SndVol_pikabot_0[.]8[.]5[.]exe[.]bin | Triage

Sharing

General

Target

SndVol_pikabot_0.8.5.exe.bin
Size

197KB
MD5

eba30fd5092de10d5d9f28f6a237294f
SHA1

2917e3640f84fe38f1713efab15eb7782dcd0b19
SHA256

74129fa549a367bc835c86231735d5493d220d6617fb864cb66a67db8c90488f
SHA512

ea27490f6d0b32dc0a4f9f9ab4bc23b1ae8dce8ccce9fd92bff0c014248a3088157d5c85ca857d46309561afda670d101f4e385f972537a39377e145764872d0
SSDEEP

3072:LUEu0EbWopqQnppjMQTeCmLkZKOG4zYqZmZRkrzYFJFW4EcPCb4Sqw8CPT:LK0anTnpdeCmLgKOdYSUq0FWS1w8CL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SndVol_pikabot_0.8.5.exe.bin

Files

SndVol_pikabot_0.8.5.exe.bin
.dll regsvr32 windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ