qakbot | 1684-59-0x00000000003F0000-0x0000000000470000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1684-59-0x00000000003F0000-0x0000000000470000-memory.dmp
Size

512KB
MD5

c02441d756d33581dd861361e3e5a8da
SHA1

a9db733a4cd532bcf9e335192038ceb6d86b392d
SHA256

c8cbdc712c0b9d9edf0ecde1b5a97713aa4f8c5697e8678598fe0e806b5ee4f6
SHA512

6360ac5eb2cfe8ab197d6e6350a106d90938e5e09af1a09f0bd20ae80843ec5360fbb4b50cc8ddf55b17e8d358e1561cdb3ad6ce2169a4b92bbcd9c7325acdb5
SSDEEP

1536:pxD176oBvNCfzFy67owCItyt00P5BARkNJthbTJjIORnToIf:pxQpy6Hztyt0kzAuJvbtF5TBf

Score

10^/10

qakbot

Malware Config

Signatures

Qakbot family
qakbot

Files

1684-59-0x00000000003F0000-0x0000000000470000-memory.dmp
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ