2024-05-30_98b2d75958a8b785ea2f68c376245efc_magniber_qakbot

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-30_98b2d75958a8b785ea2f68c376245efc_magniber_qakbot
Size

23.7MB
MD5

98b2d75958a8b785ea2f68c376245efc
SHA1

c761d75614bbf8bde9c274d6fe2189a7425897b2
SHA256

a70475a4b6165e9ac79dd5396c576879802b452451568385be17be276fd878f0
SHA512

63f7764ad60e58782d7fc0c38fcb4a6bc8bd3c803f42ca7097fda49f9b543bdf89e35cefc99e61b8604c31de77ff673730ce1c129f6538235ac88b0025ba3257
SSDEEP

98304:Nv+ks6tdW2YY+ZJ8gUgMTC89lgAGYt1joWoL8KJ72eoeMmZ+2Y7mfW3+XCM+lgyu:xnYNx6gUEixmmJJPCxbv51woi0Ki3

Score

1^/10

Malware Config

Signatures

Files

2024-05-30_98b2d75958a8b785ea2f68c376245efc_magniber_qakbot
.exe windows:4 windows x86 arch:x86

671e15393c3ca01d00b64e1723ab4ca9

Code Sign

4a:c3:22:0d:49:71:90:c9:4e:f8:b4:9c:98:44:1c:08
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/09/2009, 00:00

Not After

01/09/2010, 23:59

Subject

CN=Passware\, Inc.,O=Passware\, Inc.,POSTALCODE=94040,STREET=Ste 180+STREET=800 W El Camino Real,L=Mountain View,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d6:f4:be:3e:8e:61:c3:e9:a1:ff:72:98:4a:78:1b:04:99:b4:ac:df
Signer

Actual PE Digest

d6:f4:be:3e:8e:61:c3:e9:a1:ff:72:98:4a:78:1b:04:99:b4:ac:df

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegEnumKeyExA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptDuplicateHash
CryptCreateHash
RegOpenKeyW
CryptAcquireContextA
CryptDestroyKey
CryptSetKeyParam
CryptDeriveKey
CryptDecrypt
CryptEncrypt
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegGetKeySecurity
RegEnumValueW
RegFlushKey

comctl32

ImageList_GetIconSize
ord17
ImageList_Draw
ImageList_LoadImageW
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_Create
ImageList_Destroy
ImageList_Add
ImageList_AddMasked
_TrackMouseEvent
ImageList_GetIcon

comdlg32

GetOpenFileNameW
GetSaveFileNameW

gdi32

SetBkColor
ExtTextOutW
DeleteObject
LineTo
SelectObject
CreatePen
PatBlt
DeleteDC
CreatePatternBrush
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateSolidBrush
GetObjectW
GetStockObject
SetBkMode
MoveToEx
CreateRoundRectRgn
Polyline
GetTextExtentPoint32A
CreateFontIndirectA
GetObjectA
GetTextExtentPoint32W
ExcludeClipRect
IntersectClipRect
DeleteEnhMetaFile
Polygon
GetClipBox
PlayEnhMetaFile
CloseEnhMetaFile
CreateEnhMetaFileW
EnumFontFamiliesExW
CreateFontW
CreateDIBSection
GetTextFaceW
GetTextMetricsW
DPtoLP
GetDIBColorTable
EnumFontFamiliesW
FrameRgn
SetTextColor
CreateFontIndirectW

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA
SHGetFileInfoW
DragQueryFileW
SHFileOperationW
ord155
ord77
SHGetDesktopFolder
CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
ShellExecuteW
SHGetMalloc

kernel32

FindClose
FindNextFileW
FindFirstFileW
SetEvent
ResetEvent
CreateEventA
WaitForSingleObject
Sleep
SetThreadPriority
GetThreadTimes
GetCurrentThread
GetFileAttributesExW
SetFileAttributesW
TlsFree
TlsGetValue
GetExitCodeThread
TlsSetValue
TlsAlloc
LocalFree
FormatMessageW
SetEndOfFile
WideCharToMultiByte
IsBadWritePtr
IsBadReadPtr
VirtualQuery
SetErrorMode
DuplicateHandle
InterlockedExchangeAdd
GetModuleFileNameA
SetUnhandledExceptionFilter
LoadLibraryA
FormatMessageA
GlobalMemoryStatus
GetVersionExA
GetFullPathNameA
GetModuleHandleA
GetLocaleInfoA
GetNumberFormatA
GetDateFormatW
GetTimeFormatW
GlobalSize
CreateMutexW
ReleaseMutex
GetSystemInfo
WriteFile
ExpandEnvironmentStringsW
CreateEventW
FreeResource
GetTimeZoneInformation
GetDriveTypeW
GetFileAttributesW
LocalAlloc
GetPrivateProfileStringA
GetLogicalDrives
GetTempPathW
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
GetACP
GetThreadLocale
CreateThread
GetModuleHandleW
DefineDosDeviceW
DeviceIoControl
GetLogicalDriveStringsW
GetLocalTime
lstrlenA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetLocaleInfoW
CompareStringA
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
SetEnvironmentVariableA
GetDateFormatA
GetTimeFormatA
GetConsoleMode
GetConsoleCP
ReadFile
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetOEMCP
HeapCreate
GetStdHandle
GetCPInfo
LCMapStringW
LCMapStringA
FindNextFileA
DeleteFileA
GetFileAttributesA
SetFileAttributesA
GetCurrentDirectoryA
FindFirstFileA
GetDriveTypeA
IsDebuggerPresent
TerminateProcess
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetFileType
SetStdHandle
FlushFileBuffers
SetFilePointer
GetFullPathNameW
SetEnvironmentVariableW
FileTimeToLocalFileTime
FileTimeToSystemTime
RemoveDirectoryW
CreateDirectoryW
DeleteFileW
ExitProcess
MoveFileW
GetStartupInfoW
RtlUnwind
LoadLibraryExW
GetCommandLineW
lstrcpynA
LoadLibraryW
GetProcAddress
FreeLibrary
CreateFileW
lstrcmpiW
CompareStringW
lstrcpyW
GlobalHandle
GlobalFree
GetModuleFileNameW
lstrcmpW
GetLastError
InitializeCriticalSection
lstrlenW
MulDiv
lstrcpynW
GetVersionExW
GlobalAlloc
GlobalLock
GlobalUnlock
DeleteCriticalSection
MultiByteToWideChar
SetLastError
GetCurrentThreadId
InterlockedExchange
InterlockedIncrement
GetCurrentProcess
FlushInstructionCache
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetSystemTime
QueryPerformanceFrequency
CloseHandle
InterlockedDecrement
CreateDirectoryA
ExitThread
RemoveDirectoryA
GetFileSize
ResumeThread
WaitForMultipleObjects
CreateProcessW
GetSystemDefaultLCID

user32

UnregisterDeviceNotification
RegisterDeviceNotificationW
EnumThreadWindows
SendMessageW
SetParent
CheckMenuItem
DrawIconEx
DrawIcon
HideCaret
SetWindowLongW
InvalidateRect
IsWindow
GetClassInfoExW
LoadCursorW
DefWindowProcW
CreateWindowExW
RegisterClassExW
CallWindowProcW
GetWindowLongW
DestroyIcon
LoadIconW
ScrollWindowEx
SetScrollPos
GetScrollPos
TrackMouseEvent
DrawFrameControl
DrawTextExW
PostThreadMessageW
SetWindowRgn
AttachThreadInput
ShowScrollBar
SetScrollInfo
EnumChildWindows
GetScrollInfo
GetSysColorBrush
GetUpdateRect
SendMessageTimeoutW
InflateRect
FrameRect
FindWindowExA
RegisterClassA
SendDlgItemMessageA
SetClipboardData
EmptyClipboard
MessageBoxA
SendMessageA
CheckRadioButton
MsgWaitForMultipleObjects
wsprintfW
GetMessageW
TranslateMessage
DispatchMessageW
KillTimer
SetTimer
GetMenuStringW
GetMenuItemID
CreateMenu
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
GetKeyState
OpenClipboard
LoadImageW
LoadAcceleratorsW
PeekMessageW
MessageBeep
RemoveMenu
TrackPopupMenuEx
LoadStringA
PostQuitMessage
LoadStringW
SetMenuDefaultItem
GetMenuItemInfoW
AppendMenuW
IsDialogMessageW
DrawMenuBar
InsertMenuItemW
GetMenuItemCount
SetMenuInfo
CreatePopupMenu
TranslateAcceleratorW
GetForegroundWindow
SetMenuItemInfoW
MessageBoxW
DialogBoxParamW
DrawFocusRect
GetDlgCtrlID
IsWindowEnabled
OffsetRect
DrawTextW
SetDlgItemTextW
PostMessageW
EndDialog
IsDlgButtonChecked
ScreenToClient
EnableMenuItem
DestroyMenu
SetForegroundWindow
GetClientRect
ClientToScreen
TrackPopupMenu
LoadMenuW
GetSubMenu
DialogBoxIndirectParamA
SystemParametersInfoA
SetWindowLongA
GetSystemMenu
GetDlgItemTextA
GetWindowLongA
CopyRect
GetClassInfoA
LoadCursorA
CreateCursor
UnregisterClassA
GetCursorPos
SetFocus
DestroyWindow
GetActiveWindow
GetWindowRect
ShowWindow
SetWindowPos
SetRectEmpty
CreateDialogParamW
UpdateWindow
CheckDlgButton
DestroyCursor
LoadBitmapW
AdjustWindowRectEx
GetMenu
IsMenu
CreateDialogIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
MapDialogRect
SetWindowContextHelpId
IsWindowVisible
CreateAcceleratorTableW
GetFocus
GetWindow
DestroyAcceleratorTable
GetDesktopWindow
GetClassNameW
IsChild
RedrawWindow
InvalidateRgn
GetDC
MoveWindow
CharNextW
GetSysColor
MapWindowPoints
GetDlgItem
EnableWindow
SetWindowTextW
GetCapture
SetCursor
ReleaseDC
GetWindowDC
EndPaint
BeginPaint
GetSystemMetrics
SystemParametersInfoW
GetMessagePos
PtInRect
DrawEdge
ReleaseCapture
FillRect
GetParent
SetCapture

ole32

CoCreateInstance
CoTaskMemAlloc
CreateStreamOnHGlobal
OleInitialize
CoInitializeEx
StgCreateDocfileOnILockBytes
StgCreateDocfile
RevokeDragDrop
DoDragDrop
RegisterDragDrop
CoUninitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemFree
StgOpenStorage
StgOpenStorageOnILockBytes
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
ReleaseStgMedium
CreateDataAdviseHolder
StgIsStorageILockBytes
GetHGlobalFromStream
OleUninitialize

oleaut32

SysFreeString
SysStringLen
SysAllocString
SysStringByteLen
VariantInit
VariantClear
SysAllocStringLen
SafeArrayCreateVector
OleCreateFontIndirect
SafeArrayPutElement
SafeArrayDestroyDescriptor
VarUI4FromStr
DispCallFunc
LoadTypeLi
LoadRegTypeLi

msimg32

GradientFill
AlphaBlend

imagehlp

SymGetLineFromAddr
StackWalk
SymGetModuleBase
SymGetSymFromAddr
SymInitialize
SymSetOptions
ImagehlpApiVersion
CheckSumMappedFile
SymFunctionTableAccess

rasapi32

RasEnumEntriesW

winmm

PlaySoundW

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
select
closesocket
socket
ioctlsocket
recv
send
shutdown
htonl
connect
htons

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5rqyagiv
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 132KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dllshar
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13.2MB - Virtual size: 13.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

jzcaxk77
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

c.oykw7f
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

671e15393c3ca01d00b64e1723ab4ca9

Code Sign

4a:c3:22:0d:49:71:90:c9:4e:f8:b4:9c:98:44:1c:08Certificate

Extended Key Usages

Key Usages

d6:f4:be:3e:8e:61:c3:e9:a1:ff:72:98:4a:78:1b:04:99:b4:ac:dfSigner

Headers

File Characteristics

Imports

advapi32

comctl32

comdlg32

gdi32

shell32

kernel32

user32

ole32

oleaut32

msimg32

imagehlp

rasapi32

winmm

ws2_32

version

Sections

.text Size: 6.5MB - Virtual size: 6.5MB

5rqyagiv Size: 1.8MB - Virtual size: 1.8MB

.data Size: 132KB - Virtual size: 216KB

.tls Size: 4KB - Virtual size: 4KB

.dllshar Size: 4KB - Virtual size: 4KB

.rsrc Size: 13.2MB - Virtual size: 13.2MB

jzcaxk77 Size: 2.0MB - Virtual size: 2.0MB

c.oykw7f Size: 40KB - Virtual size: 40KB

4a:c3:22:0d:49:71:90:c9:4e:f8:b4:9c:98:44:1c:08
Certificate

d6:f4:be:3e:8e:61:c3:e9:a1:ff:72:98:4a:78:1b:04:99:b4:ac:df
Signer

.text
Size: 6.5MB - Virtual size: 6.5MB

5rqyagiv
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 132KB - Virtual size: 216KB

.tls
Size: 4KB - Virtual size: 4KB

.dllshar
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 13.2MB - Virtual size: 13.2MB

jzcaxk77
Size: 2.0MB - Virtual size: 2.0MB

c.oykw7f
Size: 40KB - Virtual size: 40KB