qbittorrent[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

qbittorrent.exe
Size

30.4MB
MD5

00382da16223e19de5d3e6f6e9d8db19
SHA1

fe20004b008583d94fc8673fce99be6a28349f06
SHA256

aa61eb930b40f90ae5afda838d4b0c441160ca1e18a032dc5c2597abb980d2e5
SHA512

250011cda64fccd54bcd0dde75e9672240cfec7e87f090eb67ddb6882d44458d7a16bcb2a58b96cfb5438e7dc8f2935bda1078783d56ba868807013a03807a64
SSDEEP

786432:OhgfXLovSpkj+UO5E7YJRASqdEg36yCu:OhULA+UO5E7YbASq/36y9

Score

N/A

Malware Config

Signatures

Files

qbittorrent.exe
.exe windows x64

db507198bce6a49d693e359f08645816

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

iphlpapi

GetAdaptersAddresses
ConvertInterfaceLuidToNameW
ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToIndex
NotifyUnicastIpAddressChange
ConvertInterfaceLuidToGuid
ConvertInterfaceNameToLuidW
CancelMibChangeNotify2

powrprof

SetSuspendState

user32

TrackMouseEvent
GetTouchInputInfo
CloseTouchInputHandle
AllowSetForegroundWindow
ShutdownBlockReasonDestroy
EnumWindows
RealGetWindowClassW
ChangeWindowMessageFilterEx
DrawIconEx
PostThreadMessageW
GetAsyncKeyState
GetQueueStatus
SetTimer
RegisterClassW
MsgWaitForMultipleObjectsEx
TranslateMessage
DispatchMessageW
UnregisterDeviceNotification
RegisterDeviceNotificationW
ShutdownBlockReasonCreate
CharNextExA
KillTimer
GetIconInfo
GetCursor
GetCursorInfo
CreateIconIndirect
DestroyIcon
GetMessageExtraInfo
GetWindowTextW
CreateCursor
LoadCursorW
SetCursorPos
GetClipboardFormatNameW
EnumDisplayDevicesW
RegisterClipboardFormatW
GetMenuItemInfoW
ModifyMenuW
CreatePopupMenu
TrackPopupMenu
SetMenu
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
SystemParametersInfoW
GetSystemMetrics
ReleaseDC
GetDesktopWindow
GetSysColor
GetDC
DestroyWindow
DefWindowProcW
UpdateLayeredWindowIndirect
GetCaretBlinkTime
GetDoubleClickTime
IsWindow
MessageBeep
EndPaint
BeginPaint
IsIconic
GetAncestor
InvalidateRect
SetForegroundWindow
ReleaseCapture
GetParent
EnableMenuItem
UpdateLayeredWindow
GetClientRect
SetWindowLongW
FlashWindowEx
SetCursor
SetCapture
SetParent
GetUpdateRect
SetFocus
SetLayeredWindowAttributes
UnregisterTouchWindow
MoveWindow
GetForegroundWindow
AttachThreadInput
SetWindowPlacement
IsChild
ClientToScreen
RegisterTouchWindow
GetCapture
ShowWindow
DestroyCursor
GetWindowPlacement
GetWindowLongPtrW
SetWindowTextW
SendMessageW
ScreenToClient
CreateWindowExW
SetWindowRgn
SetWindowLongPtrW
SetWindowPos
IsWindowVisible
GetMenu
GetWindowRect
GetWindow
MonitorFromPoint
PostMessageW
IsTouchWindow
AdjustWindowRectEx
GetSystemMenu
GetWindowThreadProcessId
GetWindowLongW
GetCursorPos
LoadImageW
GetSysColorBrush
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
GetKeyboardLayoutList
GetClassInfoW
WindowFromPoint
RegisterClassExW
ChildWindowFromPointEx
UnregisterClassW
GetFocus
ChangeClipboardChain
IsHungAppWindow
SetClipboardViewer
FindWindowA
RegisterWindowMessageW
ShowCaret
DestroyCaret
IsWindowEnabled
GetKeyboardLayout
CreateCaret
SetCaretPos
HideCaret
GetMonitorInfoW
EnumDisplayMonitors
MonitorFromWindow
ToAscii
IsZoomed
TrackPopupMenuEx
ToUnicode
PeekMessageW
SetMenuItemInfoW
GetKeyboardState
MapVirtualKeyW
GetKeyState
LoadIconW
CreateMenu
AppendMenuW
RemoveMenu
InsertMenuW
DrawMenuBar
DestroyMenu

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

uxtheme

GetThemeBackgroundRegion
SetWindowTheme
IsAppThemed
IsThemeBackgroundPartiallyTransparent
CloseThemeData
GetCurrentThemeName
IsThemeActive
GetThemeBool
GetThemePropertyOrigin
GetThemeTransitionDuration
GetThemeEnumValue
GetThemePartSize
GetThemeColor
OpenThemeData
ord47
GetThemeMargins
GetThemeInt

dwmapi

DwmSetWindowAttribute
DwmEnableBlurBehindWindow
DwmIsCompositionEnabled
DwmGetWindowAttribute

oleaut32

SafeArrayCreateVector
SysAllocString
SysFreeString
SafeArrayPutElement

imm32

ImmGetVirtualKey
ImmSetCandidateWindow
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmGetCompositionStringW
ImmAssociateContext
ImmGetOpenStatus
ImmAssociateContextEx
ImmNotifyIME

crypt32

CertAddCertificateContextToStore
CertFreeCertificateChain
CertFreeCertificateContext
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertCloseStore
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertOpenSystemStoreA
CertOpenSystemStoreW
CertCreateCertificateContext
CertGetCertificateChain

gdi32

GetDIBits
GetOutlineTextMetricsW
CombineRgn
DeleteObject
SelectClipRgn
GetRegionData
DeleteDC
CreateRectRgn
GdiFlush
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
OffsetRgn
SetLayout
GetDeviceCaps
CreateBitmap
CreateDCW
CreateCompatibleBitmap
GetObjectW
GetBitmapBits
CreateFontIndirectW
GetFontData
EnumFontFamiliesExW
AddFontMemResourceEx
RemoveFontMemResourceEx
ExtTextOutW
AddFontResourceExW
RemoveFontResourceExW
GetStockObject
GetTextFaceW
GetTextMetricsW
GetTextExtentPoint32W
SetGraphicsMode
SetWorldTransform
GetGlyphOutlineW
GetCharABCWidthsFloatW
GetCharABCWidthsI
GetCharABCWidthsW
SetTextColor
SetBkMode
SetTextAlign

advapi32

CryptSetHashParam
CryptDestroyHash
CryptSignHashW
CryptGetProvParam
CryptReleaseContext
DeregisterEventSource
RegisterEventSourceW
ReportEventW
GetSidSubAuthority
GetSidSubAuthorityCount
SystemFunction036
CopySid
BuildTrusteeWithSidW
DuplicateToken
GetNamedSecurityInfoW
LookupAccountSidW
MapGenericMask
AccessCheck
GetEffectiveRightsFromAclW
RegCreateKeyExW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegFlushKey
RegOpenKeyExW
RegNotifyChangeKeyValue
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
FreeSid
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
GetTokenInformation
InitializeSecurityDescriptor
CryptDestroyKey
CryptGetUserKey
CryptAcquireContextW
CryptEnumProvidersW
CryptDecrypt
CryptExportKey
CryptCreateHash
LookupPrivilegeValueW
InitiateSystemShutdownW
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW

mpr

WNetGetUniversalNameW

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

NetShareEnum
NetApiBufferFree

ws2_32

WSAAsyncSelect
accept
bind
closesocket
listen
setsockopt
getsockname
getsockopt
ioctlsocket
WSAHtonl
WSAAccept
freeaddrinfo
getnameinfo
htons
WSAAddressToStringW
ntohs
ntohl
WSASetLastError
WSAStringToAddressW
htonl
WSAGetLastError
WSACleanup
WSAStartup
WSARecv
WSASocketW
select
gethostname
WSAConnect
getaddrinfo
socket
WSANtohl
WSASend
__WSAFDIsSet
getpeername
WSARecvFrom
WSASendTo
WSAIoctl
WSANtohs
connect

kernel32

CreateTimerQueue
SignalObjectAndWait
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
GetVersionExW
VirtualProtect
InterlockedPopEntrySList
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetStringTypeW
GetExitCodeThread
SetFileAttributesW
InitializeSListHead
RaiseException
DecodePointer
EncodePointer
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
RtlUnwindEx
GetConsoleOutputCP
SetConsoleCtrlHandler
SystemTimeToTzSpecificLocalTime
ExitThread
GetCommandLineA
SetStdHandle
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
IsValidLocale
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
SetEnvironmentVariableW
WriteConsoleW
IsDebuggerPresent
VirtualAlloc
VirtualFree
GetGeoInfoW
GetUserGeoID
GetTimeZoneInformation
ReleaseSemaphore
CreateSemaphoreW
LCMapStringW
CompareStringW
GetDiskFreeSpaceExW
GetVolumeNameForVolumeMountPointW
FindNextChangeNotification
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileExW
FileTimeToSystemTime
MoveFileExW
MoveFileW
GetCurrentProcess
SetThreadPriority
FormatMessageW
GetLastError
GetCurrentThread
TlsAlloc
CloseHandle
LoadLibraryW
GetProcAddress
LocalFree
WideCharToMultiByte
TlsFree
FormatMessageA
GetCurrentProcessId
WaitForMultipleObjects
CreateMutexW
WaitForSingleObject
ReleaseMutex
Sleep
OpenMutexW
RtlCaptureStackBackTrace
MultiByteToWideChar
GetVolumePathNameW
GetDriveTypeW
GetSystemDirectoryW
SetThreadExecutionState
VerSetConditionMask
VerifyVersionInfoW
SetLastError
GetStdHandle
WriteFile
GetEnvironmentVariableW
GetModuleHandleW
GetFileType
RtlVirtualUnwind
TlsSetValue
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetCurrentThreadId
DeleteCriticalSection
TlsGetValue
GetModuleHandleExW
DeleteFiber
SwitchToFiber
CreateFiber
GetSystemTimeAsFileTime
QueryPerformanceCounter
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
FreeLibrary
FindFirstFileW
FindNextFileW
FindClose
SetConsoleMode
ReadConsoleA
GetConsoleMode
ReadConsoleW
PostQueuedCompletionStatus
SetWaitableTimer
VerifyVersionInfoA
GetQueuedCompletionStatus
CreateEventW
SetEvent
TerminateThread
QueueUserAPC
SleepEx
CreateIoCompletionPort
GetFileAttributesExW
CreateDirectoryW
RemoveDirectoryW
CreateHardLinkW
CreateFileW
GetFileInformationByHandle
DeleteFileW
CopyFileW
ReadFile
GetFileSizeEx
DeviceIoControl
SetEndOfFile
GetOverlappedResult
SetFilePointerEx
CreateEventA
GetACP
CreateWaitableTimerA
CancelIoEx
CancelIo
GetModuleHandleA
GlobalMemoryStatusEx
lstrcmpW
WTSGetActiveConsoleSessionId
OpenProcess
CheckRemoteDebuggerPresent
GetLocaleInfoW
GlobalAlloc
GlobalLock
GlobalUnlock
ExpandEnvironmentStringsW
CreateProcessW
GlobalSize
GetUserDefaultLangID
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
HeapFree
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
UnlockFileEx
GetTempPathW
GetFileAttributesW
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
OutputDebugStringW
FlushViewOfFile
CreateFileA
WaitForSingleObjectEx
DeleteFileA
HeapReAlloc
GetSystemInfo
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
GetFileSize
GetProcessHeap
SystemTimeToFileTime
GetSystemTime
CreateFileMappingW
MapViewOfFile
GetTickCount
FlushFileBuffers
GetVolumeInformationW
GetLongPathNameW
LocalAlloc
GetConsoleWindow
ExitProcess
DisconnectNamedPipe
WaitNamedPipeW
CreateNamedPipeW
ConnectNamedPipe
ResetEvent
GlobalFree
SetHandleInformation
IsProcessorFeaturePresent
TerminateProcess
GetCommandLineW
CompareStringEx
GetNativeSystemInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
DuplicateHandle
GetExitCodeProcess
GetLocalTime
CreateThread
SwitchToThread
GetThreadPriority
ResumeThread
QueryPerformanceFrequency
GetTickCount64
GetUserDefaultLCID
GetCurrencyFormatW
GetDateFormatW
GetTimeFormatW
GetUserPreferredUILanguages
RegisterWaitForSingleObject
UnregisterWaitEx
ReadFileEx
PeekNamedPipe
WriteFileEx
GetModuleFileNameW
GetStartupInfoW
OpenFileMappingW
VirtualQuery
SetErrorMode
GetLogicalDrives
TzSpecificLocalTimeToSystemTime
GetVolumePathNamesForVolumeNameW
GetFileInformationByHandleEx
SetFileTime
GetCurrentDirectoryW

ole32

OleIsCurrentClipboard
OleGetClipboard
OleInitialize
CoInitialize
CoCreateInstance
DoDragDrop
ReleaseStgMedium
CoTaskMemFree
CoGetMalloc
OleUninitialize
RevokeDragDrop
CoLockObjectExternal
CoCreateGuid
StringFromGUID2
OleSetClipboard
RegisterDragDrop
CoInitializeEx
CoUninitialize
OleFlushClipboard

shell32

SHGetKnownFolderPath
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHCreateItemFromIDList
SHGetPathFromIDListW
SHGetKnownFolderIDList
SHBrowseForFolderW
SHCreateItemFromParsingName
SHGetMalloc
SHGetStockIconInfo
ord727
ord190
ord155
SHOpenFolderAndSelectItems
ShellExecuteW
SHChangeNotify
CommandLineToArgvW
SHGetFileInfoW

winmm

timeKillEvent
PlaySoundW
timeSetEvent

mswsock

AcceptEx
GetAcceptExSockaddrs

dbgeng

DebugCreate

bcrypt

BCryptGenRandom

Sections

.text
Size: 15.3MB - Virtual size: 15.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11.7MB - Virtual size: 11.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 250KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 658KB - Virtual size: 657KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db507198bce6a49d693e359f08645816

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

powrprof

user32

wtsapi32

uxtheme

dwmapi

oleaut32

imm32

crypt32

gdi32

advapi32

mpr

userenv

version

netapi32

ws2_32

kernel32

ole32

shell32

winmm

mswsock

dbgeng

bcrypt

Sections

.text Size: 15.3MB - Virtual size: 15.3MB

.rdata Size: 11.7MB - Virtual size: 11.7MB

.data Size: 250KB - Virtual size: 396KB

.pdata Size: 658KB - Virtual size: 657KB

.gxfg Size: 13KB - Virtual size: 12KB

.gehcont Size: 512B - Virtual size: 20B

.qtmetad Size: 1KB - Virtual size: 1KB

.qtmimed Size: 2.2MB - Virtual size: 2.2MB

.rsrc Size: 149KB - Virtual size: 149KB

.reloc Size: 106KB - Virtual size: 105KB

.text
Size: 15.3MB - Virtual size: 15.3MB

.rdata
Size: 11.7MB - Virtual size: 11.7MB

.data
Size: 250KB - Virtual size: 396KB

.pdata
Size: 658KB - Virtual size: 657KB

.gxfg
Size: 13KB - Virtual size: 12KB

.gehcont
Size: 512B - Virtual size: 20B

.qtmetad
Size: 1KB - Virtual size: 1KB

.qtmimed
Size: 2.2MB - Virtual size: 2.2MB

.rsrc
Size: 149KB - Virtual size: 149KB

.reloc
Size: 106KB - Virtual size: 105KB