qakbot | third_carved_dll[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

third_carved_dll.bin
Size

166KB
MD5

07dfe6aed5e353c8d4cc0ab026c63e3e
SHA1

29fe5ec300aa7e3b5124a223eafaa0c7df39db56
SHA256

110423a9555f7aba13483288abdb3badc6194dc01f825bfe1be174d506625efb
SHA512

7d165bc271fde6a07d65400f4175eaa12710bb4219cb24085b67cfa7559352df9d7dd08814a42f2b17d1b888e7b43093a8d6ad630eb0eb6bfe97014a6ef0bb8a
SSDEEP

3072:9ixYRIgVFK9cJx2I87ZMGCDaZqZu9E/gVAE/dxwtJBdw:9ixYVVQ9G2I8ZMGjZqY9EcAWUB6

Score

10^/10

qakbot

Malware Config

Signatures

Detect Qakbot Payload 1 IoCs

resource	yara_rule
sample	family_qakbot_v5

Qakbot family
qakbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
third_carved_dll.bin

Files

third_carved_dll.bin
.dll windows:6 windows x64 arch:x64

a28c12e8a4434cbcb5b5a15bbbf3a0c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

strcmp
_snprintf
_errno
memset
_vsnprintf
_strtoi64
memchr
_time64
strncpy
strchr
strtod
localeconv
_vsnwprintf
qsort
atol
memcpy

kernel32

FindNextFileW
GetTickCount
SetThreadPriority
FlushFileBuffers
LocalAlloc
GetExitCodeProcess
GetFileAttributesW
MultiByteToWideChar
SetCurrentDirectoryA
Sleep
lstrcmpiW
GetDriveTypeW
GetLastError
CreateDirectoryW
lstrcatA
lstrcmpA
CreateMutexW
GetCurrentThread
GetProcessId
GetNumberFormatA
DisconnectNamedPipe
MoveFileW
ExitThread
K32GetModuleFileNameExW
GetCurrentProcessId
SwitchToThread
GetModuleHandleA
GetProcAddress
HeapCreate
HeapFree
HeapAlloc
LoadLibraryA
GetCurrentProcess
lstrcatW
WideCharToMultiByte
FindFirstFileW
GetSystemTimeAsFileTime
SetFileAttributesW
lstrlenW
LoadLibraryW
FreeLibrary
GetCommandLineW
GetVersionExA
GetSystemInfo
GetCurrentDirectoryW
GetWindowsDirectoryW

user32

CharUpperBuffA
CharUpperBuffW

shell32

CommandLineToArgvW

ole32

CoCreateInstance
CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

SafeArrayGetLBound
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayDestroy
VariantClear
SysFreeString
SysAllocString

Exports

Exports

hvsi

Sections

.text
Size: 126KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a28c12e8a4434cbcb5b5a15bbbf3a0c7

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 126KB - Virtual size: 128KB

.rdata Size: 21KB - Virtual size: 24KB

.data Size: 12KB - Virtual size: 16KB

.pdata Size: 5KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 126KB - Virtual size: 128KB

.rdata
Size: 21KB - Virtual size: 24KB

.data
Size: 12KB - Virtual size: 16KB

.pdata
Size: 5KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 4KB