DllRegisterServer
Static task
static1
Behavioral task
behavioral1
Sample
4ad08479406d40989ce7fdb6a49bf3d180da5b3d43f770171134d682f3e3786d.dll
Resource
win7-en-20211208
General
-
Target
4ad08479406d40989ce7fdb6a49bf3d180da5b3d43f770171134d682f3e3786d
-
Size
324KB
-
MD5
0e6c166f3a55ab04be19c0211fc08369
-
SHA1
be8510e4a362517b498f01d1717764db50fbf8f0
-
SHA256
4ad08479406d40989ce7fdb6a49bf3d180da5b3d43f770171134d682f3e3786d
-
SHA512
bbaba25aa828781719b4b63a36c50792defe80803b0211cd4920f79c728da075b16512d07f8879a89dbb1f001ee56bd6617e026683821e037ba76d6bdb7fec51
-
SSDEEP
6144:w1W0Vx/FfiOTBT+hJkViSxzs5svQvF5oOTB/+hE:p07F6OTJUJhSxzs5BFKOTFUE
Malware Config
Extracted
qakbot
401.29
abc100
1606289576
198.2.35.226:2222
84.78.128.76:2078
120.150.34.178:443
24.201.61.153:2078
217.128.117.218:2222
217.133.54.140:32100
156.205.56.98:995
98.26.50.62:995
172.114.116.226:995
109.209.94.165:2222
72.190.101.70:443
92.59.35.196:2083
37.107.82.136:443
85.132.36.111:2222
174.76.11.123:995
219.74.176.225:443
98.118.156.172:443
94.59.120.142:443
72.29.181.78:2078
178.223.20.246:995
83.110.19.27:443
189.231.173.158:443
45.63.107.192:2222
217.165.1.34:443
149.28.98.196:995
94.52.160.116:443
149.28.99.97:443
45.77.193.83:443
197.161.154.132:443
149.28.99.97:2222
45.63.107.192:995
156.194.226.251:995
58.187.41.55:443
149.28.98.196:2222
105.198.236.101:443
149.28.98.196:443
92.177.56.164:2222
41.97.97.120:443
24.152.219.253:995
37.116.152.122:2222
216.215.77.18:2078
24.122.0.90:443
68.192.50.231:443
73.55.254.225:443
110.53.221.119:443
50.244.112.90:443
178.87.29.72:443
201.152.196.4:443
2.49.219.254:22
71.126.139.251:443
47.44.217.98:443
75.136.40.155:443
93.149.253.201:2222
96.225.88.23:443
166.62.183.139:2078
45.118.65.34:443
50.244.112.10:995
93.146.133.102:2222
96.21.251.127:2222
58.179.21.147:995
90.101.117.122:2222
184.98.97.227:995
77.76.9.40:443
71.10.43.79:443
59.98.96.143:443
86.122.248.164:2222
101.185.175.169:2222
71.187.170.235:443
92.59.35.196:2222
103.102.100.78:2222
188.52.193.110:995
90.175.88.99:2222
37.107.111.46:995
96.237.141.134:995
78.97.3.6:443
2.50.143.154:2078
83.110.220.105:443
109.205.204.229:2222
90.101.62.189:2222
41.228.220.155:443
79.112.110.20:443
190.128.215.174:443
45.32.165.134:443
45.32.162.253:443
140.82.27.132:443
188.26.243.119:443
79.113.247.80:443
73.248.120.240:443
82.76.47.211:443
72.36.59.46:2222
219.76.148.249:443
113.22.243.219:443
77.27.174.49:995
71.28.164.56:995
70.124.29.226:443
188.24.143.84:443
89.32.220.24:443
71.182.142.63:443
95.76.27.6:443
73.121.132.5:443
81.97.154.100:443
84.224.55.148:995
188.121.219.88:2222
151.60.51.86:443
82.12.157.95:995
69.123.179.70:443
173.173.1.164:443
94.69.112.148:2222
218.227.162.13:443
80.227.5.70:443
86.98.10.63:2222
89.137.77.237:443
79.129.121.81:995
2.50.143.154:2222
51.223.61.13:443
69.11.247.242:443
120.151.95.167:443
98.16.204.189:995
108.31.15.10:995
86.248.30.56:2222
64.185.5.157:443
84.232.252.202:2222
84.78.128.76:2222
81.88.254.62:443
74.134.184.114:443
77.159.149.74:443
85.60.132.8:2222
47.146.39.147:443
109.154.186.39:2222
68.15.109.125:443
149.135.101.20:443
68.190.152.98:443
69.40.22.180:443
37.104.30.154:995
66.26.160.37:443
208.99.100.129:443
184.21.136.237:443
207.255.18.67:443
161.142.217.62:443
103.26.221.230:2222
83.110.74.87:443
37.209.255.84:443
47.187.49.3:2222
58.152.9.133:443
93.51.28.161:2222
85.105.29.218:443
116.240.76.97:0
76.104.230.174:443
77.30.214.26:443
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Signatures
-
Qakbot family
Files
-
4ad08479406d40989ce7fdb6a49bf3d180da5b3d43f770171134d682f3e3786d.dll regsvr32 windows x86
8214efb19d4c085a17e4d24c69d9ffd5
Code Sign
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
inet_ntoa
psapi
GetModuleFileNameExW
msvcrt
_time64
strtod
_HUGE
localeconv
strchr
strncpy
malloc
free
qsort
memcpy
memmove
memset
atol
_vsnwprintf
_snprintf
_vsnprintf
_strtoi64
memchr
_errno
kernel32
lstrcmpA
lstrcpynA
GetCurrentProcess
GetCurrentThread
GetExitCodeThread
CreateMutexA
DuplicateHandle
GetLastError
lstrcatA
CreateDirectoryW
lstrlenA
DisconnectNamedPipe
lstrcpynW
GetProcessId
CopyFileW
lstrcatW
DeleteFileW
lstrcpyW
lstrcmpiW
CloseHandle
GetCurrentProcessId
GetDriveTypeW
GetModuleHandleA
lstrlenW
MoveFileW
GetProcAddress
SwitchToThread
InterlockedIncrement
SetThreadPriority
HeapAlloc
HeapFree
HeapCreate
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
GetSystemTimeAsFileTime
SetLastError
lstrcmpiA
LoadLibraryA
GetExitCodeProcess
CreatePipe
GetWindowsDirectoryW
FindFirstFileW
FindNextFileW
SetFileAttributesW
FlushFileBuffers
LocalAlloc
LoadLibraryW
GetTickCount
GetModuleFileNameW
GetSystemInfo
GetVersionExA
user32
CreateWindowExA
CharUpperBuffW
CharUpperBuffA
GetSystemMetrics
RegisterClassExA
DestroyWindow
DefWindowProcA
UnregisterClassA
advapi32
GetSidSubAuthority
OpenProcessToken
RegSetValueExW
RegQueryValueExW
IsTextUnicode
RegDeleteValueA
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegQueryInfoKeyW
RegUnLoadKeyW
RegLoadKeyW
ConvertSidToStringSidW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
LookupAccountNameW
LookupAccountSidW
GetSecurityDescriptorSacl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ole32
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
oleaut32
SafeArrayGetUBound
SysAllocString
SysFreeString
SafeArrayGetElement
SafeArrayDestroy
VariantClear
SafeArrayGetLBound
userenv
GetUserProfileDirectoryW
Exports
Exports
Sections
.text Size: 83KB - Virtual size: 83KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ