pikabot_feb_8[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

pikabot_feb_8.zip
Size

537KB
MD5

287de22eee7ae35a629f5e4364d254b1
SHA1

02fa63eb8964c19e37bda6d4efd1fcffa3638e88
SHA256

2be644cec6f2caf1ddf4e404d2b381c933b926b4d90337230f42013c0b9c7ffa
SHA512

b4f6892a80b90c95d381fd115900b9f35f5b9a1d8d8d68458aa33c8e9398c9336d5291aea011a4db3594eed8d85470257f00fba61aa9b70695097a7c95063183
SSDEEP

12288:0WCC5LImgUR0rSSgyxcvmeb1HsT5TDKAfYsjckqfOq+RiyRjdbMylzep6G+kUmWQ:ICxB/SrSE6sTxdfYsUfO1RiyZdbMnEG9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/pikabot.dll

resource
unpack001/pikabot.dll

Files

pikabot_feb_8.zip
.zip
pikabot.dll
.dll windows:5 windows x86 arch:x86

8bc1f5f3dbdd153468f5cedc47cda5fb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

catsrv.pdb

Imports

advapi32

CopySid
RegisterEventSourceW
ReportEventW
DeregisterEventSource
DuplicateTokenEx
CreateProcessAsUserW
SetEntriesInAclW
GetSecurityDescriptorLength
LsaRetrievePrivateData
LsaStorePrivateData
LsaRemoveAccountRights
LsaEnumerateAccountRights
LsaAddAccountRights
LogonUserW
IsValidSecurityDescriptor
ImpersonateSelf
CreatePrivateObjectSecurityEx
DestroyPrivateObjectSecurity
LsaLookupNames
GetSidLengthRequired
BuildTrusteeWithSidW
GetSecurityDescriptorDacl
GetAclInformation
RegCreateKeyW
SetThreadToken
RegQueryValueExW
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
OpenThreadToken
GetTokenInformation
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
LockServiceDatabase
UnlockServiceDatabase
SaferGetPolicyInformation
SaferCreateLevel
SaferGetLevelInformation
SaferCloseLevel
QueryServiceStatus
DeleteService
CreateServiceW
ChangeServiceConfigW
QueryServiceConfigW
ControlService
OpenSCManagerW
OpenServiceW
StartServiceW
CloseServiceHandle
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
SetSecurityDescriptorControl
LookupAccountNameW
AddAce
GetAce
AddAccessAllowedAceEx
RevertToSelf
CheckTokenMembership
GetSidSubAuthorityCount
GetSidSubAuthority
LookupAccountSidW
LsaFreeMemory
LsaClose
LsaQueryInformationPolicy
LsaOpenPolicy
ConvertStringSidToSidW
BuildSecurityDescriptorW
BuildTrusteeWithNameW
IsWellKnownSid
ConvertSidToStringSidW

kernel32

CreateFileMappingA
GetLongPathNameW
InitializeCriticalSectionAndSpinCount
ReadFile
GetFileType
FindResourceExW
GetSystemDefaultUILanguage
LocalFree
GetExitCodeProcess
CreateFileMappingW
FormatMessageW
LockResource
CreateProcessW
GetLocalTime
DebugBreak
GetThreadContext
IsDebuggerPresent
CreateSemaphoreA
CreateEventA
ReleaseSemaphore
LocalAlloc
LocalSize
LocalReAlloc
CompareStringW
ReleaseMutex
OpenMutexW
CreateMutexW
OpenFileMappingW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
LoadLibraryA
GetCurrentThread
FindFirstFileW
RemoveDirectoryW
FindNextFileW
FindClose
MoveFileW
GetComputerNameW
CreateFileW
SetFilePointer
WriteFile
MoveFileExW
DeleteFileW
GetTempPathW
CopyFileW
WaitForSingleObject
OutputDebugStringW
SetThreadLocale
IsValidLocale
GetThreadLocale
GetSystemDirectoryW
SetEvent
InterlockedCompareExchange
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
lstrlenA
lstrcatW
DisableThreadLibraryCalls
CreateEventW
CloseHandle
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
lstrcpynW
HeapDestroy
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
lstrcpyW
lstrlenW
MultiByteToWideChar
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetVersionExW
SetFileAttributesW
ResetEvent
Sleep
ExpandEnvironmentStringsW
GetFileAttributesW
OpenFileMappingA
MapViewOfFile
CreateDirectoryW
UnmapViewOfFile
GetFileSizeEx
DelayLoadFailureHook

msvcrt

_onexit
_except_handler3
malloc
free
realloc
_purecall
wcscpy
wcslen
wcscmp
wcscat
_snwprintf
_local_unwind2
_beginthreadex
_wcsicmp
wcstombs
wcsncpy
_errno
_wrename
wcstok
wcstol
_i64tow
__CxxFrameHandler
swscanf
_vsnwprintf
wcsrchr
_waccess
_wstrtime
_wstrdate
_wcsnicmp
_initterm
_adjust_fdiv
__dllonexit

ntdll

DbgUserBreakPoint

ole32

StringFromCLSID
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
CoGetObjectContext
CoRevertToSelf
CoImpersonateClient
StringFromGUID2
CLSIDFromString
CoGetCallContext

oleaut32

LoadRegTypeLi
VarUI4FromStr
SysStringLen
RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString

user32

CharNextW
LoadStringW
CharPrevW
wsprintfW
CloseDesktop
GetThreadDesktop
SetThreadDesktop
OpenDesktopW
SetWindowPos
MapWindowPoints
GetClientRect
GetWindowRect
GetDesktopWindow
SetProcessWindowStation
OpenWindowStationW
wsprintfA
CharLowerW
DialogBoxParamW
EndDialog
SetDlgItemTextW
CloseWindowStation
GetProcessWindowStation

version

VerQueryValueW

Exports

Exports

?CancelWriteICR@@YGJPAPAUIComponentRecords@@@Z
?GetReadICR@@YGJHPAPAUIComponentRecords@@@Z
?GetWriteICR@@YGJPAPAUIComponentRecords@@@Z
?ReleaseReadICR@@YGXPAPAUIComponentRecords@@@Z
?SaveWriteICR@@YGJPAPAUIComponentRecords@@@Z
CreateComponentLibraryTS
DllCanUnload123
DllGetClassObj123
DllRegisterSer123
Enter
GetCatalogCRMClerk
OpenComponentLibrarySharedTS
OpenComponentLibraryTS

Sections

.text
Size: 229KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 489KB - Virtual size: 489KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
run.bat

Sharing

General

Malware Config

Signatures

Files

8bc1f5f3dbdd153468f5cedc47cda5fb

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ntdll

ole32

oleaut32

user32

version

Exports

Exports

Sections

.text Size: 229KB - Virtual size: 232KB

.data Size: 2KB - Virtual size: 20KB

.rsrc Size: 489KB - Virtual size: 489KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 229KB - Virtual size: 232KB

.data
Size: 2KB - Virtual size: 20KB

.rsrc
Size: 489KB - Virtual size: 489KB

.reloc
Size: 9KB - Virtual size: 8KB