catsrv.pdb
Static task
static1
Behavioral task
behavioral1
Sample
pikabot.dll
Resource
win10v2004-20231222-en
General
-
Target
pikabot_feb_8.zip
-
Size
537KB
-
MD5
287de22eee7ae35a629f5e4364d254b1
-
SHA1
02fa63eb8964c19e37bda6d4efd1fcffa3638e88
-
SHA256
2be644cec6f2caf1ddf4e404d2b381c933b926b4d90337230f42013c0b9c7ffa
-
SHA512
b4f6892a80b90c95d381fd115900b9f35f5b9a1d8d8d68458aa33c8e9398c9336d5291aea011a4db3594eed8d85470257f00fba61aa9b70695097a7c95063183
-
SSDEEP
12288:0WCC5LImgUR0rSSgyxcvmeb1HsT5TDKAfYsjckqfOq+RiyRjdbMylzep6G+kUmWQ:ICxB/SrSE6sTxdfYsUfO1RiyZdbMnEG9
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/pikabot.dll
Files
-
pikabot_feb_8.zip.zip
-
pikabot.dll.dll windows:5 windows x86 arch:x86
8bc1f5f3dbdd153468f5cedc47cda5fb
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
advapi32
CopySid
RegisterEventSourceW
ReportEventW
DeregisterEventSource
DuplicateTokenEx
CreateProcessAsUserW
SetEntriesInAclW
GetSecurityDescriptorLength
LsaRetrievePrivateData
LsaStorePrivateData
LsaRemoveAccountRights
LsaEnumerateAccountRights
LsaAddAccountRights
LogonUserW
IsValidSecurityDescriptor
ImpersonateSelf
CreatePrivateObjectSecurityEx
DestroyPrivateObjectSecurity
LsaLookupNames
GetSidLengthRequired
BuildTrusteeWithSidW
GetSecurityDescriptorDacl
GetAclInformation
RegCreateKeyW
SetThreadToken
RegQueryValueExW
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
OpenThreadToken
GetTokenInformation
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
LockServiceDatabase
UnlockServiceDatabase
SaferGetPolicyInformation
SaferCreateLevel
SaferGetLevelInformation
SaferCloseLevel
QueryServiceStatus
DeleteService
CreateServiceW
ChangeServiceConfigW
QueryServiceConfigW
ControlService
OpenSCManagerW
OpenServiceW
StartServiceW
CloseServiceHandle
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
SetSecurityDescriptorControl
LookupAccountNameW
AddAce
GetAce
AddAccessAllowedAceEx
RevertToSelf
CheckTokenMembership
GetSidSubAuthorityCount
GetSidSubAuthority
LookupAccountSidW
LsaFreeMemory
LsaClose
LsaQueryInformationPolicy
LsaOpenPolicy
ConvertStringSidToSidW
BuildSecurityDescriptorW
BuildTrusteeWithNameW
IsWellKnownSid
ConvertSidToStringSidW
kernel32
CreateFileMappingA
GetLongPathNameW
InitializeCriticalSectionAndSpinCount
ReadFile
GetFileType
FindResourceExW
GetSystemDefaultUILanguage
LocalFree
GetExitCodeProcess
CreateFileMappingW
FormatMessageW
LockResource
CreateProcessW
GetLocalTime
DebugBreak
GetThreadContext
IsDebuggerPresent
CreateSemaphoreA
CreateEventA
ReleaseSemaphore
LocalAlloc
LocalSize
LocalReAlloc
CompareStringW
ReleaseMutex
OpenMutexW
CreateMutexW
OpenFileMappingW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
LoadLibraryA
GetCurrentThread
FindFirstFileW
RemoveDirectoryW
FindNextFileW
FindClose
MoveFileW
GetComputerNameW
CreateFileW
SetFilePointer
WriteFile
MoveFileExW
DeleteFileW
GetTempPathW
CopyFileW
WaitForSingleObject
OutputDebugStringW
SetThreadLocale
IsValidLocale
GetThreadLocale
GetSystemDirectoryW
SetEvent
InterlockedCompareExchange
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
lstrlenA
lstrcatW
DisableThreadLibraryCalls
CreateEventW
CloseHandle
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
lstrcpynW
HeapDestroy
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
lstrcpyW
lstrlenW
MultiByteToWideChar
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetVersionExW
SetFileAttributesW
ResetEvent
Sleep
ExpandEnvironmentStringsW
GetFileAttributesW
OpenFileMappingA
MapViewOfFile
CreateDirectoryW
UnmapViewOfFile
GetFileSizeEx
DelayLoadFailureHook
msvcrt
_onexit
_except_handler3
malloc
free
realloc
_purecall
wcscpy
wcslen
wcscmp
wcscat
_snwprintf
_local_unwind2
_beginthreadex
_wcsicmp
wcstombs
wcsncpy
_errno
_wrename
wcstok
wcstol
_i64tow
__CxxFrameHandler
swscanf
_vsnwprintf
wcsrchr
_waccess
_wstrtime
_wstrdate
_wcsnicmp
_initterm
_adjust_fdiv
__dllonexit
ntdll
DbgUserBreakPoint
ole32
StringFromCLSID
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
CoGetObjectContext
CoRevertToSelf
CoImpersonateClient
StringFromGUID2
CLSIDFromString
CoGetCallContext
oleaut32
LoadRegTypeLi
VarUI4FromStr
SysStringLen
RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
user32
CharNextW
LoadStringW
CharPrevW
wsprintfW
CloseDesktop
GetThreadDesktop
SetThreadDesktop
OpenDesktopW
SetWindowPos
MapWindowPoints
GetClientRect
GetWindowRect
GetDesktopWindow
SetProcessWindowStation
OpenWindowStationW
wsprintfA
CharLowerW
DialogBoxParamW
EndDialog
SetDlgItemTextW
CloseWindowStation
GetProcessWindowStation
version
VerQueryValueW
Exports
Exports
?CancelWriteICR@@YGJPAPAUIComponentRecords@@@Z
?GetReadICR@@YGJHPAPAUIComponentRecords@@@Z
?GetWriteICR@@YGJPAPAUIComponentRecords@@@Z
?ReleaseReadICR@@YGXPAPAUIComponentRecords@@@Z
?SaveWriteICR@@YGJPAPAUIComponentRecords@@@Z
CreateComponentLibraryTS
DllCanUnload123
DllGetClassObj123
DllRegisterSer123
Enter
GetCatalogCRMClerk
OpenComponentLibrarySharedTS
OpenComponentLibraryTS
Sections
.text Size: 229KB - Virtual size: 232KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 489KB - Virtual size: 489KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
run.bat