pik_U1Installs[.]bin | Triage

Sharing

General

Target

pik_U1Installs.bin
Size

449KB
MD5

2166383d715f3ab9499f1ba34f9d4f4e
SHA1

0e7c2fe99472d258c5895b6786e131a3cf1b5c5a
SHA256

e75305a8faf628d6539eff7fee2855b3b35dd737772343b2ca82fcc174c8fb5d
SHA512

7ddb9180ba4258c869e91fd2618217051b2d723bd2d1c74d5b0443d6faedd5f7d0cb5ecd58eca782df22bf9f24fe71f40235f10393f24f127132f69a19fa5982
SSDEEP

6144:J6SxNsalGMfWB+VLbPK/HZRhOs7WOnhNiKO/8MEQJAjhj1UQW00svZhzdeRquURj:J6ShZuBhRfWOnhcQychpUiNZdTRJYcj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pik_U1Installs.bin

Files

pik_U1Installs.bin
.exe windows x86

Password: infected

262b81a7f42857110a67ee29e798726c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
HeapCreate
SetEvent
ResetEvent
WaitForSingleObject
CreateMutexW
CreateEventW
GetVersion
CreateTimerQueue
GetModuleHandleA
DeleteAtom
AddAtomW
FindAtomW
GetAtomNameW

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 394B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 442KB - Virtual size: 441KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ