General

Malware Config

Signatures

Files

• QBot.zip

  .zip
• QBot/102755.dll

  .dll windows x86

  
  

  Code Sign

  0a:f5:84:40:6e:a7:0f:91:4f:81:9a:50:a8:c7:72:ce

  Certificate

  Issuer

  CN=WKEABJMFVZDVIWLXKS

  Not Before

  08-07-2022 13:42

  Not After

  31-12-2039 23:59

  Subject

  CN=WKEABJMFVZDVIWLXKS

  Extended Key Usages

  ExtKeyUsageCodeSigning

  30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-05-2019 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43

  Certificate

  Issuer

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  11-05-2022 00:00

  Not After

  10-08-2033 23:59

  Subject

  CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  c6:e5:70:1a:a9:2c:30:5c:39:5b:db:80:c4:ed:76:85:4c:9f:34:ba

  Signer

  Actual PE Digest

  c6:e5:70:1a:a9:2c:30:5c:39:5b:db:80:c4:ed:76:85:4c:9f:34:ba

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=WKEABJMFVZDVIWLXKS

  07-07-2022 13:23

  Valid: false

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_BYTES_REVERSED_LO

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_BYTES_REVERSED_HI

  Sections

  CODE

  Size: 358KB - Virtual size: 357KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  DATA

  Size: 7KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  BSS

  Size: - Virtual size: 3KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 8KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 28KB - Virtual size: 27KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 278KB - Virtual size: 278KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• QBot/TXRTN_4890370.lnk

  .lnk
• QBot/WindowsCodecs.dll

  .dll regsvr32 windows x86

  87a1f1c5766b04416c137412a6152760

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetCurrentProcess

  OutputDebugStringA

  GetEnvironmentVariableW

  OutputDebugStringW

  lstrcatW

  CloseHandle

  ExitProcess

  CreateProcessW

  IsWow64Process

  user32

  MessageBoxA

  Exports

  Exports

  DllInstall

  DllRegisterServer

  Sections

  .text

  Size: 1024B - Virtual size: 558B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1024B - Virtual size: 814B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 323B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 76B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• QBot/calc.exe

  .exe windows x86

  f93b5d76132f6e6068946ec238813ce1

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  shell32

  SHGetSpecialFolderPathW

  SHGetFolderPathW

  ShellAboutW

  ord165

  ShellExecuteExW

  shlwapi

  ord225

  gdiplus

  GdipDrawLineI

  GdipDrawArcI

  GdipFillRectangleI

  GdipCloneBrush

  GdipCloneImage

  GdipCreateBitmapFromHBITMAP

  GdipCreateFromHDC

  GdipDrawImageRectI

  GdipSetInterpolationMode

  GdipSetPageUnit

  GdipCreateSolidFill

  GdipCreateBitmapFromScan0

  GdipDisposeImage

  GdipDeleteGraphics

  GdipDeletePen

  GdipCreatePen1

  GdipDeleteBrush

  GdipAlloc

  GdipFree

  GdiplusStartup

  GdiplusShutdown

  GdipGetImageGraphicsContext

  GdipSetSmoothingMode

  GdipCloneBitmapAreaI

  GdipCreateHBITMAPFromBitmap

  advapi32

  RegEnumKeyExW

  RegOpenKeyExW

  RegQueryInfoKeyW

  RegGetValueW

  RegEnumValueW

  RegDeleteKeyW

  RegQueryValueExW

  RegSetValueExW

  OpenSCManagerW

  OpenServiceW

  QueryServiceConfigW

  CloseServiceHandle

  RegCreateKeyExW

  RegCloseKey

  EventWrite

  EventUnregister

  EventRegister

  oleaut32

  SysAllocString

  SysStringLen

  VariantInit

  SysAllocStringByteLen

  SysFreeString

  VariantClear

  uxtheme

  IsThemeActive

  ole32

  CoInitialize

  CoUninitialize

  CoCreateInstance

  comctl32

  ImageList_Destroy

  ImageList_Add

  ImageList_Create

  ord413

  CreatePropertySheetPageW

  PropertySheetW

  ord380

  ord410

  ord392

  ntdll

  WinSqmAddToStreamEx

  WinSqmIncrementDWORD

  WinSqmAddToStream

  NtQueryLicenseValue

  RtlInitUnicodeString

  kernel32

  lstrlenA

  WideCharToMultiByte

  GetStartupInfoA

  OutputDebugStringA

  SetUnhandledExceptionFilter

  GetModuleHandleA

  QueryPerformanceCounter

  GetTickCount

  GetCurrentThreadId

  GetVersionExA

  DeleteCriticalSection

  InitializeCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  GetCurrentProcessId

  SizeofResource

  LockResource

  LoadResource

  FindResourceW

  FindResourceExW

  GetModuleHandleW

  GetSystemTime

  SetEvent

  CloseHandle

  WaitForSingleObject

  CreateThread

  CreateEventW

  ResetEvent

  lstrcmpW

  GlobalAlloc

  GlobalUnlock

  GlobalLock

  GlobalSize

  MulDiv

  GlobalFindAtomW

  GetLastError

  InterlockedDecrement

  MultiByteToWideChar

  GetLocalTime

  GetLocaleInfoW

  GetDateFormatW

  InterlockedIncrement

  WritePrivateProfileStringW

  GetPrivateProfileStringW

  lstrcmpiW

  GetLocaleInfoEx

  GetProcAddress

  LoadLibraryW

  FreeLibrary

  DelayLoadFailureHook

  InterlockedCompareExchange

  LoadLibraryExA

  HeapFree

  HeapAlloc

  GetProcessHeap

  GetVersionExW

  InterlockedExchange

  FreeLibraryAndExitThread

  GetFileAttributesW

  Wow64RevertWow64FsRedirection

  Wow64DisableWow64FsRedirection

  IsWow64Process

  GetCurrentProcess

  GetModuleFileNameW

  LocalFree

  LocalReAlloc

  LocalAlloc

  GetProfileStringW

  lstrlenW

  CompareStringW

  ApplicationRecoveryInProgress

  Sleep

  ApplicationRecoveryFinished

  RegisterApplicationRecoveryCallback

  RegisterApplicationRestart

  CompareFileTime

  SystemTimeToFileTime

  GetTempFileNameW

  FileTimeToSystemTime

  DeleteFileW

  CreateFileW

  GetSystemTimeAsFileTime

  TerminateProcess

  UnhandledExceptionFilter

  HeapDestroy

  HeapReAlloc

  HeapSize

  RaiseException

  user32

  GetSysColor

  SetClassLongW

  GetClassLongW

  DrawMenuBar

  SetMenuItemInfoW

  AppendMenuW

  RemoveMenu

  GetSubMenu

  GetWindowLongW

  InsertMenuItemW

  SetWindowLongW

  IsWindowEnabled

  PostMessageW

  CharNextA

  SetClipboardData

  EmptyClipboard

  CloseClipboard

  GetClipboardData

  OpenClipboard

  GetMenuState

  IsClipboardFormatAvailable

  DefWindowProcW

  InvalidateRect

  PostQuitMessage

  GetFocus

  DispatchMessageW

  TranslateMessage

  GetMessageExtraInfo

  TranslateAcceleratorW

  GetMessageW

  SetForegroundWindow

  SetWindowPlacement

  RegisterClassExW

  DrawTextW

  ReleaseDC

  GetDC

  GetSystemMetrics

  EnumChildWindows

  SetPropW

  GetMenu

  CheckRadioButton

  UpdateWindow

  SendDlgItemMessageW

  IsDlgButtonChecked

  MoveWindow

  GetDlgItemInt

  SetDlgItemInt

  CheckMenuItem

  GetNextDlgTabItem

  OffsetRect

  GetMonitorInfoW

  MonitorFromWindow

  CopyRect

  IntersectRect

  EnumDisplayMonitors

  EqualRect

  MonitorFromRect

  GetClassWord

  EnumDesktopWindows

  GetProcessDefaultLayout

  CreateDialogParamW

  TrackPopupMenu

  CreatePopupMenu

  GetAncestor

  FindWindowW

  EndDialog

  EnableMenuItem

  DestroyWindow

  MapWindowPoints

  GetClassNameW

  GetDlgItem

  GetWindowRect

  SetWindowPos

  SendMessageW

  LoadCursorW

  SetCursor

  GetKeyState

  IsDialogMessageW

  LoadAcceleratorsW

  GetWindowTextLengthW

  GetWindowTextW

  EnableWindow

  SetFocus

  LoadStringW

  SetWindowTextW

  GetParent

  GetClientRect

  ShowWindow

  GetWindowPlacement

  LoadImageW

  UnregisterClassA

  FillRect

  CheckMenuRadioItem

  CreateWindowExW

  MessageBeep

  SystemParametersInfoW

  DialogBoxParamW

  rpcrt4

  UuidCreate

  UuidToStringW

  RpcStringFreeW

  winmm

  timeGetTime

  version

  GetFileVersionInfoExW

  GetFileVersionInfoSizeExW

  VerQueryValueW

  gdi32

  EqualRgn

  CreateDIBSection

  DeleteObject

  DeleteDC

  GetTextExtentPointW

  CreateFontIndirectW

  CreateCompatibleDC

  GetDeviceCaps

  GetRgnBox

  CreateSolidBrush

  GetTextMetricsW

  GetTextExtentPoint32W

  GetObjectW

  LineTo

  MoveToEx

  ExtCreatePen

  CreateCompatibleBitmap

  CreateRectRgn

  CreateRectRgnIndirect

  SetRectRgn

  CombineRgn

  SelectObject

  CreatePatternBrush

  SetTextColor

  SetBkMode

  GetStockObject

  SetBkColor

  msvcrt

  wcsncmp

  _wcsnicmp

  iswdigit

  _wcslwr_s

  iswalpha

  ??0bad_cast@@QAE@ABV0@@Z

  ??1bad_cast@@UAE@XZ

  localeconv

  memchr

  strcspn

  sprintf_s

  _strtoi64

  _strtoui64

  _wcsdup

  _i64tow_s

  _wtoi64

  wcsrchr

  wcstoul

  isalpha

  time

  difftime

  memmove

  _callnewh

  __pctype_func

  ___lc_codepage_func

  ___lc_handle_func

  _itow_s

  ___mb_cur_max_func

  setlocale

  __crtGetStringTypeW

  __crtLCMapStringW

  __mb_cur_max

  tolower

  isspace

  abort

  isalnum

  __getmainargs

  _cexit

  _exit

  _XcptFilter

  _ismbblead

  _acmdln

  _initterm

  _amsg_exit

  __setusermatherr

  __p__commode

  __p__fmode

  __set_app_type

  ??1type_info@@UAE@XZ

  _unlock

  __dllonexit

  _lock

  _onexit

  ?terminate@@YAXXZ

  __uncaught_exception

  _except_handler4_common

  _controlfp

  _wtoi

  _itoa

  calloc

  wcschr

  _wcsicmp

  _vsnwprintf

  memcpy

  wcscat_s

  wcstol

  wcscpy_s

  exit

  mbstowcs_s

  toupper

  isxdigit

  isdigit

  _ftol2_sse

  memset

  _ftol2

  malloc

  _purecall

  free

  ??0exception@@QAE@XZ

  _CxxThrowException

  ??0exception@@QAE@ABV0@@Z

  ??1exception@@UAE@XZ

  ?what@exception@@UBEPBDXZ

  ??0exception@@QAE@ABQBD@Z

  memmove_s

  memcpy_s

  __CxxFrameHandler3

  _errno

  _wcsrev

  Sections

  .text

  Size: 331KB - Virtual size: 331KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 16KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 394KB - Virtual size: 393KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 15KB - Virtual size: 14KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ