DllRegisterServer
General
-
Target
1cc6797a4c88b20ab0be93234d2b3cfe0fb1552bb7ff825085c18b43930a15eb.bin
-
Size
230KB
-
MD5
c1849c1ee3b8146c6fb836dae0b64652
-
SHA1
2d51da5b5b7861d3068daab932d5fbf07586d3fc
-
SHA256
1cc6797a4c88b20ab0be93234d2b3cfe0fb1552bb7ff825085c18b43930a15eb
-
SHA512
837e671673508cae89f813fdc90396f417b73ff137ba3dd038e45473302009f8f7e011f81cc4291611f3855ff5c18058ffdd1719175f85b130ef968a37b6d93a
-
SSDEEP
6144:t2TbnRlaluKtZkJH2TBYjXaqJDf2QI/T:ATbR4uLV2TyjXaSD5I7
Score
10/10
Malware Config
Extracted
Family
qakbot
Version
402.68
Botnet
obama57
Campaign
1623136472
C2
97.69.160.4:2222
75.67.192.125:443
86.220.62.251:2222
24.179.77.236:443
197.45.110.165:995
27.223.92.142:995
24.152.219.253:995
47.22.148.6:443
92.59.35.196:2222
136.232.34.70:443
188.26.91.212:443
149.28.101.90:2222
149.28.101.90:8443
207.246.77.75:995
45.77.115.208:2222
45.77.115.208:443
149.28.98.196:443
144.202.38.185:995
45.77.117.108:995
207.246.77.75:8443
207.246.77.75:443
144.202.38.185:2222
149.28.98.196:995
45.32.211.207:995
149.28.101.90:443
149.28.98.196:2222
45.77.117.108:443
45.77.115.208:995
45.77.115.208:8443
207.246.77.75:2222
144.202.38.185:443
45.32.211.207:2222
207.246.116.237:443
216.201.162.158:443
71.41.184.10:3389
81.214.126.173:2222
149.28.99.97:2222
45.63.107.192:995
149.28.99.97:443
149.28.99.97:995
83.110.109.189:2222
125.239.44.146:995
90.65.234.26:2222
144.139.47.206:443
140.82.49.12:443
81.97.154.100:443
68.186.192.69:443
96.61.23.88:995
172.78.51.35:443
190.85.91.154:443
184.185.103.157:443
75.118.1.141:443
76.25.142.196:443
175.136.38.142:443
173.21.10.71:2222
71.74.12.34:443
98.192.185.86:443
73.151.236.31:443
67.165.206.193:993
45.46.53.140:2222
98.252.118.134:443
72.252.201.69:443
189.210.115.207:443
75.137.47.174:443
72.240.200.181:2222
151.205.102.42:443
24.55.112.61:443
24.229.150.54:995
109.12.111.14:443
105.198.236.99:443
95.77.223.148:443
50.29.166.232:995
92.96.3.180:2078
71.187.170.235:443
105.198.236.101:443
68.204.7.158:443
71.163.222.223:443
108.27.245.228:443
83.196.56.65:2222
50.244.112.106:443
149.28.101.90:995
207.246.116.237:8443
207.246.116.237:995
45.77.117.108:2222
45.32.211.207:443
45.32.211.207:8443
45.77.117.108:8443
207.246.116.237:2222
45.63.107.192:2222
45.63.107.192:443
96.37.113.36:993
24.122.166.173:443
73.25.124.140:2222
24.139.72.117:443
86.173.143.211:443
47.196.213.73:443
186.154.175.13:443
70.163.161.79:443
24.95.61.62:443
78.63.226.32:443
195.6.1.154:2222
76.168.147.166:993
64.121.114.87:443
77.27.207.217:995
31.4.242.233:995
125.62.192.220:443
195.12.154.8:443
71.117.132.169:443
96.21.251.127:2222
71.199.192.62:443
70.168.130.172:995
82.12.157.95:995
209.210.187.52:995
209.210.187.52:443
67.6.12.4:443
189.222.59.177:443
174.104.22.30:443
142.117.191.18:2222
189.146.183.105:443
213.60.147.140:443
196.221.207.137:995
108.46.145.30:443
187.250.238.164:995
2.7.116.188:2222
195.43.173.70:443
106.250.150.98:443
45.67.231.247:443
83.110.103.152:443
83.110.9.71:2222
78.97.207.104:443
59.90.246.200:443
80.227.5.69:443
125.63.101.62:443
86.236.77.68:2222
109.106.69.138:2222
84.72.35.226:443
217.133.54.140:32100
197.161.154.132:443
89.137.211.239:995
74.222.204.82:995
122.148.156.131:995
156.223.110.23:443
144.139.166.18:443
202.185.166.181:443
76.94.200.148:995
71.63.120.101:443
196.151.252.84:443
202.188.138.162:443
74.68.144.202:443
69.58.147.82:2078
Attributes
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Signatures
-
Qakbot family
Files
-
1cc6797a4c88b20ab0be93234d2b3cfe0fb1552bb7ff825085c18b43930a15eb.bin.dll regsvr32 windows x86
4885f446711c862940639779fa789264
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegQueryInfoKeyW
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
ConvertSidToStringSidW
RegLoadKeyW
RegSetValueExW
IsTextUnicode
RegDeleteValueA
LookupAccountNameW
RegisterEventSourceA
DeregisterEventSource
ReportEventA
RegQueryValueExW
psapi
GetModuleFileNameExW
kernel32
GetCurrentProcessId
DisconnectNamedPipe
CreateDirectoryW
GetProcessId
CopyFileW
lstrcatW
DeleteFileW
lstrcpyW
lstrcpynA
GetCurrentProcess
GetCurrentThread
CreateMutexA
DuplicateHandle
MoveFileW
HeapAlloc
HeapFree
HeapCreate
FindFirstFileW
FindNextFileW
SetFileAttributesW
WideCharToMultiByte
GetExitCodeProcess
CreatePipe
FreeLibrary
GetSystemTimeAsFileTime
SetLastError
lstrcmpiA
GetProcAddress
GetDriveTypeW
LoadLibraryW
GetTickCount
GetSystemInfo
GetVersionExA
GetWindowsDirectoryW
LocalAlloc
FlushFileBuffers
IsValidCodePage
lstrcmpA
MultiByteToWideChar
GetLastError
GetCPInfoExA
lstrcatA
WriteFile
GetStdHandle
GetFileType
GetVersion
lstrcpynW
GetModuleHandleA
lstrcmpiW
GetModuleFileNameW
SetThreadPriority
TerminateThread
SwitchToThread
InterlockedIncrement
LoadLibraryA
user32
GetUserObjectInformationW
CharUpperBuffW
UnregisterClassA
CreateWindowExA
DefWindowProcA
CharUpperBuffA
GetSystemMetrics
RegisterClassExA
DestroyWindow
MessageBoxA
GetProcessWindowStation
gdi32
Arc
CancelDC
BitBlt
ArcTo
CreateEnhMetaFileA
ole32
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
ws2_32
inet_ntoa
msvcrt
localeconv
_HUGE
strtod
_time64
strchr
qsort
_snprintf
_errno
_strtoi64
memset
wcsstr
_exit
raise
memmove
_vsnprintf
_vsnwprintf
strncpy
realloc
malloc
free
atol
memcpy
memchr
userenv
GetUserProfileDirectoryW
oleaut32
SysAllocString
SafeArrayGetLBound
VariantClear
SafeArrayDestroy
SafeArrayGetElement
SysFreeString
SafeArrayGetUBound
Exports
Exports
Sections
.text Size: 126KB - Virtual size: 126KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 89KB - Virtual size: 89KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ