2024-08-10_4c07462446321165d762dee66e51bde1_mafia_qakbot

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-10_4c07462446321165d762dee66e51bde1_mafia_qakbot
Size

572KB
MD5

4c07462446321165d762dee66e51bde1
SHA1

7a44dd357f4c67efef6943865ef14c413895c4ac
SHA256

fdada2dac3fa1dd6d2fbaf2224d0da088edd3701f98d743a7b4ee5fd3732c7bf
SHA512

04eebf38d40c12d0edfe2967b94a711b44e8b4be8159743cb98633ba6d50e1ba2bbde7058a3749ab034d13cc465c8aff4a70427107072430cbb721b0fb3e05cb
SSDEEP

12288:G78Igd8yoLKmhT2cc4yi2Xdrlmz/14IZ4Xoy0hQggVLuJJyOz:PIgd+LKmhSp4wXdrl4+IZ4YVQRVqJJDz

Score

1^/10

Malware Config

Signatures

Files

2024-08-10_4c07462446321165d762dee66e51bde1_mafia_qakbot
.exe windows:5 windows x86 arch:x86

9e6a93fad6e9218c3588b5c50fb2353d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f9:88:0f:26:4f:26:ac:f6:20:ea:0e:8b:8a:57:de:c5
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/03/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=appzoozoo.com,OU=appzoozoo.com,O=appzoozoo.com,POSTALCODE=6801294,STREET=2nd Koifman St,L=tel aviv,ST=tel aviv,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:06:59:89:6d:6f:80:33:cd:c6:76:9f:55:3f:6f:6d:e4:6d:c1:ef
Signer

Actual PE Digest

8c:06:59:89:6d:6f:80:33:cd:c6:76:9f:55:3f:6f:6d:e4:6d:c1:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReleaseMutex
ReadFile
GetFileSize
CreateMutexW
CopyFileW
SetEndOfFile
SetFilePointer
SetFileTime
GetSystemTimeAsFileTime
GetFileAttributesW
GetCurrentThreadId
FileTimeToSystemTime
FileTimeToLocalFileTime
SetEvent
CreateEventW
DeviceIoControl
CreateFileA
GetTickCount
GetWindowsDirectoryA
DeleteFileA
SetLastError
CopyFileA
WritePrivateProfileStringW
GetPrivateProfileStringW
FormatMessageW
InterlockedDecrement
FindNextFileA
FindFirstFileA
FindCloseChangeNotification
FindNextChangeNotification
FindFirstChangeNotificationW
GetPrivateProfileIntW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
RaiseException
InitializeCriticalSectionAndSpinCount
FlushInstructionCache
GlobalAlloc
lstrlenW
InterlockedIncrement
lstrcmpiW
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
LoadLibraryExW
GlobalFree
GlobalHandle
lstrlenA
SetEnvironmentVariableA
SetEnvironmentVariableW
CompareStringW
GetDriveTypeW
WriteConsoleW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
GetStdHandle
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetTimeZoneInformation
CreateThread
ExitThread
GetDateFormatW
GetTimeFormatW
ExitProcess
FindFirstFileExA
GetDriveTypeA
SystemTimeToFileTime
LocalFileTimeToFileTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
GetLongPathNameW
LoadLibraryW
FreeLibrary
GetModuleHandleW
GetVersionExW
GetProcessHeap
HeapAlloc
HeapValidate
HeapFree
CreateToolhelp32Snapshot
SizeofResource
Process32FirstW
Process32NextW
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
Sleep
DeleteFileW
CreateFileW
WriteFile
FlushFileBuffers
MultiByteToWideChar
GetCurrentProcess
IsWow64Process
GetCurrentProcessId
OpenProcess
TerminateProcess
CloseHandle
GetModuleHandleA
GetProcAddress
LocalAlloc
GetLastError
LocalFree
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
MoveFileW
RtlUnwind
DecodePointer
EncodePointer
InterlockedExchange
GetStringTypeW
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
LockResource
IsValidLocale

user32

GetParent
GetDlgItem
GetClassNameW
ReleaseCapture
FillRect
DestroyWindow
CallWindowProcW
EndPaint
UnregisterClassA
SetWindowLongW
GetWindowLongW
BeginPaint
GetDesktopWindow
IsChild
SetFocus
GetWindow
DefWindowProcW
CharNextW
GetSysColor
MoveWindow
SetWindowPos
GetClientRect
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
GetFocus
DestroyAcceleratorTable
GetWindowTextLengthW
SetWindowContextHelpId
MapDialogRect
SendDlgItemMessageW
KillTimer
SetTimer
EndDialog
GetActiveWindow
DialogBoxIndirectParamW
RegisterWindowMessageW
SendMessageW
GetWindowTextW
SetWindowTextW
CreateAcceleratorTableW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW
IsWindow
SetCapture

gdi32

BitBlt
GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject

advapi32

RegOpenKeyExW
LookupAccountSidW
RegDeleteKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateServiceA
RegOpenKeyA
RegCreateKeyExA
RegSetValueExA
OpenServiceA
StartServiceW
ControlService
DeleteService
QueryServiceStatusEx
CreateServiceW
QueryServiceStatus
ChangeServiceConfig2W
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
OpenSCManagerW
OpenServiceW
CloseServiceHandle
ChangeServiceConfigW
AllocateAndInitializeSid
FreeSid
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
GetTokenInformation

shell32

SHGetFolderPathW

ole32

CoInitializeSecurity
CoTaskMemFree
CoUninitialize
CoInitializeEx
OleRun
CoSetProxyBlanket
CoTaskMemRealloc
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CoTaskMemAlloc
CoCreateInstance
CLSIDFromString
CreateStreamOnHGlobal
OleUninitialize
OleInitialize

oleaut32

GetErrorInfo
SysFreeString
SysAllocString
SysStringLen
SysAllocStringLen
VariantClear
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
VariantInit
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

HttpQueryInfoW
InternetReadFile
HttpQueryInfoA
InternetCrackUrlW
InternetOpenW
InternetSetOptionW
InternetConnectW
InternetCloseHandle
HttpOpenRequestW
HttpSendRequestW
InternetQueryDataAvailable

urlmon

URLDownloadToCacheFileW

iphlpapi

GetAdaptersInfo

gdiplus

GdiplusStartup

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW

Sections

.text
Size: 361KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e6a93fad6e9218c3588b5c50fb2353d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

f9:88:0f:26:4f:26:ac:f6:20:ea:0e:8b:8a:57:de:c5Certificate

Extended Key Usages

Key Usages

8c:06:59:89:6d:6f:80:33:cd:c6:76:9f:55:3f:6f:6d:e4:6d:c1:efSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

version

wininet

urlmon

iphlpapi

gdiplus

psapi

Sections

.text Size: 361KB - Virtual size: 361KB

.rdata Size: 74KB - Virtual size: 74KB

.data Size: 11KB - Virtual size: 23KB

.rsrc Size: 92KB - Virtual size: 91KB

.reloc Size: 26KB - Virtual size: 25KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

f9:88:0f:26:4f:26:ac:f6:20:ea:0e:8b:8a:57:de:c5
Certificate

8c:06:59:89:6d:6f:80:33:cd:c6:76:9f:55:3f:6f:6d:e4:6d:c1:ef
Signer

.text
Size: 361KB - Virtual size: 361KB

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 11KB - Virtual size: 23KB

.rsrc
Size: 92KB - Virtual size: 91KB

.reloc
Size: 26KB - Virtual size: 25KB