qakbot | a40000[.]dll

Resubmissions

16-05-2024 06:08

240516-gv9n7sff28 10

Sharing

Copy URL

Twitter E-mail

General

Target

a40000.dll
Size

408KB
MD5

45234504c9fc489cb71be23f1ffeed73
SHA1

e51e28ac648917523c51d9b5a4a1641a3b1202c6
SHA256

b991ef2d58b3246bf5f313e2be71ea961fae1376ec88435173f7fb15a48b6fe2
SHA512

868458dee62fdb69bb5e396251a26091b71490ee7ca04b3d0342a18455f7a7e29d9981b024ce48fedbe85494374a40ed601e53bef9a615e4c8f3304c56655297
SSDEEP

12288:SWutt3oBwRkzp8e2gTQTLZMJpkrLThkr6S:SjtfuzQkCThkr6

Score

10^/10

tr 1645451836 qakbot

Malware Config

Extracted

Family

qakbot

Version

403.532

Botnet

Campaign

1645451836

190.206.211.182:443

31.35.28.29:443

105.186.167.230:995

72.252.201.34:990

40.134.247.125:995

186.64.87.194:443

2.50.41.69:61200

217.164.119.29:2222

161.142.53.137:443

74.15.2.252:2222

149.135.101.20:443

92.177.45.46:2078

190.73.3.148:2222

81.213.206.182:443

180.233.150.134:995

217.164.115.166:2222

144.202.2.175:443

105.184.116.32:995

47.180.172.159:50010

96.21.251.127:2222

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Signatures

Qakbot family
qakbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a40000.dll

Files

a40000.dll
.dll regsvr32 windows:6 windows x86 arch:x86

c6aac10542db3e904e81b2882e47bece

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleacc

CreateStdAccessibleObject
LresultFromObject

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathFindExtensionW

msvcrt

_strtoi64
qsort
_snprintf
memcmp
_vsnprintf
wcsrchr
wcschr
memchr
memset
_time64
strncpy
_purecall
_mktime64
wcscspn
wcsspn
strchr
wcscat_s
_open_osfhandle
fread
feof
fgetws
fwrite
_fileno
fseek
fputws
_fdopen
fclose
memmove
_wcsicoll
wcspbrk
_wcsicmp
_expand
_msize
realloc
_ftol2_sse
_vsnwprintf
strtod
localeconv
memcpy
atol
__CxxFrameHandler3
wcsnlen
wcscpy_s
clearerr_s
fflush
ferror
_get_osfhandle
__doserrno
ftell
malloc
wcsncpy_s
free
_errno
atexit

kernel32

LocalFree
DeleteCriticalSection
GlobalUnlock
MulDiv
MultiByteToWideChar
InitializeCriticalSection
OutputDebugStringW
IsDebuggerPresent
GetModuleFileNameW
GetCurrentThreadId
GetVersionExW
GlobalDeleteAtom
FreeLibrary
WideCharToMultiByte
lstrcmpW
LoadLibraryExW
GetModuleHandleW
GetFileSizeEx
CreateFileW
SetFileAttributesW
GetFileAttributesExW
FileTimeToSystemTime
CloseHandle
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetFileTime
GlobalHandle
TlsSetValue
LocalAlloc
TlsAlloc
TlsGetValue
LocalReAlloc
GlobalReAlloc
CompareStringW
EncodePointer
GetSystemDirectoryW
GlobalGetAtomNameW
GlobalAddAtomW
LoadLibraryW
GlobalFindAtomW
ReadFile
GetVolumeInformationW
FindFirstFileW
GetFullPathNameW
GetCurrentProcess
WriteFile
LockFile
SetFilePointer
SetEndOfFile
FindClose
DeleteFileW
UnlockFile
GetFileSize
FlushFileBuffers
SetThreadPriority
GetCurrentProcessId
SwitchToThread
HeapCreate
LoadLibraryA
lstrcmpiA
GetSystemTimeAsFileTime
GetExitCodeProcess
FindNextFileW
GetVersionExA
GetSystemInfo
GetWindowsDirectoryW
GetModuleHandleA
GlobalFlags
VerSetConditionMask
VerifyVersionInfoW
GetTickCount
GlobalLock
DecodePointer
HeapAlloc
FindResourceW
LoadResource
CreateMutexW
GlobalFree
GlobalAlloc
LockResource
FormatMessageW
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
HeapFree
SizeofResource
MoveFileW
K32GetModuleFileNameExW
GetDriveTypeW
lstrcmpiW
GetFileAttributesW
GetOEMCP
lstrcpyW
lstrcatW
GetProcessId
lstrcpynW
DisconnectNamedPipe
CreateDirectoryW
lstrcatA
GetLastError
lstrcpynA
GetCurrentThread
DuplicateHandle
lstrcmpA
GetProcAddress

user32

GetMonitorInfoW
IsMenu
RedrawWindow
DispatchMessageW
GetCapture
BeginDeferWindowPos
IsWindow
GetClassInfoW
RemovePropW
CallNextHookEx
ScreenToClient
CreateWindowExW
SetActiveWindow
MonitorFromWindow
GetPropW
MessageBoxW
SetWindowPos
DestroyWindow
GetFocus
GetMenu
GetWindowRect
CallWindowProcW
GetMessagePos
GetKeyState
AdjustWindowRectEx
DefWindowProcW
GetLastActivePopup
DeferWindowPos
CharUpperW
GetActiveWindow
SetWindowTextW
TranslateMessage
GetMessageW
CharUpperBuffA
CharUpperBuffW
RegisterClassExA
UnregisterClassA
CreateWindowExA
DrawTextW
GetWindowDC
DrawTextExW
ClientToScreen
GrayStringW
TabbedTextOutW
GetDesktopWindow
RealChildWindowFromPoint
IsWindowEnabled
GetWindowThreadProcessId
InvalidateRect
KillTimer
SetTimer
PeekMessageW
EnableMenuItem
CheckMenuItem
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
IsDialogMessageW
ShowWindow
GetNextDlgTabItem
CreateDialogIndirectParamW
EndDialog
EnumDisplayMonitors
BeginPaint
EndPaint
EnableWindow
UnhookWindowsHookEx
LoadCursorW
GetSysColorBrush
GetWindowLongW
GetWindow
SendMessageW
GetScrollPos
SetFocus
GetWindowTextW
SendDlgItemMessageA
SetRectEmpty
GetClientRect
GetParent
PostMessageW
PostQuitMessage
GetDC
ReleaseDC
GetSystemMetrics
CopyRect
GetSysColor
DestroyMenu
SystemParametersInfoW
GetMenuItemID
GetSubMenu
IsChild
RegisterClassW
MapWindowPoints
ValidateRect
GetTopWindow
GetForegroundWindow
SetMenu
WinHelpW
GetMessageTime
SetPropW
LoadIconW
GetClassNameW
EndDeferWindowPos
SetWindowsHookExW
SetWindowLongW
GetDlgItem
GetClassLongW
GetClassInfoExW
RegisterWindowMessageW
PtInRect
GetDlgCtrlID
UpdateWindow
SetForegroundWindow
IsIconic
GetMenuItemCount

gdi32

ScaleViewportExtEx
SetViewportOrgEx
CreatePen
TextOutW
SetViewportExtEx
OffsetViewportOrgEx
SetWindowExtEx
GetDeviceCaps
DeleteDC
CreateCompatibleBitmap
CreateDIBitmap
GetTextCharsetInfo
EnumFontFamiliesW
SaveDC
ScaleWindowExtEx
RectVisible
GetClipBox
ExtTextOutW
CreateFontIndirectW
GetObjectW
CreateCompatibleDC
BitBlt
DeleteObject
GetTextMetricsW
GetStockObject
SelectObject
CreateBitmap
SetBkColor
CreatePatternBrush
SetTextColor
PtVisible
Escape
SetMapMode
CreateSolidBrush
RestoreDC

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

comdlg32

GetSaveFileNameW
GetFileTitleW
GetOpenFileNameW
ChooseColorW

advapi32

RegEnumValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW

shell32

ShellExecuteW

ole32

CoInitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoCreateGuid
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantChangeType
VariantInit
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayGetLBound

Exports

Exports

DllRegisterServer

Sections

.text
Size: 249KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

c6aac10542db3e904e81b2882e47bece

Headers

File Characteristics

Imports

oleacc

shlwapi

msvcrt

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 249KB - Virtual size: 249KB

.rdata Size: 133KB - Virtual size: 133KB

.data Size: 8KB - Virtual size: 17KB

.CRT Size: 512B - Virtual size: 108B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 249KB - Virtual size: 249KB

.rdata
Size: 133KB - Virtual size: 133KB

.data
Size: 8KB - Virtual size: 17KB

.CRT
Size: 512B - Virtual size: 108B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB