pikabot | pikabotcore[.]bin | Triage

Sharing

General

Target

pikabotcore.bin
Size

320KB
MD5

3bbf71aeaa85e2774c1d47c0e56e6472
SHA1

4bd1668c397a2e0bcc293bfecd0eee62df947c3a
SHA256

3316b2087e41a54a4bc60bef2058b10a645265e60f965e0c3d71da0bf5e221cd
SHA512

e713984a8a6592ca4cbfe440f24b835fed4700d77270a04743eef443de0b15f7a21d319ba665a65c0b97ef9cf90be70bb276897169e25e9414e02115e148a847
SSDEEP

6144:cewJSTU0kYEti/xN9WpofUGFTT51zFISUumZrkR10efUKJ:nkY7EYtF1ztU3Qztf

Score

10^/10

pikabot

Malware Config

Signatures

Pikabot family
pikabot
Pikabot version 2 payload 1 IoCs
Detects PikaBot botnet.

Processes:

resource yara_rule

sample family_pikabot_v2
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

pikabotcore.bin

Files

pikabotcore.bin
.exe windows:6 windows x86

f59a65cb4c6cb6984c02732942721692

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
GetCommandLineA
lstrlenA
GetCurrentProcess
GetCommandLineW
GetModuleHandleW
GetProcessHeap
GetUserDefaultLangID

user32

GetParent
GetTopWindow

Sections

.text
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ