pikabot | 1980-1-0x00000000001E0000-0x00000000001F9000-memory[.]dmp | Triage

Sharing

General

Target

1980-1-0x00000000001E0000-0x00000000001F9000-memory.dmp
Size

100KB
MD5

9c1cab642c596771ccb1a94631cf67b4
SHA1

4c089a45e239bcce3df6727d342ebb8ad1840238
SHA256

b3cfb8fc5d35e78652c232f2e3d596d4ac7a02f05435b38b0539be316d74a3b5
SHA512

5b7a9a25d658c086fb407cd8f65851db7dafd881cff60b8e8df74aaf1aee77ca5bce09e7928f0c647ecd50641d05b6afcbe6118956e712d5b2310f8fb1cd3696
SSDEEP

1536:ZRe88iq2vZOX3Eszsbt4txy3pWRUj/8IzsZp1mLhcsm9Q0C:eilvQX3EsgpowpWOb6pkLc

Score

10^/10

pikabot

Malware Config

Extracted

Family

pikabot

C2

154.53.55.165

158.247.240.58

154.12.236.248

Signatures

Pikabot family
pikabot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
1980-1-0x00000000001E0000-0x00000000001F9000-memory.dmp

Files

1980-1-0x00000000001E0000-0x00000000001F9000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ