General
-
Target
590000.dll
-
Size
144KB
-
MD5
841eee2d42a30daeacb9336d016665b5
-
SHA1
5994ec7ca8ee6c6efb869d74ec3dd872eb76aa71
-
SHA256
26174deb05bb34d4484d8e15cc7a8bb86955f5d398d8a11f7d964c796c260a40
-
SHA512
9a7bde0aae7bff703d12303d5c6590be4cecadf21742be9294d00d5525258783cd9b790da015650b4069b90311aa3b237c2acb6f37ba3dacbf2b272bfd2ce1cb
-
SSDEEP
3072:6HgHsJq6uUu9VrVHl8j+YAHJYTVBH+8TBff/NQg:fkwUun5lC+9HJwVBH+8TB3/NB
Score
10/10
Malware Config
Extracted
Family
qakbot
Version
404.1038
Botnet
BB28
Campaign
1684145503
C2
74.33.196.114:443
108.190.115.159:443
47.21.51.138:443
76.16.49.134:443
113.11.92.30:443
98.19.234.243:995
197.14.208.59:443
88.126.94.4:50000
24.69.137.232:2222
70.28.50.223:32100
184.176.35.223:2222
12.172.173.82:50001
87.202.101.164:50000
70.28.50.223:2087
75.109.111.89:443
86.130.9.227:2222
12.172.173.82:32101
70.28.50.223:3389
80.12.88.148:2222
174.118.68.176:443
75.98.154.19:443
125.99.69.178:443
96.87.28.170:2222
96.56.197.26:2222
86.140.160.231:2222
86.195.14.72:2222
47.205.25.170:443
103.42.86.42:995
12.172.173.82:465
50.68.204.71:993
173.88.135.179:443
105.101.110.37:443
75.143.236.149:443
70.50.83.139:2222
84.215.202.8:443
84.35.26.14:995
12.172.173.82:21
78.92.133.215:443
31.53.29.198:2222
86.178.33.63:2222
217.44.108.89:2222
100.6.31.96:443
92.239.81.124:443
37.14.229.220:2222
172.115.17.50:443
103.141.50.79:995
105.186.242.203:995
92.1.170.110:995
89.79.229.50:443
200.109.16.12:2222
103.140.174.20:2222
91.75.114.200:443
102.156.218.92:443
91.2.143.185:995
90.165.109.4:2222
85.152.152.46:443
182.185.181.202:995
65.190.242.244:443
122.186.210.254:443
58.162.223.233:443
98.145.23.67:443
41.186.88.38:443
139.226.47.229:995
12.172.173.82:993
197.148.17.17:2078
43.243.215.210:443
178.152.124.169:443
50.68.204.71:443
217.165.234.249:443
116.74.164.93:443
184.153.132.82:443
69.133.162.35:443
162.248.14.107:443
50.68.204.71:995
186.64.67.41:443
89.114.140.100:443
109.50.128.59:2222
12.172.173.82:2087
92.20.204.198:2222
79.26.184.19:443
35.143.97.145:995
161.142.98.36:995
27.109.19.90:2078
174.4.89.3:443
73.29.92.128:443
103.123.223.171:443
173.22.114.208:443
70.160.67.203:443
12.172.173.82:22
47.149.248.80:443
40.134.85.217:443
71.38.155.217:443
86.176.16.18:443
125.99.76.102:443
79.77.142.22:2222
66.191.69.18:995
178.175.187.254:443
76.170.252.153:995
176.142.207.63:443
85.104.98.64:443
87.243.146.59:443
70.28.50.223:2078
76.86.31.59:443
71.78.95.86:995
92.9.45.20:2222
198.2.51.242:993
81.229.117.95:2222
92.98.159.9:2222
202.184.123.13:443
201.244.108.183:995
72.205.104.134:443
50.68.186.195:443
103.87.128.228:443
90.104.151.37:2222
12.172.173.82:20
70.28.50.223:2083
92.27.86.48:2222
157.119.85.203:443
122.184.143.86:443
186.75.103.188:443
Attributes
-
salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP
Signatures
-
Qakbot family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 590000.dll
Files
-
590000.dll.dll windows x86
0141f24aaf1b810b9fcc5f6886f26f14
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
windowscodecs
WICMapSchemaToName
WICMapShortNameToGuid
WICMapGuidToShortName
msvcrt
localeconv
strtod
strchr
strncpy
_time64
malloc
free
memset
memchr
_strtoi64
_errno
_snprintf
_ftol2_sse
_vsnwprintf
memcpy
atol
qsort
_vsnprintf
kernel32
SwitchToThread
GetModuleHandleW
GetProcAddress
HeapCreate
HeapFree
HeapAlloc
GetModuleHandleA
LoadLibraryA
GetNumberFormatA
lstrcatW
WideCharToMultiByte
FindFirstFileW
FindNextFileW
SetFileAttributesW
lstrlenW
LoadLibraryW
FreeLibrary
GetCommandLineW
GetVersionExA
GetSystemInfo
GetCurrentDirectoryW
GetWindowsDirectoryW
lstrcmpiA
GetSystemTimeAsFileTime
GetExitCodeProcess
LocalAlloc
ExitThread
FlushFileBuffers
SetThreadPriority
GetTickCount
MoveFileW
K32GetModuleFileNameExW
lstrcmpA
lstrcpynA
DisconnectNamedPipe
GetProcessId
GetCurrentThread
CreateMutexW
lstrcatA
CreateDirectoryW
lstrcpynW
GetLastError
GetDriveTypeW
lstrcmpiW
Sleep
SetCurrentDirectoryA
GetFileAttributesW
GetCurrentProcessId
MultiByteToWideChar
user32
RegisterClassExA
UnregisterClassA
CreateWindowExA
DestroyWindow
CharUpperBuffW
CharUpperBuffA
DefWindowProcW
gdi32
CreateFontA
GdiTransparentBlt
CreateHalftonePalette
CreateFontIndirectExW
CreateEnhMetaFileA
CreateScalableFontResourceA
CreatePenIndirect
CreateSolidBrush
CreateEllipticRgn
CreateDIBPatternBrush
CreateScalableFontResourceW
CreateDIBPatternBrushPt
CreateRoundRectRgn
CreateRectRgnIndirect
CreateEllipticRgnIndirect
CreateHatchBrush
CreateBrushIndirect
CreateBitmapIndirect
GdiGetBatchLimit
CreateDIBSection
CreatePatternBrush
advapi32
CreatePrivateObjectSecurity
GetEventLogInformation
AddAccessDeniedAce
AccessCheckByTypeAndAuditAlarmA
AddAccessAllowedAceEx
EnumerateTraceGuidsEx
AccessCheckAndAuditAlarmA
ChangeServiceConfig2A
AddAccessAllowedAce
EventWriteString
EventActivityIdControl
GetAce
ConvertToAutoInheritPrivateObjectSecurity
CloseTrace
FindFirstFreeAce
EventWrite
EventWriteEx
AddAuditAccessObjectAce
EqualDomainSid
EventWriteTransfer
shell32
CommandLineToArgvW
ole32
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
oleaut32
SafeArrayGetUBound
VariantClear
SafeArrayGetLBound
SysFreeString
SysAllocString
SafeArrayGetElement
SafeArrayDestroy
Exports
Exports
print
Sections
.text Size: 100KB - Virtual size: 100KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ