qakbot[.]exe | Triage

General

Target

qakbot.exe
Size

2.7MB
MD5

6f9e304b289770a66e089ae2be83952c
SHA1

629c55b8e3e4fd9a6c0a4463ef5d30ceda133eb8
SHA256

b92c0aafb4e9b0fc2b023dbb14d7e848249f29e02b0e4cd8624ce27e55c9ac4c
SHA512

c621eb4c8f51bae2e75cbffd53db8173d91340e2987cccd15453a2a2c048d9820b26b64e0d51fbfb441e5dbf4f9108cfbe46bda872f2980491028d93fcb33f94
SSDEEP

12288:hmJnJHUrcxNxDxfxNxnxNxIWxNxsyRxNxRxNx0xNxrjG8zme:w5cir

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

qakbot.exe

resource
qakbot.exe

Files

qakbot.exe
.exe windows:4 windows x86 arch:x86

72934a1eb7edf6a5e1fadddf7433bfdd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
VirtualAllocEx
GetLastError
Sleep

user32

LoadIconA
IsClipboardFormatAvailable
WindowFromDC
GetClipboardData
ReleaseCapture
IsCharLowerA
GetInputState
GetThreadDesktop
DestroyWindow

gdi32

GetStockObject
GetEnhMetaFileW
GetDCBrushColor
GetDCPenColor
CloseEnhMetaFile
CreateCompatibleDC
GetMapMode

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyW

shell32

ShellExecuteEx
SHGetSpecialFolderPathA
SHFreeNameMappings
DuplicateIcon
ShellExecuteW
DragQueryFileW
ExtractAssociatedIconExW
SHBrowseForFolderA
SHFileOperationA
CommandLineToArgvW
ShellAboutW
ShellHookProc
CheckEscapesW
Shell_NotifyIcon
SHGetFileInfoA
SHGetFileInfoW
SHCreateDirectoryExW
SHGetFolderLocation
SHQueryRecycleBinA
SHInvokePrinterCommandW
SHBindToParent
SHGetPathFromIDListA
DoEnvironmentSubstA

shlwapi

StrChrIW
StrStrA
StrChrA
StrStrIW
StrChrIA
StrRChrIA
StrRChrA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data2
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data4
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

72934a1eb7edf6a5e1fadddf7433bfdd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 2.7MB - Virtual size: 2.7MB

.data2 Size: 3KB - Virtual size: 2KB

.data Size: 5KB - Virtual size: 5KB

.data4 Size: 3KB - Virtual size: 2KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data2
Size: 3KB - Virtual size: 2KB

.data
Size: 5KB - Virtual size: 5KB

.data4
Size: 3KB - Virtual size: 2KB