qakbot | cobaltbay[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

cobaltbay.dll
Size

127KB
MD5

bd0606d24bf3059266e541f7a23e5372
SHA1

5fe7703e0479f9b1f9903d3c6f720d7af6653316
SHA256

bee0dc3779577ea5c89893a80135376260ca5cef46a81519c46fdf850035b709
SHA512

de2e4a1c0786bd4a2b36b906ec1c13193ebca68846c9b1d4afc1b7cc4ebe457fbe83a73e0a8f16146b067875fc65ded4b4107d36dc2676ac2434fd37011b5db0
SSDEEP

3072:rOWhGXeXeHuh7aZz36AATJbI/QRTBfQAzMh:rhGXeOHuh7kvATJ0/QRTBoAK

Score

10^/10

qakbot

Malware Config

Signatures

Qakbot family
qakbot

Files

cobaltbay.dll
.dll regsvr32 windows x86

0ac722e57c2c4e9d17a175801fddbcc5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_snprintf
_errno
_strtoi64
_vsnprintf
memchr
memset
free
_vsnwprintf
qsort
malloc
_time64
strncpy
strchr
strtod
localeconv
_ftol2_sse
atol
memcpy

kernel32

GetTickCount
GetModuleHandleA
GetWindowsDirectoryW
GetCurrentDirectoryW
GetSystemInfo
GetVersionExA
GetCommandLineW
LoadLibraryW
FlushFileBuffers
LocalAlloc
CreateMutexW
DuplicateHandle
GetCurrentThread
lstrcmpA
GetLastError
lstrcatA
CreateDirectoryW
DisconnectNamedPipe
lstrcpynW
GetProcessId
lstrlenW
lstrcatW
lstrcpyW
GetOEMCP
GetFileAttributesW
lstrcmpiW
GetDriveTypeW
K32GetModuleFileNameExW
MoveFileW
lstrcpynA
GetCurrentProcessId
SwitchToThread
GetModuleHandleW
GetProcAddress
HeapCreate
HeapFree
HeapAlloc
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
FreeLibrary
lstrcmpiA
GetSystemTimeAsFileTime
SetThreadPriority
SetFileAttributesW
GetExitCodeProcess
FindFirstFileW
FindNextFileW

user32

DefWindowProcW
UnregisterClassA
RegisterClassExA
CharUpperBuffW
CharUpperBuffA
CreateWindowExA
DestroyWindow

shell32

CommandLineToArgvW

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx

oleaut32

SafeArrayGetElement
SafeArrayGetLBound
SysFreeString
SysAllocString
VariantClear
SafeArrayDestroy
SafeArrayGetUBound

Exports

Exports

DllInstall
DllRegisterServer
HiefplnBaydof

Sections

.text
Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ac722e57c2c4e9d17a175801fddbcc5

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 95KB - Virtual size: 96KB

.rdata Size: 18KB - Virtual size: 20KB

.data Size: 6KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 95KB - Virtual size: 96KB

.rdata
Size: 18KB - Virtual size: 20KB

.data
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 3KB