qbot[.]bin | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

qbot.bin
Size

443KB
MD5

c5580f721f826a8ecdb86826c4f3a056
SHA1

07d78105110f6d1657785f606a9f5fdf9742c256
SHA256

8e9fe7e5c784f21faa30ebb22c971446035c7d83069eac3d0bbe85f23542fda9
SHA512

529e5af530450742f82944a6375dd00594cd199938b632ce585913f1aaa7eb8101ec5e2b500bda943954d19069cf31bc517f07779dbf02de9e2ef4cbfc636937
SSDEEP

12288:nDFhSg4nkx/LMw27kcmgexU51plXKixdvKXsmR:nD3S1T6YhxlNqf

Score

N/A

Malware Config

Signatures

Files

qbot.bin
.dll regsvr32 windows x86

84df75911ee4a4dc00765ff38f6b934c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
FindClose
FindFirstFileA
FindNextFileA
SetFilePointer
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
ExitProcess
CreateThread
GetCurrentThread
OpenThread
VirtualAlloc
GetProcAddress
SwitchToFiber
CreateFiber
LoadLibraryA
CallNamedPipeA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesExW
CompareStringW
LCMapStringW
FindFirstFileExA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
DecodePointer
RaiseException
CreateFileW
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW

Exports

Exports

DllRegisterServer
TOcSc9898M
TRoMqVC7r
UDOysR
WXbba298N

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84df75911ee4a4dc00765ff38f6b934c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 137KB - Virtual size: 137KB

.rdata Size: 202KB - Virtual size: 201KB

.data Size: 77KB - Virtual size: 79KB

.gfids Size: 512B - Virtual size: 164B

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 137KB - Virtual size: 137KB

.rdata
Size: 202KB - Virtual size: 201KB

.data
Size: 77KB - Virtual size: 79KB

.gfids
Size: 512B - Virtual size: 164B

.reloc
Size: 9KB - Virtual size: 8KB