CfGetPlatformInfo
Behavioral task
behavioral1
Sample
af6a9b7e7aefeb903c76417ed2b8399b73657440ad5f8b48a25cfe5e97ff868f.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
af6a9b7e7aefeb903c76417ed2b8399b73657440ad5f8b48a25cfe5e97ff868f.dll
Resource
win10v2004-20240412-en
General
-
Target
362978ed1c1eec5ff19b744601e082a2.bin
-
Size
99KB
-
MD5
268eef2cf46ce87135c90c6948e3d673
-
SHA1
4bc1d6a108250f52d819b70992493a3a80df381a
-
SHA256
1aa8e55ceec841c7ca088da6fc3e018ebc265bfd3ce85cae0339106143800186
-
SHA512
1cdfbfcd1eecb0ec62456923369b2353aafacf14fb9057dacad7d4fcded828705742fff7b7fe7524397e9287ef90182b55e56b049943a3236d0a2cb3039215e1
-
SSDEEP
1536:ErsYCV7bwLn7iWpWUy1AUDs/RDIrfSUeJSat1v+zar1VYrOBZCiLW6wowdc:8s7bwLnWVUVJa5eJSaHvj3DzW8
Malware Config
Signatures
-
Detect Qakbot Payload 1 IoCs
Processes:
resource yara_rule static1/unpack001/af6a9b7e7aefeb903c76417ed2b8399b73657440ad5f8b48a25cfe5e97ff868f.exe family_qakbot_v5 -
Qakbot family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/af6a9b7e7aefeb903c76417ed2b8399b73657440ad5f8b48a25cfe5e97ff868f.exe
Files
-
362978ed1c1eec5ff19b744601e082a2.bin.zip
Password: infected
-
af6a9b7e7aefeb903c76417ed2b8399b73657440ad5f8b48a25cfe5e97ff868f.exe.dll windows:6 windows x64 arch:x64
Password: infected
a5864330cc4bfd0882fb2f3679901037
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
msvcrt
strcmp
_snprintf
_errno
memset
_vsnprintf
_strtoi64
memchr
_time64
strncpy
strchr
strtod
localeconv
_vsnwprintf
qsort
atol
memcpy
kernel32
SetFileAttributesW
GetTickCount
SetThreadPriority
FlushFileBuffers
LocalAlloc
GetExitCodeProcess
GetFileAttributesW
MultiByteToWideChar
SetCurrentDirectoryA
Sleep
lstrcmpiW
GetDriveTypeW
GetLastError
CreateDirectoryW
lstrcatA
lstrcmpA
CreateMutexW
GetCurrentThread
GetProcessId
GetNumberFormatA
DisconnectNamedPipe
MoveFileW
ExitThread
GetCurrentProcessId
SwitchToThread
GetModuleHandleA
GetProcAddress
HeapCreate
HeapFree
HeapAlloc
LoadLibraryA
GetCurrentProcess
lstrcatW
WideCharToMultiByte
FindFirstFileW
FindNextFileW
GetSystemTimeAsFileTime
lstrlenW
LoadLibraryW
FreeLibrary
GetCommandLineW
GetVersionExA
GetSystemInfo
GetCurrentDirectoryW
GetWindowsDirectoryW
user32
CharUpperBuffA
CharUpperBuffW
shell32
CommandLineToArgvW
ole32
CoCreateInstance
CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity
oleaut32
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayDestroy
VariantClear
SysFreeString
SysAllocString
Exports
Exports
Sections
.text Size: 128KB - Virtual size: 128KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 21KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 68B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ