qbittorrent[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

qbittorrent.exe
Size

25.5MB
MD5

a5f3801edd9282d7aa06b19d829e9035
SHA1

64b317cd5a10543b9e5ea391091d5f7357cad90c
SHA256

6c104f1865bb64c2ec7630951e30832813a905d4ab5e09932388cb7f92bdea10
SHA512

ef4ba3fa8311de363511f82d83578ef4f0cbe4f629e72b6f76e2492271fb0156d60d99d7231b514caac0b89e444e7c73f6b40f3bc6fe0ed6b53ab57b4ea9df96
SSDEEP

393216:oOCSEWvvI6OKaqZ37torHV9gb4vhBsj+GS1ZPyMTpenJJ0PrYLcOJsv6tWKFdu9Z:oOUq/defgbam6/vlenJJevF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
qbittorrent.exe

Files

qbittorrent.exe
.exe windows x64

43e9de9af2c731b65119f92fa435bbac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

iphlpapi

GetAdaptersAddresses
ConvertInterfaceLuidToNameW
ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToIndex
NotifyUnicastIpAddressChange
ConvertInterfaceLuidToGuid
ConvertInterfaceNameToLuidW
CancelMibChangeNotify2

powrprof

SetSuspendState

user32

GetTouchInputInfo
GetMessageExtraInfo
DestroyIcon
TrackMouseEvent
ShutdownBlockReasonDestroy
GetCursor
GetCursorInfo
CreateIconIndirect
CreateCursor
GetWindowTextW
EnumWindows
RealGetWindowClassW
ChangeWindowMessageFilterEx
DrawIconEx
PostThreadMessageW
KillTimer
GetQueueStatus
SetTimer
CallNextHookEx
ShutdownBlockReasonCreate
RegisterClassW
SetWindowsHookExW
MsgWaitForMultipleObjectsEx
TranslateMessage
DispatchMessageW
UnhookWindowsHookEx
UnregisterDeviceNotification
RegisterDeviceNotificationW
CharNextExA
GetIconInfo
LoadCursorW
SetCursorPos
GetClipboardFormatNameW
EnumDisplayDevicesW
AllowSetForegroundWindow
GetAsyncKeyState
CloseTouchInputHandle
RegisterClipboardFormatW
GetMenuItemInfoW
ModifyMenuW
CreatePopupMenu
TrackPopupMenu
SetMenu
DestroyMenu
DrawMenuBar
InsertMenuW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
SystemParametersInfoW
GetSystemMetrics
ReleaseDC
GetDesktopWindow
GetSysColor
GetDC
DestroyWindow
DefWindowProcW
UpdateLayeredWindowIndirect
GetCaretBlinkTime
GetDoubleClickTime
IsWindow
MessageBeep
EndPaint
BeginPaint
IsIconic
GetAncestor
InvalidateRect
SetForegroundWindow
ReleaseCapture
GetParent
EnableMenuItem
UpdateLayeredWindow
GetClientRect
SetWindowLongW
FlashWindowEx
SetCursor
SetCapture
SetParent
GetUpdateRect
SetFocus
SetLayeredWindowAttributes
UnregisterTouchWindow
MoveWindow
GetForegroundWindow
AttachThreadInput
SetWindowPlacement
IsChild
ClientToScreen
RegisterTouchWindow
GetCapture
ShowWindow
DestroyCursor
GetWindowPlacement
GetWindowLongPtrW
SetWindowTextW
SendMessageW
ScreenToClient
CreateWindowExW
SetWindowRgn
SetWindowLongPtrW
SetWindowPos
IsWindowVisible
GetMenu
GetWindowRect
GetWindow
MonitorFromPoint
PostMessageW
IsTouchWindow
AdjustWindowRectEx
GetSystemMenu
GetWindowThreadProcessId
GetWindowLongW
GetCursorPos
LoadImageW
GetSysColorBrush
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
GetKeyboardLayoutList
GetClassInfoW
WindowFromPoint
RegisterClassExW
ChildWindowFromPointEx
UnregisterClassW
GetFocus
ChangeClipboardChain
IsHungAppWindow
SetClipboardViewer
FindWindowA
RegisterWindowMessageW
ShowCaret
DestroyCaret
IsWindowEnabled
GetKeyboardLayout
CreateCaret
SetCaretPos
HideCaret
GetMonitorInfoW
EnumDisplayMonitors
MonitorFromWindow
ToAscii
IsZoomed
TrackPopupMenuEx
ToUnicode
PeekMessageW
SetMenuItemInfoW
GetKeyboardState
MapVirtualKeyW
GetKeyState
LoadIconW
CreateMenu
AppendMenuW
RemoveMenu

dbghelp

StackWalk64
SymFromAddr
SymGetLineFromAddr64
SymEnumSymbols
SymSetContext
SymGetModuleInfo64
SymCleanup
SymInitializeW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

uxtheme

GetCurrentThemeName
IsThemeActive
GetThemePartSize
GetThemeColor
OpenThemeData
GetThemeBackgroundRegion
SetWindowTheme
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemeEnumValue
ord47
GetThemeBool
GetThemePropertyOrigin
GetThemeTransitionDuration
CloseThemeData
GetThemeMargins
GetThemeInt

dwmapi

DwmIsCompositionEnabled
DwmGetWindowAttribute
DwmSetWindowAttribute
DwmEnableBlurBehindWindow

oleaut32

SafeArrayCreateVector
SysAllocString
SysFreeString
SafeArrayPutElement

imm32

ImmAssociateContextEx
ImmSetCandidateWindow
ImmGetOpenStatus
ImmAssociateContext
ImmGetCompositionStringW
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmGetDefaultIMEWnd
ImmGetVirtualKey
ImmNotifyIME

crypt32

CertAddCertificateContextToStore
CertFreeCertificateChain
CertGetCertificateChain
CertCreateCertificateContext
CertOpenSystemStoreW
CertOpenSystemStoreA
CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore
CertCloseStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertEnumCertificatesInStore

gdi32

GetDIBits
ExtTextOutW
SetTextAlign
SetBkMode
SetTextColor
GetCharABCWidthsW
GetCharABCWidthsI
GetCharABCWidthsFloatW
GetGlyphOutlineW
SetWorldTransform
GetFontData
CombineRgn
DeleteObject
SelectClipRgn
GetRegionData
DeleteDC
CreateRectRgn
GdiFlush
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
OffsetRgn
SetLayout
GetDeviceCaps
CreateBitmap
SetGraphicsMode
CreateCompatibleBitmap
GetObjectW
GetBitmapBits
CreateFontIndirectW
CreateDCW
EnumFontFamiliesExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
AddFontResourceExW
RemoveFontResourceExW
GetStockObject
GetTextFaceW
GetOutlineTextMetricsW
GetTextExtentPoint32W

advapi32

InitiateSystemShutdownW
AdjustTokenPrivileges
OpenProcessToken
GetUserNameW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
GetSidSubAuthority
GetSidSubAuthorityCount
SystemFunction036
CopySid
BuildTrusteeWithSidW
DuplicateToken
GetNamedSecurityInfoW
LookupAccountSidW
MapGenericMask
AccessCheck
GetEffectiveRightsFromAclW
RegCreateKeyExW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegFlushKey
LookupPrivilegeValueW
RegNotifyChangeKeyValue
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
FreeSid
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
GetTokenInformation
InitializeSecurityDescriptor
CryptDestroyKey
CryptGetUserKey
CryptAcquireContextW
CryptEnumProvidersW
CryptDecrypt
CryptExportKey
CryptCreateHash
CryptSetHashParam
CryptDestroyHash
CryptSignHashW
CryptGetProvParam
CryptReleaseContext
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegQueryValueExW

mpr

WNetGetUniversalNameW

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

NetShareEnum
NetApiBufferFree

ws2_32

WSAHtonl
WSAAccept
WSAConnect
gethostname
setsockopt
connect
socket
WSAAsyncSelect
closesocket
bind
accept
freeaddrinfo
getnameinfo
htons
WSAAddressToStringW
ntohs
ntohl
WSASetLastError
WSAStringToAddressW
htonl
WSAGetLastError
WSACleanup
WSAStartup
WSARecv
WSASocketW
select
WSANtohl
getsockname
getsockopt
ioctlsocket
WSASend
__WSAFDIsSet
getpeername
WSARecvFrom
WSASendTo
WSAIoctl
WSANtohs
getaddrinfo
listen

kernel32

GetCPInfo
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
GetVersionExW
VirtualProtect
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
GetStringTypeW
RaiseException
DecodePointer
EncodePointer
RtlPcToFileHeader
TryEnterCriticalSection
RtlUnwindEx
SetConsoleCtrlHandler
SystemTimeToTzSpecificLocalTime
HeapSize
ExitThread
GetCommandLineA
SetStdHandle
SetFileAttributesW
GetConsoleCP
HeapFree
HeapAlloc
IsValidLocale
EnumSystemLocalesW
HeapReAlloc
GetProcessHeap
IsValidCodePage
GetOEMCP
SetEnvironmentVariableW
WriteConsoleW
GetExitCodeThread
GetTickCount
VirtualAlloc
VirtualFree
GetGeoInfoW
GetUserGeoID
GetTimeZoneInformation
ReleaseSemaphore
CreateSemaphoreW
LCMapStringW
CompareStringW
GetDiskFreeSpaceExW
GetVolumeNameForVolumeMountPointW
FindNextChangeNotification
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileExW
VirtualQuery
OpenFileMappingW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
FlushFileBuffers
FileTimeToSystemTime
MoveFileExW
MoveFileW
GetCurrentDirectoryW
FormatMessageW
GetLastError
TlsAlloc
CloseHandle
LocalFree
WideCharToMultiByte
TlsFree
FormatMessageA
GetCurrentProcessId
RtlCaptureContext
GetCurrentProcess
GetCurrentThread
WaitForMultipleObjects
CreateMutexW
WaitForSingleObject
ReleaseMutex
ProcessIdToSessionId
Sleep
OpenMutexW
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetVolumePathNameW
GetDriveTypeW
GetSystemDirectoryW
SetThreadExecutionState
VerSetConditionMask
VerifyVersionInfoW
SetLastError
GetStdHandle
WriteFile
GetEnvironmentVariableW
GetModuleHandleW
GetFileType
RtlVirtualUnwind
TlsSetValue
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetCurrentThreadId
DeleteCriticalSection
TlsGetValue
GetModuleHandleExW
DeleteFiber
SwitchToFiber
CreateFiber
GetSystemTimeAsFileTime
QueryPerformanceCounter
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
FreeLibrary
FindFirstFileW
FindNextFileW
FindClose
SetConsoleMode
ReadConsoleA
GetConsoleMode
ReadConsoleW
PostQueuedCompletionStatus
SetWaitableTimer
VerifyVersionInfoA
GetQueuedCompletionStatus
CreateEventW
SetEvent
TerminateThread
QueueUserAPC
SleepEx
CreateIoCompletionPort
GetFileAttributesExW
CreateDirectoryW
RemoveDirectoryW
CreateHardLinkW
CreateFileW
GetFileInformationByHandle
DeleteFileW
CopyFileW
ReadFile
GetFileSizeEx
DeviceIoControl
SetEndOfFile
GetOverlappedResult
SetFilePointerEx
CreateEventA
GetACP
CreateWaitableTimerA
CancelIo
GetModuleHandleA
GlobalMemoryStatusEx
lstrcmpW
WTSGetActiveConsoleSessionId
OpenProcess
CheckRemoteDebuggerPresent
GetLocaleInfoW
GlobalAlloc
GlobalLock
GlobalUnlock
ExpandEnvironmentStringsW
CreateProcessW
GlobalSize
GetUserDefaultLangID
GetVolumeInformationW
GetLongPathNameW
LocalAlloc
GetConsoleWindow
ExitProcess
InitializeCriticalSection
DisconnectNamedPipe
WaitNamedPipeW
CreateNamedPipeW
ConnectNamedPipe
ResetEvent
GlobalFree
SetHandleInformation
CompareStringEx
OutputDebugStringW
IsProcessorFeaturePresent
TerminateProcess
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
DuplicateHandle
SetFilePointer
WaitForSingleObjectEx
GetExitCodeProcess
GetLocalTime
GetSystemTime
GetNativeSystemInfo
CreateThread
GetSystemInfo
SwitchToThread
GetThreadPriority
SetThreadPriority
ResumeThread
QueryPerformanceFrequency
GetTickCount64
GetUserDefaultLCID
GetCurrencyFormatW
GetDateFormatW
GetTimeFormatW
GetUserPreferredUILanguages
RegisterWaitForSingleObject
UnregisterWaitEx
CancelIoEx
ReadFileEx
PeekNamedPipe
WriteFileEx
GetModuleFileNameW
GetStartupInfoW
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
GetVolumePathNamesForVolumeNameW
GetFullPathNameW
GetFileInformationByHandleEx
SetFileTime
SetErrorMode
GetLogicalDrives
GetFileAttributesW
GetTempPathW

ole32

CoCreateInstance
CoInitialize
OleFlushClipboard
OleGetClipboard
OleIsCurrentClipboard
OleSetClipboard
OleInitialize
OleUninitialize
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoInitializeEx
CoTaskMemFree
CoGetMalloc
CoCreateGuid
StringFromGUID2
ReleaseStgMedium
CoUninitialize
DoDragDrop

shell32

SHGetKnownFolderPath
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHCreateItemFromIDList
SHGetPathFromIDListW
SHGetKnownFolderIDList
SHBrowseForFolderW
SHCreateItemFromParsingName
SHGetMalloc
ShellExecuteW
SHGetStockIconInfo
ord727
ord190
ord155
SHOpenFolderAndSelectItems
SHGetFileInfoW
SHChangeNotify
CommandLineToArgvW

winmm

timeKillEvent
timeSetEvent
PlaySoundW

mswsock

AcceptEx
GetAcceptExSockaddrs

bcrypt

BCryptGenRandom

Sections

.text
Size: 14.1MB - Virtual size: 14.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10.0MB - Virtual size: 10.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 234KB - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 601KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43e9de9af2c731b65119f92fa435bbac

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

powrprof

user32

dbghelp

wtsapi32

uxtheme

dwmapi

oleaut32

imm32

crypt32

gdi32

advapi32

mpr

userenv

version

netapi32

ws2_32

kernel32

ole32

shell32

winmm

mswsock

bcrypt

Sections

.text Size: 14.1MB - Virtual size: 14.1MB

.rdata Size: 10.0MB - Virtual size: 10.0MB

.data Size: 234KB - Virtual size: 379KB

.pdata Size: 601KB - Virtual size: 600KB

.qtmetad Size: 1KB - Virtual size: 1KB

.qtmimed Size: 315KB - Virtual size: 315KB

.rsrc Size: 150KB - Virtual size: 149KB

.reloc Size: 101KB - Virtual size: 100KB

.text
Size: 14.1MB - Virtual size: 14.1MB

.rdata
Size: 10.0MB - Virtual size: 10.0MB

.data
Size: 234KB - Virtual size: 379KB

.pdata
Size: 601KB - Virtual size: 600KB

.qtmetad
Size: 1KB - Virtual size: 1KB

.qtmimed
Size: 315KB - Virtual size: 315KB

.rsrc
Size: 150KB - Virtual size: 149KB

.reloc
Size: 101KB - Virtual size: 100KB