XS88
a782
General
-
Target
310000.dll
-
Size
133KB
-
MD5
49cb5070a33df46d60fa2d56c1c52fbc
-
SHA1
4d7260473b6c1e5548510608809517377b30c8c5
-
SHA256
cb3e512067d3983618125f8cd3d23a5533a3bb0a8bfca7624b95dbea91da1ceb
-
SHA512
de11ef1ce619eada4346dfddd9fe1eafa399bf62f6005e7dc847a33f2dc7885cb47e1d632d54cbc6837f1b7a24d27d8f107a97e7f679de33d79dcb5a5bbda1d6
-
SSDEEP
3072:eaYogKI1keZwRYc/XCggn9wSAUJ2ynWwTBfP118LERYK:efZwR1Cgg9w3UJHnWwTBH13RY
Score
10/10
Malware Config
Extracted
Family
qakbot
Version
404.246
Botnet
BB19
Campaign
1678708246
C2
103.111.70.115:995
103.123.223.144:443
217.165.232.217:443
12.172.173.82:995
86.98.216.189:2222
173.18.126.3:443
201.244.108.183:995
75.143.236.149:443
91.169.12.198:32100
47.61.70.76:2078
88.126.94.4:50000
24.239.69.244:443
12.172.173.82:21
103.141.50.102:995
69.133.162.35:443
81.158.112.20:2222
115.87.227.49:443
12.172.173.82:20
86.225.214.138:2222
74.66.134.24:443
94.30.98.134:32100
12.172.173.82:50001
70.53.96.223:995
86.166.76.246:443
200.84.195.17:2222
12.172.173.82:993
12.172.173.82:22
212.70.98.141:2222
105.186.191.24:995
72.203.216.98:2222
116.75.63.121:443
84.219.213.130:6881
202.187.87.178:995
67.10.175.47:2222
86.130.9.136:2222
213.31.90.183:2222
51.37.187.159:443
180.162.231.210:995
92.154.17.149:2222
90.104.22.28:2222
103.111.70.115:443
2.49.58.47:2222
37.14.229.220:2222
92.159.173.52:2222
31.166.152.157:995
27.0.48.205:443
83.7.55.212:443
90.55.105.42:2222
178.153.2.76:443
185.135.120.81:443
12.172.173.82:2087
114.143.176.235:443
201.249.12.75:2222
78.19.1.3:443
84.108.200.161:443
104.35.24.154:443
86.196.12.21:2222
86.172.181.82:443
45.50.233.214:443
103.252.7.231:443
81.229.117.95:2222
47.34.30.133:443
122.184.143.84:443
114.79.180.14:995
92.27.86.48:2222
85.241.180.94:443
183.87.163.165:443
27.99.34.220:2222
92.20.204.198:2222
76.80.180.154:995
76.170.252.153:995
81.111.108.123:443
24.117.237.157:443
35.143.97.145:995
86.165.156.39:443
78.130.215.67:443
39.55.251.26:995
94.3.71.196:443
64.237.245.195:443
74.93.148.97:995
190.191.35.122:443
24.69.84.237:443
12.172.173.82:465
72.80.7.6:50003
184.153.132.82:443
94.200.183.66:2222
223.176.7.23:2222
89.115.196.99:443
31.104.18.253:443
86.190.223.11:2222
69.164.228.175:443
91.68.227.219:443
174.58.146.57:443
109.158.144.102:995
77.86.98.236:443
50.68.204.71:995
49.245.82.178:2222
12.172.173.82:32101
184.176.110.61:61202
186.64.67.3:443
174.4.89.3:443
187.199.103.21:32103
72.200.109.104:443
50.68.204.71:993
116.72.250.18:443
174.104.184.149:443
93.147.134.85:443
136.175.69.147:443
180.151.104.240:443
73.165.119.20:443
202.142.98.62:995
103.231.216.238:443
86.195.14.72:2222
92.154.45.81:2222
27.109.19.90:2078
92.239.81.124:443
162.248.14.107:443
50.68.186.195:443
74.92.243.113:50000
80.47.61.240:2222
Attributes
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Signatures
-
Qakbot family
Files
-
310000.dll.dll windows x86
b70e2d870f81cd9daf7c6a2654df653e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
windowscodecs
WICMapSchemaToName
WICMapShortNameToGuid
WICMapGuidToShortName
msvcrt
localeconv
strtod
strchr
strncpy
_time64
malloc
free
memset
memchr
_strtoi64
_errno
_snprintf
_ftol2_sse
_vsnwprintf
memcpy
atol
qsort
_vsnprintf
kernel32
GetModuleHandleW
GetProcAddress
HeapCreate
HeapFree
HeapAlloc
GetModuleHandleA
LoadLibraryA
GetCurrentProcessId
lstrcatW
WideCharToMultiByte
LoadLibraryW
FreeLibrary
GetCommandLineW
GetVersionExA
GetSystemInfo
GetCurrentDirectoryW
GetWindowsDirectoryW
lstrcmpiA
GetSystemTimeAsFileTime
FindFirstFileW
FindNextFileW
SetFileAttributesW
GetExitCodeProcess
LocalAlloc
lstrlenW
FlushFileBuffers
SetThreadPriority
GetTickCount
lstrcpynA
MoveFileW
K32GetModuleFileNameExW
lstrcmpA
DisconnectNamedPipe
GetProcessId
GetCurrentThread
CreateMutexW
lstrcatA
CreateDirectoryW
GetLastError
lstrcpynW
GetDriveTypeW
lstrcmpiW
Sleep
SetCurrentDirectoryA
GetLocaleInfoA
GetFileAttributesW
SwitchToThread
MultiByteToWideChar
user32
RegisterClassExA
UnregisterClassA
CreateWindowExA
DestroyWindow
CharUpperBuffW
CharUpperBuffA
DefWindowProcW
gdi32
CreatePatternBrush
GdiTransparentBlt
CreateHalftonePalette
CreateFontIndirectExW
CreateEnhMetaFileA
CreateScalableFontResourceA
CreatePenIndirect
CreateSolidBrush
CreateEllipticRgn
CreateDIBPatternBrush
CreateDIBPatternBrushPt
CreateRoundRectRgn
CreateRectRgnIndirect
CreateEllipticRgnIndirect
CreateHatchBrush
CreateBrushIndirect
CreateBitmapIndirect
GdiGetBatchLimit
CreateDIBSection
CreateFontA
CreateScalableFontResourceW
advapi32
CreatePrivateObjectSecurity
GetEventLogInformation
AddAccessDeniedAce
BuildTrusteeWithSidA
AccessCheckByTypeAndAuditAlarmA
AddAccessAllowedAceEx
EnumerateTraceGuidsEx
AccessCheckAndAuditAlarmA
ChangeServiceConfig2A
AddAccessAllowedAce
EventWriteString
EventActivityIdControl
ConvertToAutoInheritPrivateObjectSecurity
GetAce
FindFirstFreeAce
EventWrite
EventWriteEx
AddAuditAccessObjectAce
EqualDomainSid
EventWriteTransfer
CloseTrace
shell32
CommandLineToArgvW
ole32
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
oleaut32
SafeArrayGetUBound
VariantClear
SafeArrayGetLBound
SysFreeString
SysAllocString
SafeArrayGetElement
SafeArrayDestroy
Exports
Exports
Sections
.text Size: 99KB - Virtual size: 98KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ