11

230208-er8xdshb69 10

Sharing

Copy URL

Twitter E-mail

General

Target

59f42ecde152f78731e54ea27e761bba748c9309a6ad1c2fd17f0e8b90f8aed1
Size

1.0MB
MD5

46808efd5331489a931e51792623caca
SHA1

1e7e75bcee397e9c447edb7a7a20a5c81eee8a87
SHA256

59f42ecde152f78731e54ea27e761bba748c9309a6ad1c2fd17f0e8b90f8aed1
SHA512

33fcf014dba7718a7e99a4860854b6067e525c8e1ab187dd9468fd4913fe7fe450b89beb5c915e424288857ce6137f96ef970d26b9bd061991d1d6a97e63b853
SSDEEP

24576:oYwf5ZRmacuzNSmFa10450twvOUqEB7PBd3X3m+r:WcCzNfveyUdPBdH3l

Score

10^/10

pikabot

Malware Config

Signatures

Detects PikaBot botnet 1 IoCs

resource	yara_rule
sample	family_pikabot

Pikabot family
pikabot

Files

59f42ecde152f78731e54ea27e761bba748c9309a6ad1c2fd17f0e8b90f8aed1
.dll regsvr32 windows x86

47b25cab4d220854dcb1268c5af427d5

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:1d:40:ae:3f:3a:1f:b2:bc:3d:83:95
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

25-08-2020 13:42

Not After

26-08-2023 13:42

Subject

CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:1d:40:ae:3f:3a:1f:b2:bc:3d:83:95
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

25-08-2020 13:42

Not After

26-08-2023 13:42

Subject

CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27-05-2021 09:55

Not After

28-06-2032 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20-02-2019 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:9b:cb:fa:c8:da:95:f7:f1:bd:ac:60:de:04:f0:04:10:72:4c:05:1c:93:7e:10:22:d1:30:f0:47:f1:b6:6e
Signer

Actual PE Digest

78:9b:cb:fa:c8:da:95:f7:f1:bd:ac:60:de:04:f0:04:10:72:4c:05:1c:93:7e:10:22:d1:30:f0:47:f1:b6:6e

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE

03-03-2022 14:19
Valid: true

Chain 1

CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

ac:93:c6:4d:1a:61:04:00:7c:29:53:1d:c8:50:b9:be:93:0f:be:6d
Signer

Actual PE Digest

ac:93:c6:4d:1a:61:04:00:7c:29:53:1d:c8:50:b9:be:93:0f:be:6d

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE

03-03-2022 14:19
Valid: true

Chain 1

CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CreateFileW
GetFileAttributesW
FreeLibraryAndExitThread
GetCurrentThreadId
GetVersionExW
ReleaseMutex
OpenFileMappingW
SuspendThread
GetSystemDirectoryW
FreeEnvironmentStringsW
ResumeThread
UnmapViewOfFile
ExitThread
GetACP
FindFirstChangeNotificationW
HeapSize
GetCommandLineA
SetFileAttributesW
IsValidCodePage
EndUpdateResourceW
CreateEventW
MultiByteToWideChar
Sleep
GetConsoleMode
GetFileInformationByHandle
FormatMessageW
LocalFileTimeToFileTime
CompareStringA
FlsSetValue
GetLastError
TzSpecificLocalTimeToSystemTime
ReleaseSRWLockExclusive
GlobalSize
SetEvent
FileTimeToSystemTime
GetDiskFreeSpaceExW
GetCurrentThread
AcquireSRWLockExclusive
FindCloseChangeNotification
ReadConsoleW
WaitForSingleObjectEx
TlsAlloc
LockResource
QueryPerformanceFrequency
GetThreadPriority
GlobalAlloc
DeleteFileW
GlobalFree
HeapReAlloc
CloseHandle
GetNumberFormatW
EnumResourceLanguagesW
RaiseException
LoadLibraryW
CreateThread
ResetEvent
IsDBCSLeadByte
LoadResource
FindResourceW
HeapAlloc
FindClose
GetLocalTime
GetCurrentDirectoryW
SetStdHandle
UpdateResourceW
FindNextChangeNotification
HeapDestroy
SetCurrentDirectoryW
WriteConsoleW
GetPriorityClass
Beep
GetProcAddress
GlobalLock
SetFilePointerEx
LocalFree
GetTimeFormatW
IsProcessorFeaturePresent
GetFileSize
DeleteCriticalSection
ExitProcess
LCMapStringW
GetCurrentProcessId
UnhandledExceptionFilter
GetProcessHeap
SystemTimeToFileTime
SetThreadExecutionState
GetModuleHandleW
FreeLibrary
CreateSemaphoreW
CopyFileW
WideCharToMultiByte
TlsGetValue
BeginUpdateResourceW
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
GetFileType
TlsFree
GetSystemTime
CreateFileMappingW
BackupRead
DosDateTimeToFileTime
MapViewOfFile
BackupSeek
QueryPerformanceCounter
GetStringTypeW
GetDateFormatW
InitializeSListHead
GetTickCount
GetEnvironmentStringsW
GlobalUnlock
FlsFree
FlsAlloc
MulDiv
MoveFileW
GetDriveTypeW
GetFileTime
LoadLibraryExW
IsDebuggerPresent
SetUnhandledExceptionFilter
FlushFileBuffers
CreateHardLinkW
InitializeCriticalSectionEx
CreateMutexW
GetTempPathW
EnumResourceNamesW
SetEndOfFile
FlsGetValue
GetCompressedFileSizeW
GetFullPathNameA
SetFilePointer
SetErrorMode
InitializeCriticalSection
FoldStringW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetThreadPriority
EncodePointer
SetEnvironmentVariableW
WaitForMultipleObjects
GetModuleFileNameW
SetFileTime
GetProcessAffinityMask
RemoveDirectoryW
TerminateProcess
DeviceIoControl
GetDiskFreeSpaceW
GetShortPathNameW
ExpandEnvironmentStringsW
GetModuleHandleExW
WriteFile
GetCPInfo
ReleaseSemaphore
GetStdHandle
GetConsoleOutputCP
GetLocaleInfoW
GetCurrentProcess
GetLongPathNameW
FindNextFileW
GetFullPathNameW
GetCommandLineW
EnterCriticalSection
SetPriorityClass
SetLastError
HeapFree
TlsSetValue
CompareStringW
FindFirstFileExW
HeapCreate
GetFileSizeEx
FindFirstFileW
CompareFileTime
GetOEMCP
GetLogicalDrives
GetVolumeInformationW
TryEnterCriticalSection
SizeofResource
InitializeSRWLock
ReadFile
GetCPInfoExW
GetStartupInfoW
FileTimeToLocalFileTime
CreateDirectoryW

user32

GetDlgItemTextW
CharToOemBuffA
ValidateRect
SetWindowPlacement
MapWindowPoints
RegisterClassW
SetDlgItemTextW
IsChild
PeekMessageW
ExitWindowsEx
EmptyClipboard
SetMenuItemInfoW
CloseClipboard
ClientToScreen
CreateIconIndirect
CopyRect
DestroyIcon
IsDialogMessageW
RedrawWindow
SetTimer
DispatchMessageW
OpenClipboard
OemToCharBuffA
OemToCharBuffW
IsWindow
ShowWindow
GetSubMenu
LoadStringW
TrackPopupMenu
LoadAcceleratorsW
GetWindowPlacement
WindowFromPoint
RegisterClassExW
GetScrollInfo
CreatePopupMenu
MessageBeep
SetWindowTextW
GetSystemMetrics
RemovePropW
EndDialog
WaitForInputIdle
SendMessageW
ScreenToClient
DeleteMenu
GetIconInfo
CreateWindowExW
FillRect
EnumDisplayMonitors
EnumChildWindows
GetMenuItemCount
CopyImage
GetPropW
keybd_event
MessageBoxW
SetWindowPos
IsWindowVisible
GetDC
DestroyWindow
InsertMenuItemW
GetFocus
GetMenu
GetMenuItemID
GetWindowRect
SetProcessDefaultLayout
FindWindowExW
GetWindow
PostMessageW
CallWindowProcW
LoadMenuW
CharLowerW
CharUpperW
GetKeyState
GetSysColor
GetSystemMenu
DefWindowProcW
GetMenuItemInfoW
GetLastActivePopup
RegisterClipboardFormatW
CreateDialogParamW
GetMessageW
GetWindowTextLengthW
GetWindowThreadProcessId
GetWindowLongW
GetWindowTextW
GetForegroundWindow
CharToOemA
IsWindowEnabled
MoveWindow
SetMenu
IsDlgButtonChecked
EnumWindows
FlashWindow
DestroyMenu
IntersectRect
SetFocus
BringWindowToTop
TranslateAcceleratorW
SetPropW
TranslateMessage
GetClipboardData
LoadIconW
ScrollWindowEx
OemToCharA
FindWindowW
CharToOemBuffW
LoadCursorW
GetClassNameW
IsCharAlphaW
DrawMenuBar
InsertMenuW
SetClipboardData
SetCursor
wsprintfW
FlashWindowEx
GetDlgItemInt
SetScrollRange
SetWindowLongW
GetComboBoxInfo
CheckMenuItem
GetClientRect
GetDlgItem
AppendMenuW
PostThreadMessageW
KillTimer
CheckDlgButton
PostQuitMessage
GetDesktopWindow
SetScrollPos
CreateDialogIndirectParamW
EnableMenuItem
SystemParametersInfoW
SetDlgItemInt
GetParent
RegisterWindowMessageW
DialogBoxParamW
PtInRect
UpdateWindow
SetForegroundWindow
LoadImageW
InvalidateRect
IsIconic
ReleaseDC
GetCursorPos
BeginPaint
EndPaint
EnableWindow
SendDlgItemMessageW
MessageBoxIndirectW
GetMenuState
CreateIcon
DrawIconEx

gdi32

BitBlt
CreateCompatibleBitmap
SelectObject
CreateBitmap
CreateDIBSection
CreateCompatibleDC
SetPixel
StretchBlt
GetTextFaceW
CreateFontW
GetDeviceCaps
GetTextMetricsW
GetPixel
DeleteDC
TextOutW
GetTextExtentPoint32W
SetTextColor
TextOutA
LineTo
CreatePen
Rectangle
GetObjectW
MoveToEx
SetBkColor
DeleteObject
CreateSolidBrush
DPtoLP
GetMapMode
ExtTextOutW
SetMapMode

comdlg32

CommDlgExtendedError
ChooseFontW
GetSaveFileNameW
GetOpenFileNameW

advapi32

RegSetValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
IsTextUnicode
RegCloseKey
SetFileSecurityW
CryptAcquireContextW
AccessCheck
CryptGenRandom
RegDeleteKeyW
AllocateAndInitializeSid
RegCreateKeyExW
RegEnumKeyExW
CryptReleaseContext
OpenProcessToken
FreeSid
GetFileSecurityW
CheckTokenMembership
RegOpenKeyExW
DuplicateToken
RegDeleteValueW
MapGenericMask
GetSecurityDescriptorLength
RegEnumValueW
RegQueryValueExW

ole32

OleInitialize
RegisterDragDrop
OleSetClipboard
CLSIDFromString
CoInitializeEx
RevokeDragDrop
CoSetProxyBlanket
CreateStreamOnHGlobal
CoTaskMemFree
CoUninitialize
CoTaskMemAlloc
OleUninitialize
DoDragDrop

oleaut32

VariantClear
SysFreeString
SysAllocString

msimg32

GradientFill

Exports

Exports

DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 927KB - Virtual size: 926KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

47b25cab4d220854dcb1268c5af427d5

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

73:1d:40:ae:3f:3a:1f:b2:bc:3d:83:95Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

73:1d:40:ae:3f:3a:1f:b2:bc:3d:83:95Certificate

Extended Key Usages

Key Usages

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9fCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

78:9b:cb:fa:c8:da:95:f7:f1:bd:ac:60:de:04:f0:04:10:72:4c:05:1c:93:7e:10:22:d1:30:f0:47:f1:b6:6eSigner

Signature Validations

Verification

03-03-2022 14:19 Valid: true

Chain 1

ac:93:c6:4d:1a:61:04:00:7c:29:53:1d:c8:50:b9:be:93:0f:be:6dSigner

Signature Validations

Verification

03-03-2022 14:19 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

msimg32

Exports

Exports

Sections

.text Size: 82KB - Virtual size: 81KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 927KB - Virtual size: 926KB

.reloc Size: 2KB - Virtual size: 1KB

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

73:1d:40:ae:3f:3a:1f:b2:bc:3d:83:95
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

73:1d:40:ae:3f:3a:1f:b2:bc:3d:83:95
Certificate

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

78:9b:cb:fa:c8:da:95:f7:f1:bd:ac:60:de:04:f0:04:10:72:4c:05:1c:93:7e:10:22:d1:30:f0:47:f1:b6:6e
Signer

03-03-2022 14:19
Valid: true

ac:93:c6:4d:1a:61:04:00:7c:29:53:1d:c8:50:b9:be:93:0f:be:6d
Signer

03-03-2022 14:19
Valid: true

.text
Size: 82KB - Virtual size: 81KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 927KB - Virtual size: 926KB

.reloc
Size: 2KB - Virtual size: 1KB