pikabot | ce742b7cc94a5c668116d343b6a9677523dc13b358294bba3cd248fba8b880da[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

ce742b7cc94a5c668116d343b6a9677523dc13b358294bba3cd248fba8b880da.zip
Size

177KB
MD5

9c3081958735d0034bffc86df8390325
SHA1

4e1d6926749dee038fbb5060fbf274c60a13d443
SHA256

c9bb8ba5f8e6b034ad112542eb5035b798c1af795c0dde93601a6446dfe0b2c8
SHA512

d0f84f88763fb6de8db43d3e6c0013ad08fd76ef9bf403caed26e58ab2d83e93ab30da4bdf8d0bf8caa942eca758ffccd45d3f365c58009b22e876364f35939a
SSDEEP

3072:4POKYNOtues3f53NyNT5D32SSOrl4+k3mSxOqFCjSDkLF1X/ZQCAtHpgWdMb:MpOO0xKT5j23OhAeqFPWLQttHpwb

Score

10^/10

pikabot

Malware Config

Extracted

Family

pikabot

45.32.188.56:2967

154.221.30.136:13724

78.141.222.198:13786

216.128.136.231:13786

108.61.224.209:2967

139.84.235.8:2225

45.32.235.46:5242

210.243.8.247:23399

192.248.151.140:23399

Signatures

Detects PikaBot botnet 1 IoCs

Processes:

resource yara_rule

static1/unpack001/ce742b7cc94a5c668116d343b6a9677523dc13b358294bba3cd248fba8b880da.exe family_pikabot_v2
Pikabot family
pikabot
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/ce742b7cc94a5c668116d343b6a9677523dc13b358294bba3cd248fba8b880da.exe

resource	yara_rule
static1/unpack001/ce742b7cc94a5c668116d343b6a9677523dc13b358294bba3cd248fba8b880da.exe	family_pikabot_v2

resource
unpack001/ce742b7cc94a5c668116d343b6a9677523dc13b358294bba3cd248fba8b880da.exe

Files

ce742b7cc94a5c668116d343b6a9677523dc13b358294bba3cd248fba8b880da.zip
.zip

Password: infected
ce742b7cc94a5c668116d343b6a9677523dc13b358294bba3cd248fba8b880da.exe
.exe windows:6 windows x86 arch:x86

df9a4b633da6240db7237139a3412baa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
SetLastError
GetCurrentProcess
GetUserDefaultLangID
GetLargePageMinimum
lstrlenA
IsValidCodePage
GetTickCount
GetProcessHeap
GetModuleHandleA
GetLastError
GetCommandLineA

user32

IsZoomed
IsWindow
GetLastActivePopup
GetMessageTime
GetMessageExtraInfo
GetTopWindow
GetDialogBaseUnits
GetWindowTextLengthA

Sections

.text
Size: 302KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 622B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

df9a4b633da6240db7237139a3412baa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 302KB - Virtual size: 302KB

.data Size: 8KB - Virtual size: 7KB

.idata Size: 1024B - Virtual size: 622B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 302KB - Virtual size: 302KB

.data
Size: 8KB - Virtual size: 7KB

.idata
Size: 1024B - Virtual size: 622B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 10KB - Virtual size: 9KB