2024-09-05_6eb051e69036962582804952d76ab579_floxif_mafia_qakbot

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-05_6eb051e69036962582804952d76ab579_floxif_mafia_qakbot
Size

552KB
MD5

6eb051e69036962582804952d76ab579
SHA1

ec0038cc942254ec4a8a6f13266ee2950e27b9b8
SHA256

37fad17d37d5ec40e5a3791ad99cfb2bb383c53af1906d8e8e39fe6b84bece3e
SHA512

c4833fac914134fca4ace64cec9a513b3f2f111a92455ea2362d48752e10edf523adb726dd8e98546c831ab535e58b7b9424a5c41aa1bb53c4d11bb64d626291
SSDEEP

12288:TEUrBq1yNjwdh+/4HYNxYpFYw8yt0OtIis1YGOjUF3cBjvrEH7W:Tvjwdh+/44DYp6bq3IT1YG0UF3WrEH7W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-05_6eb051e69036962582804952d76ab579_floxif_mafia_qakbot

Files

2024-09-05_6eb051e69036962582804952d76ab579_floxif_mafia_qakbot
.exe windows:5 windows x86 arch:x86

8dcfb123d8bf3ea3b30dc77bbcc61cab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\buildagent\work\2a32b2572faba9d8\Ext4Dokan\Release\extservice.pdb

Imports

dokan

_DokanGlobalInit@4
DokanUnmount
DokanMain

kernel32

CreateEventW
WaitForMultipleObjects
DeleteCriticalSection
CloseHandle
GetLogicalDrives
Sleep
CreateFileW
GetCurrentProcess
GetExitCodeThread
DuplicateHandle
SetFilePointerEx
VirtualFree
ReadFile
VirtualAlloc
GetModuleFileNameW
EnterCriticalSection
WaitNamedPipeW
SetNamedPipeHandleState
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
GetCurrentThreadId
FormatMessageW
LoadLibraryW
InterlockedExchange
GetCurrentProcessId
LeaveCriticalSection
InitializeCriticalSection
WriteFile
SetThreadExecutionState
SetEvent
WaitForSingleObject
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
DeviceIoControl
GetLastError
FlushFileBuffers
CompareStringW
SetEnvironmentVariableA
DefineDosDeviceW
HeapSize
IsProcessorFeaturePresent
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
SetFilePointer
HeapFree
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetConsoleCP
GetConsoleMode
HeapAlloc
InterlockedDecrement
InterlockedIncrement
ExitThread
CreateThread
EncodePointer
DecodePointer
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCommandLineW
HeapSetInformation
RtlUnwind
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetStartupInfoW
HeapCreate
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
WriteConsoleW
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
LCMapStringW
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
FreeEnvironmentStringsW

user32

UnregisterPowerSettingNotification
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetUserObjectSecurity
wsprintfW
RegisterPowerSettingNotification

advapi32

RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW

shell32

SHGetSpecialFolderPathW

ole32

StringFromGUID2

Sections

.text
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8dcfb123d8bf3ea3b30dc77bbcc61cab

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dokan

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 380KB - Virtual size: 380KB

.rdata Size: 64KB - Virtual size: 64KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 448B

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 380KB - Virtual size: 380KB

.rdata
Size: 64KB - Virtual size: 64KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 448B

.reloc
Size: 21KB - Virtual size: 20KB