packed_qbot[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

packed_qbot.bin
Size

1.4MB
MD5

d586a82d0083540a98b3285f95c1d94e
SHA1

40f1462b7a5394b59fb595bf5b44a94862f54f63
SHA256

2c6697caf6ced04d06b0926d982c210a8cd300449b1b2423427a337486813316
SHA512

88683d5d5e854af9a50b7ca09a78b1b8a4c9cb36fb4f7854dee2d4de5fc0fe533e3f2fd5096ac1d1fdea1198877c47ea590287046337aa2dfea7fb07c61add1e
SSDEEP

24576:873YrrLEaF0tTHMjuX5PmnKUz3NL3BAYJWDJnh+idFsv3YgPmHFWcD:8n

Score

N/A

Malware Config

Signatures

Files

packed_qbot.bin
.dll regsvr32 windows x86

1538717eb64bec210d6f84c7331143bf

Code Sign

46:79:c5:39:8a:27:93:18:36:5f:d7:7a:84:44:56:99
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

03/02/2022, 00:00

Not After

03/02/2023, 23:59

Subject

CN=HURT GROUP HOLDINGS LIMITED,O=HURT GROUP HOLDINGS LIMITED,ST=Lancashire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dc:33:ea:c0:30:c2:9a:3a:97:aa:da:cc:7d:5b:5d:67:98:a7:d7:08
Signer

Actual PE Digest

dc:33:ea:c0:30:c2:9a:3a:97:aa:da:cc:7d:5b:5d:67:98:a7:d7:08

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=HURT GROUP HOLDINGS LIMITED,O=HURT GROUP HOLDINGS LIMITED,ST=Lancashire,C=GB

15/12/2022, 13:51
Valid: true

Chain 1

CN=HURT GROUP HOLDINGS LIMITED,O=HURT GROUP HOLDINGS LIMITED,ST=Lancashire,C=GB

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetClipBox
GetMetaFileBitsEx
GetObjectType
GetSystemPaletteUse
CreateBitmap

ole32

CoGetStdMarshalEx
CLSIDFromProgIDEx
CLIPFORMAT_UserUnmarshal
CLIPFORMAT_UserFree
CreateDataAdviseHolder
CreateFileMoniker

Exports

Exports

AFd9rHM1a
Axio9P5W
BataM6ohoo
CNnEPx
CZxDQkV
DYcfCBxS
DiIXpV7Vzp
DlWTlLr
DllRegisterServer

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rcsb
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1538717eb64bec210d6f84c7331143bf

Code Sign

46:79:c5:39:8a:27:93:18:36:5f:d7:7a:84:44:56:99Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

01Certificate

Key Usages

dc:33:ea:c0:30:c2:9a:3a:97:aa:da:cc:7d:5b:5d:67:98:a7:d7:08Signer

Signature Validations

Verification

15/12/2022, 13:51 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

ole32

Exports

Exports

Sections

.text Size: 74KB - Virtual size: 73KB

.rdata Size: 1024B - Virtual size: 648B

.data Size: 512B - Virtual size: 60B

.rcsb Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 108B

46:79:c5:39:8a:27:93:18:36:5f:d7:7a:84:44:56:99
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

01
Certificate

dc:33:ea:c0:30:c2:9a:3a:97:aa:da:cc:7d:5b:5d:67:98:a7:d7:08
Signer

15/12/2022, 13:51
Valid: true

.text
Size: 74KB - Virtual size: 73KB

.rdata
Size: 1024B - Virtual size: 648B

.data
Size: 512B - Virtual size: 60B

.rcsb
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 108B