2024-07-10_bb5f002703f12a9d97c82ef15fea32ed_mafia_qakbot

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-10_bb5f002703f12a9d97c82ef15fea32ed_mafia_qakbot
Size

718KB
MD5

bb5f002703f12a9d97c82ef15fea32ed
SHA1

57cf5f61098fbcd674afff46fecb214b3d4582ca
SHA256

fda1fbfb281ed836064a4440e78e4374a8c9d426f793d6e95ec347dea8c91dd7
SHA512

784c5d804fc31a1feae8991aa95b4f04e37f2f6f8b4e7e28c922fbc3fe3615da05b95eda5ada0f6828a985df55f566ea204bd4964a889f64f4ad1b2af0874d01
SSDEEP

12288:irZrNTrIVCb9cGM94XJqY8bcnTCdOwF0roVV+qK8bBpMGHG0OdAMjoF3NmSTs63s:iNTrDb9HM945qX4nTG3eroVV+qK8bBf4

Score

1^/10

Malware Config

Signatures

Files

2024-07-10_bb5f002703f12a9d97c82ef15fea32ed_mafia_qakbot
.exe windows:5 windows x86 arch:x86

b8431d3a627758bc35184dfbf9218dfc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

49:79:b4:45:86:fc:4e:12:1f:f1:3c:c1:e7:4c:81:4d
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/08/2014, 00:00

Not After

08/08/2015, 23:59

Subject

CN=MyViralApp,O=MyViralApp,POSTALCODE=6801294,STREET=tel aviv+STREET=2 Kaufman Yehezkel,L=tel aviv,ST=TEL AVIV-JAFFA,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d8:bd:a5:d7:04:02:f6:c6:37:19:80:bb:ec:41:bd:e5:cb:84:bc:d6
Signer

Actual PE Digest

d8:bd:a5:d7:04:02:f6:c6:37:19:80:bb:ec:41:bd:e5:cb:84:bc:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\work\ytg\outputLSP\release\Agent.pdb

Imports

kernel32

GetTempPathW
GetExitCodeProcess
GetShortPathNameW
SetEvent
AreFileApisANSI
GetFileAttributesA
DeleteFileA
GetTempPathA
LockFile
LockFileEx
UnlockFile
GetFullPathNameA
GetFullPathNameW
LoadLibraryA
GetSystemTime
GetSystemTimeAsFileTime
TlsSetValue
TlsGetValue
TlsAlloc
RaiseException
InitializeCriticalSectionAndSpinCount
FlushInstructionCache
GlobalAlloc
lstrlenW
lstrcmpiW
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
LoadLibraryExW
GlobalFree
GlobalHandle
CreateMutexW
lstrlenA
GetCommandLineW
WriteConsoleW
SetEnvironmentVariableA
CompareStringW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
Sleep
SetStdHandle
HeapCreate
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
GetLocaleInfoW
GetStdHandle
TlsFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
GetTickCount
HeapSetInformation
GetTimeZoneInformation
ExitProcess
CreateThread
ExitThread
GetLocalTime
GetDateFormatW
GetTimeFormatW
MoveFileW
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
RtlUnwind
DecodePointer
EncodePointer
InterlockedExchange
CreateEventW
WaitForSingleObject
OutputDebugStringW
GetVersionExW
CreateProcessW
GetModuleHandleA
SetLastError
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
RemoveDirectoryW
GetFileAttributesW
GetProcessHeap
HeapAlloc
HeapFree
GetCurrentProcessId
OpenProcess
TerminateProcess
GetCurrentProcess
IsWow64Process
GetModuleHandleW
CreateDirectoryW
GetLastError
GetPrivateProfileStringW
GetPrivateProfileIntW
SetFilePointer
SetEndOfFile
FlushFileBuffers
FindFirstFileW
FindNextFileW
FindClose
LoadLibraryW
GetProcAddress
FreeLibrary
FormatMessageW
LocalFree
WriteFile
CreateFileA
CreateFileW
GetFileSize
ReadFile
CloseHandle
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeW
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
GetStartupInfoW
DeleteFileW
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte

user32

CharNextW
GetSysColor
MoveWindow
SetWindowPos
GetClientRect
ClientToScreen
ScreenToClient
DefWindowProcW
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
SetWindowLongW
GetParent
GetDlgItem
GetDC
GetWindowLongW
ReleaseCapture
FillRect
DestroyWindow
CallWindowProcW
RegisterWindowMessageW
EndPaint
BeginPaint
GetDesktopWindow
DestroyAcceleratorTable
SetFocus
GetFocus
SendMessageW
IsWindow
GetClassNameW
GetWindow
UnregisterClassA
IsChild
SetWindowContextHelpId
MapDialogRect
SendDlgItemMessageW
KillTimer
SetTimer
EndDialog
GetActiveWindow
DialogBoxIndirectParamW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateAcceleratorTableW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW

gdi32

BitBlt
GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject

advapi32

SetSecurityDescriptorDacl
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
ConvertStringSidToSidW
RegQueryInfoKeyW
StartServiceW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
ChangeServiceConfigW
ControlService
DeleteService
CreateServiceW
ChangeServiceConfig2W
DuplicateTokenEx
OpenProcessToken
GetTokenInformation
LookupAccountSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetKernelObjectSecurity
RegGetKeySecurity
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
CopySid
AddAce
GetAce
RegSetKeySecurity
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
RegDeleteKeyValueW
RegCloseKey

shell32

SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW

ole32

CoGetClassObject
OleLockRunning
CLSIDFromProgID
CoTaskMemFree
CoTaskMemRealloc
CLSIDFromString
CreateStreamOnHGlobal
CoCreateInstance
CoSetProxyBlanket
StringFromGUID2
CoTaskMemAlloc
OleRun
CoInitializeEx
CoInitializeSecurity
OleUninitialize
CoUninitialize
OleInitialize

oleaut32

GetErrorInfo
SysFreeString
VariantInit
VariantClear
SysAllocString
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi

shlwapi

SHDeleteKeyW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
FindCloseUrlCache
FindFirstUrlCacheEntryW
HttpQueryInfoW
InternetReadFile
InternetQueryDataAvailable
HttpSendRequestW
HttpOpenRequestW
InternetCloseHandle
InternetConnectW
InternetSetOptionW
InternetOpenW
InternetCrackUrlW
HttpQueryInfoA

secur32

GetUserNameExW

gdiplus

GdiplusStartup

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW

lyricsgizmutil

LoadIEConnectWindow
LoadIEBgWIndow

Sections

.text
Size: 518KB - Virtual size: 518KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8431d3a627758bc35184dfbf9218dfc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

49:79:b4:45:86:fc:4e:12:1f:f1:3c:c1:e7:4c:81:4dCertificate

Extended Key Usages

Key Usages

d8:bd:a5:d7:04:02:f6:c6:37:19:80:bb:ec:41:bd:e5:cb:84:bc:d6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

wininet

secur32

gdiplus

psapi

lyricsgizmutil

Sections

.text Size: 518KB - Virtual size: 518KB

.rdata Size: 113KB - Virtual size: 112KB

.data Size: 13KB - Virtual size: 25KB

.rsrc Size: 34KB - Virtual size: 34KB

.reloc Size: 32KB - Virtual size: 32KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

49:79:b4:45:86:fc:4e:12:1f:f1:3c:c1:e7:4c:81:4d
Certificate

d8:bd:a5:d7:04:02:f6:c6:37:19:80:bb:ec:41:bd:e5:cb:84:bc:d6
Signer

.text
Size: 518KB - Virtual size: 518KB

.rdata
Size: 113KB - Virtual size: 112KB

.data
Size: 13KB - Virtual size: 25KB

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 32KB - Virtual size: 32KB