DllInstall
DllRegisterServer
DllUnregisterServer
General
-
Target
CryptOne_Exec_27686e06a61f66c8ef3334f62a29d2de516471ca3fcdf5d93ac84530670541ee.bin
-
Size
125KB
-
MD5
a4729c1ad7228075ec384c4463a4a1be
-
SHA1
56373c5941439ef4b182dadfe0168c9aace94dd5
-
SHA256
be1a6f856ddcc961e7401436ecbffd60cffe039b561620e6a5a36af6437c11dd
-
SHA512
2242a3a9286e110b9fe80af0a295d47f1ed399147ee58401d24bca2144966e5d2f8631ad0b4dff7bb7dae2444d8a7839bf4384d70b59cb1c68e53703e3a091e2
-
SSDEEP
3072:sykbxNa5CLHEO0gZUnYKAKkJl+f9tTBfQ5OD:fkba5Cj/0gZ5fKkJkf9tTBoM
Score
10/10
Malware Config
Extracted
Family
qakbot
Version
403.688
Botnet
obama187
Campaign
1654695312
C2
197.164.182.46:993
70.51.135.90:2222
187.251.132.144:22
37.186.54.254:995
80.11.74.81:2222
41.84.236.245:995
24.139.72.117:443
177.94.57.126:32101
37.34.253.233:443
186.90.153.162:2222
32.221.224.140:995
208.107.221.224:443
67.165.206.193:993
63.143.92.99:995
88.232.220.207:443
189.78.107.163:32101
74.14.5.179:2222
148.0.56.63:443
40.134.246.185:995
173.21.10.71:2222
124.40.244.115:2222
24.55.67.176:443
39.44.164.54:995
102.182.232.3:995
39.49.101.104:995
31.35.28.29:443
120.150.218.241:995
197.89.128.201:443
31.48.174.63:2078
173.174.216.62:443
67.209.195.198:443
70.46.220.114:443
24.178.196.158:2222
92.132.172.197:2222
179.158.105.44:443
1.161.123.53:443
91.177.173.10:995
217.128.122.65:2222
144.202.3.39:995
144.202.2.175:443
45.76.167.26:995
149.28.238.199:995
140.82.63.183:995
140.82.63.183:443
45.63.1.12:443
149.28.238.199:443
45.76.167.26:443
144.202.3.39:443
144.202.2.175:995
45.63.1.12:995
109.12.111.14:443
84.241.8.23:32103
104.34.212.7:32103
108.60.213.141:443
117.248.109.38:21
217.165.109.10:993
82.152.39.39:443
47.23.89.60:993
176.67.56.94:443
148.64.96.100:443
76.70.9.169:2222
182.191.92.203:995
37.210.170.123:2222
202.134.152.2:2222
89.101.97.139:443
86.195.158.178:2222
140.82.49.12:443
93.48.80.198:995
187.207.131.50:61202
191.34.120.8:443
37.208.135.172:6883
75.99.168.194:61201
5.32.41.45:443
120.61.1.225:443
101.51.77.238:443
1.161.123.53:995
86.97.9.190:443
175.145.235.37:443
39.44.235.10:995
196.203.37.215:80
41.38.167.179:995
39.41.17.134:995
58.105.167.36:50000
39.52.119.141:995
76.25.142.196:443
73.151.236.31:443
96.37.113.36:993
174.69.215.101:443
201.142.177.168:443
85.246.82.244:443
201.145.165.25:443
201.172.23.68:2222
72.252.157.93:995
190.252.242.69:443
45.46.53.140:2222
79.80.80.29:2222
72.252.157.93:990
72.27.33.160:443
72.252.157.93:993
90.120.65.153:2078
201.103.141.2:443
69.14.172.24:443
31.215.185.26:2222
191.112.12.128:443
189.253.206.105:443
82.41.63.217:443
208.101.82.0:443
210.246.4.69:995
83.110.92.106:443
180.129.108.214:995
47.157.227.70:443
89.86.33.217:443
177.156.191.231:443
94.36.193.176:2222
217.164.121.161:1194
86.98.149.168:2222
103.207.85.38:995
172.115.177.204:2222
105.27.172.6:443
71.24.118.253:443
143.0.219.6:995
217.165.176.49:2222
5.203.199.157:995
121.7.223.45:2222
47.156.131.10:443
177.209.202.242:2222
41.86.42.158:995
106.51.48.170:50001
41.84.229.240:443
94.71.169.212:995
111.125.245.116:995
201.242.175.29:2222
38.70.253.226:2222
187.149.236.5:443
217.165.79.88:443
85.255.232.18:443
103.246.242.202:443
41.230.62.211:995
Attributes
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Signatures
-
Qakbot family
Files
-
CryptOne_Exec_27686e06a61f66c8ef3334f62a29d2de516471ca3fcdf5d93ac84530670541ee.bin.dll regsvr32 windows x86
fcee36a1a37f58eb0ce848652ae40e15
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
_snprintf
_errno
_strtoi64
_vsnprintf
memchr
memset
free
_vsnwprintf
qsort
malloc
_time64
strncpy
strchr
strtod
localeconv
_ftol2_sse
atol
memcpy
kernel32
GetTickCount
GetModuleHandleA
GetWindowsDirectoryW
GetCurrentDirectoryW
GetSystemInfo
GetVersionExA
GetCommandLineW
LoadLibraryW
FlushFileBuffers
LocalAlloc
CreateMutexW
DuplicateHandle
GetCurrentThread
lstrcmpA
GetLastError
lstrcatA
CreateDirectoryW
DisconnectNamedPipe
lstrcpynW
GetProcessId
lstrcatW
lstrcpyW
GetOEMCP
GetFileAttributesW
lstrcmpiW
GetDriveTypeW
K32GetModuleFileNameExW
MoveFileW
lstrcpynA
lstrlenA
GetCurrentProcessId
SwitchToThread
GetModuleHandleW
GetProcAddress
HeapCreate
HeapFree
HeapAlloc
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
FreeLibrary
lstrcmpiA
GetSystemTimeAsFileTime
SetThreadPriority
lstrlenW
SetFileAttributesW
GetExitCodeProcess
FindFirstFileW
FindNextFileW
user32
DefWindowProcW
UnregisterClassA
RegisterClassExA
CharUpperBuffW
CharUpperBuffA
CreateWindowExA
DestroyWindow
shell32
CommandLineToArgvW
ole32
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
oleaut32
SafeArrayGetElement
SafeArrayGetLBound
SysFreeString
SysAllocString
VariantClear
SafeArrayDestroy
SafeArrayGetUBound
Exports
Exports
Sections
.text Size: 95KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ