General
-
Target
e148f524a1b02cc54295191906f15ee9.bin
-
Size
580KB
-
MD5
e148f524a1b02cc54295191906f15ee9
-
SHA1
d5fe57991638613c09030b7a1f81359039a944de
-
SHA256
bbdfb6a71f05de5457d63d5ca1130a010777f0ba9ee14052bf3ec0ebe9c961a1
-
SHA512
a7dd2108651a51f9542f4176e9dae33fab056183968c76d8fa235ba76ce76da9ba53b2b0e7baa3e98b1fb6ae92bf74258a06e5b589bab55d3a21a43405ba5351
-
SSDEEP
12288:QTh+CfHel/TrAnFvUyTFZPsj8w6Sw98MYXwlktzW6XlORNB7MRWop:QFfHUTrAneqvPS+8M0lE7CH
Malware Config
Signatures
-
Qakbot family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e148f524a1b02cc54295191906f15ee9.bin
Files
-
e148f524a1b02cc54295191906f15ee9.bin.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 79KB - Virtual size: 79KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 33KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 435KB - Virtual size: 434KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ