General

Malware Config

Signatures

Files

• qakbot.exe

  .exe windows:4 windows x86 arch:x86

  72934a1eb7edf6a5e1fadddf7433bfdd

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetModuleHandleW

  VirtualAllocEx

  GetLastError

  Sleep

  user32

  LoadIconA

  IsClipboardFormatAvailable

  WindowFromDC

  GetClipboardData

  ReleaseCapture

  IsCharLowerA

  GetInputState

  GetThreadDesktop

  DestroyWindow

  gdi32

  GetStockObject

  GetEnhMetaFileW

  GetDCBrushColor

  GetDCPenColor

  CloseEnhMetaFile

  CreateCompatibleDC

  GetMapMode

  advapi32

  RegOpenKeyExA

  RegQueryValueExA

  RegCloseKey

  RegOpenKeyW

  shell32

  ShellExecuteEx

  SHGetSpecialFolderPathA

  SHFreeNameMappings

  DuplicateIcon

  ShellExecuteW

  DragQueryFileW

  ExtractAssociatedIconExW

  SHBrowseForFolderA

  SHFileOperationA

  CommandLineToArgvW

  ShellAboutW

  ShellHookProc

  CheckEscapesW

  Shell_NotifyIcon

  SHGetFileInfoA

  SHGetFileInfoW

  SHCreateDirectoryExW

  SHGetFolderLocation

  SHQueryRecycleBinA

  SHInvokePrinterCommandW

  SHBindToParent

  SHGetPathFromIDListA

  DoEnvironmentSubstA

  shlwapi

  StrChrIW

  StrStrA

  StrChrA

  StrStrIW

  StrChrIA

  StrRChrIA

  StrRChrA

  Sections

  .text

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 2.7MB - Virtual size: 2.7MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data2

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .data

  Size: 5KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .data4

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE