qakbot | 15991f87b8ee4de1163d226fb4825c91a600b0aa5c7359021cb5ef5339eaecda_unpacked

Sharing

Copy URL Twitter E-mail

General

Target

15991f87b8ee4de1163d226fb4825c91a600b0aa5c7359021cb5ef5339eaecda_unpacked
Size

230KB
MD5

25984af48fa27ec36bd257f8478aa628
SHA1

a786fa7c5b9c71fff963581c1792f8a044262929
SHA256

9bb396b30891b28be08339c37ce6c249989f0e1c90a8755dc445c8417e6d0f27
SHA512

9de996ebbb2259c5b622d1bc00a6cb0f46766581e1fa3f18769b799daa7c76714b68c287ae995080355ba334ad9419c8facc57c9cdb5c2904e40bb62693d22d1
SSDEEP

6144:Ol64hYSMsu2yl4hL2TBwjXaqJDf2sIM4:g64S0uSh2T6jXaSDVIN

Score

10^/10

obama53 1622633996 qakbot

Malware Config

Extracted

Family

qakbot

Version

402.68

Botnet

obama53

Campaign

1622633996

96.61.23.88:995

86.220.62.251:2222

71.74.12.34:443

75.67.192.125:443

24.152.219.253:995

105.198.236.101:443

24.179.77.236:443

47.22.148.6:443

92.59.35.196:2222

81.97.154.100:443

207.246.116.237:443

207.246.77.75:995

45.32.211.207:2222

45.77.115.208:443

149.28.98.196:443

45.77.115.208:2222

144.202.38.185:995

45.77.115.208:8443

207.246.77.75:8443

207.246.77.75:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Signatures

Qakbot family
qakbot

Files

15991f87b8ee4de1163d226fb4825c91a600b0aa5c7359021cb5ef5339eaecda_unpacked
.dll regsvr32 windows x86

4885f446711c862940639779fa789264

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryInfoKeyW
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
ConvertSidToStringSidW
RegLoadKeyW
RegSetValueExW
IsTextUnicode
RegDeleteValueA
LookupAccountNameW
RegisterEventSourceA
DeregisterEventSource
ReportEventA
RegQueryValueExW

psapi

GetModuleFileNameExW

kernel32

GetCurrentProcessId
DisconnectNamedPipe
CreateDirectoryW
GetProcessId
CopyFileW
lstrcatW
DeleteFileW
lstrcpyW
lstrcpynA
GetCurrentProcess
GetCurrentThread
CreateMutexA
DuplicateHandle
MoveFileW
HeapAlloc
HeapFree
HeapCreate
FindFirstFileW
FindNextFileW
SetFileAttributesW
WideCharToMultiByte
GetExitCodeProcess
CreatePipe
FreeLibrary
GetSystemTimeAsFileTime
SetLastError
lstrcmpiA
GetProcAddress
GetDriveTypeW
LoadLibraryW
GetTickCount
GetSystemInfo
GetVersionExA
GetWindowsDirectoryW
LocalAlloc
FlushFileBuffers
IsValidCodePage
lstrcmpA
MultiByteToWideChar
GetLastError
GetCPInfoExA
lstrcatA
WriteFile
GetStdHandle
GetFileType
GetVersion
lstrcpynW
GetModuleHandleA
lstrcmpiW
GetModuleFileNameW
SetThreadPriority
TerminateThread
SwitchToThread
InterlockedIncrement
LoadLibraryA

user32

GetUserObjectInformationW
CharUpperBuffW
UnregisterClassA
CreateWindowExA
DefWindowProcA
CharUpperBuffA
GetSystemMetrics
RegisterClassExA
DestroyWindow
MessageBoxA
GetProcessWindowStation

gdi32

Arc
CancelDC
BitBlt
ArcTo
CreateEnhMetaFileA

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx

ws2_32

inet_ntoa

msvcrt

localeconv
_HUGE
strtod
_time64
strchr
qsort
_snprintf
_errno
_strtoi64
memset
wcsstr
_exit
raise
memmove
_vsnprintf
_vsnwprintf
strncpy
realloc
malloc
free
atol
memcpy
memchr

userenv

GetUserProfileDirectoryW

oleaut32

SysAllocString
SafeArrayGetLBound
VariantClear
SafeArrayDestroy
SafeArrayGetElement
SysFreeString
SafeArrayGetUBound

Exports

Exports

DllRegisterServer

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

4885f446711c862940639779fa789264

Headers

File Characteristics

Imports

advapi32

psapi

kernel32

user32

gdi32

ole32

ws2_32

msvcrt

userenv

oleaut32

Exports

Exports

Sections

.text Size: 126KB - Virtual size: 126KB

.rdata Size: 89KB - Virtual size: 89KB

.data Size: 6KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 126KB - Virtual size: 126KB

.rdata
Size: 89KB - Virtual size: 89KB

.data
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB