qakbot | ioenou[.]exe[.]-239442116

Resubmissions

12-10-2023 13:31

231012-qsv8gaeb39 10

11-10-2023 07:09

231011-hy29zabb48 10

Sharing

Copy URL

Twitter E-mail

General

Target

ioenou.exe.-239442116
Size

130KB
MD5

479c596e0459402209859913aa4280ed
SHA1

3786faae5946919d23631bb69c8b6a07d5775abf
SHA256

28f49c8ec7e739247dc8fbaa421456efb5869b1d92181d2b99c93520064cbb5f
SHA512

0475695a4f8933b6afdf73eb3546fba4edcc47ad01f9dc9af2910a07fb89101bd2288fa91702b95d8c4a06abbbc4fe38a3b12abbc6f622a00d4c2400c9dac9ff
SSDEEP

3072:608q9D1i4yfNwvcKgi1AvuJ4I/YzTBfQzcoG5y:cfiEKxGvuJL/YzTBozcoG5y

Score

10^/10

qakbot

Malware Config

Signatures

Qakbot family
qakbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
ioenou.exe.-239442116

Files

ioenou.exe.-239442116
.exe windows:6 windows x86

98c56d6d57f333d2cebfe915a2fae3ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

malloc
_snprintf
_errno
_strtoi64
free
_vsnprintf
memchr
memset
_vsnwprintf
_time64
strncpy
strchr
strtod
localeconv
_ftol2_sse
qsort
atol
memcpy

kernel32

FindNextFileW
GetTickCount
SetThreadPriority
FlushFileBuffers
LocalAlloc
GetExitCodeProcess
GetSystemTimeAsFileTime
GetFileAttributesW
GetModuleHandleA
SetCurrentDirectoryA
Sleep
lstrcmpiW
GetDriveTypeW
GetLastError
CreateDirectoryW
lstrcatA
CreateMutexW
GetCurrentThread
GetProcessId
DisconnectNamedPipe
lstrcmpA
K32GetModuleFileNameExW
MoveFileW
ExitThread
GetNumberFormatA
GetCurrentProcessId
SwitchToThread
GetModuleHandleW
GetProcAddress
HeapCreate
HeapFree
HeapAlloc
LoadLibraryA
GetCurrentProcess
MultiByteToWideChar
lstrcatW
WideCharToMultiByte
FindFirstFileW
GetWindowsDirectoryW
SetFileAttributesW
lstrlenW
LoadLibraryW
FreeLibrary
GetCommandLineW
GetVersionExA
GetSystemInfo
GetCurrentDirectoryW

user32

CharUpperBuffA
CharUpperBuffW

shell32

CommandLineToArgvW

ole32

CoCreateInstance
CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

VariantClear
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayDestroy
SysAllocString
SafeArrayGetLBound
SysFreeString

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

98c56d6d57f333d2cebfe915a2fae3ce

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

shell32

ole32

oleaut32

Sections

.text Size: 98KB - Virtual size: 97KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 98KB - Virtual size: 97KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB