Try VMRay Platform
Malicious
Classifications

Trojan Injector Banker

Threat Names

QBot

Dynamic Analysis Report

Created on 2023-06-15T03:37:26+00:00

b8e5e6f25a38fafe147ffa77f3d44a3323254797ebe8017b8a19de866a24daba.dll

Windows DLL (x86-32)
...

Remarks (2/3)

(0x02000009): DLL files normally need to be submitted with an appropriate loader. Analysis result may be incomplete if an appropriate loader was not submitted.

(0x02000008): One or more processes crashed during the analysis. Analysis results may be incomplete.

(0x0200000E): The overall sleep time of all monitored processes was truncated from "9 minutes, 16 seconds" to "2 minutes, 10 seconds" to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\b8e5e6f25a38fafe147ffa77f3d44a3323254797ebe8017b8a19de866a24daba.dll Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 246.31 KB
MD5 dd81dc63ccb726fe343c88adc475997e Copy to Clipboard
SHA1 2a8ec1e877fd4283723a3387b6cb623156a8cfba Copy to Clipboard
SHA256 b8e5e6f25a38fafe147ffa77f3d44a3323254797ebe8017b8a19de866a24daba Copy to Clipboard
SSDeep 6144:cRixgWEZ5Txh9QQU7kVTAHluobjrA3XqpyNj7R5o9nPz7gS1Tz3:cRwBEZp11EFcUTz3 Copy to Clipboard
ImpHash b82f222a9ed7cfb1419f0e64bdeaac8b Copy to Clipboard
PE Information
»
Image Base 0x647C0000
Entry Point 0x647C1400
Size Of Code 0x0000FA00
Size Of Initialized Data 0x00018800
Size Of Uninitialized Data 0x00000400
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 1970-01-01 01:00 (UTC+1)
Version Information (12)
»
Comments Provided under the terms of the GNU General Public License (GPLv2.1+), or BSD.
CompanyName OpenSC Project
FileDescription pkcs11-helper - An easy way to access PKCS#11 modules
FileVersion 1.0.0.0
InternalName pkcs11-helper
LegalCopyright Copyright © 2006-2008 Alon Bar-Lev
LegalTrademarks -
OriginalFilename pkcs11-helper-1.dll
PrivateBuild -
ProductName pkcs11-helper
ProductVersion 1,22,0,0
SpecialBuild debug threading token data certificate slotevent openssl engine_crypto_openssl engine_crypto_mbedtls engine_crypto_cryptoapi engine_crypto
Sections (10)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x647C1000 0x0000F9D4 0x0000FA00 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.79
.data 0x647D1000 0x000000B8 0x00000200 0x0000FE00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 1.41
.rdata 0x647D2000 0x00005724 0x00005800 0x00010000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ 5.44
.bss 0x647D8000 0x000003F4 0x00000000 0x00015800 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.edata 0x647D9000 0x00000AFB 0x00000C00 0x00015800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ 5.02
.idata 0x647DA000 0x00000D8C 0x00000E00 0x00016400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.47
.CRT 0x647DB000 0x0000002C 0x00000200 0x00017200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.2
.tls 0x647DC000 0x00000020 0x00000200 0x00017400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.27
.rsrc 0x647DD000 0x0002354D 0x00024000 0x00017600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.77
.reloc 0x64801000 0x00000E98 0x00001000 0x0003B600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.47
Imports (2)
»
KERNEL32.dll (31)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CloseHandle - 0x647DA2F8 0x0001A11C 0x0001651C 0x00000054
CreateEventA - 0x647DA2FC 0x0001A120 0x00016520 0x00000085
CreateMutexA - 0x647DA300 0x0001A124 0x00016524 0x0000009F
DeleteCriticalSection - 0x647DA304 0x0001A128 0x00016528 0x000000D5
EnterCriticalSection - 0x647DA308 0x0001A12C 0x0001652C 0x000000F1
FileTimeToSystemTime - 0x647DA30C 0x0001A130 0x00016530 0x00000129
FreeLibrary - 0x647DA310 0x0001A134 0x00016534 0x00000166
GetCurrentProcess - 0x647DA314 0x0001A138 0x00016538 0x000001C6
GetCurrentProcessId - 0x647DA318 0x0001A13C 0x0001653C 0x000001C7
GetCurrentThreadId - 0x647DA31C 0x0001A140 0x00016540 0x000001CB
GetLastError - 0x647DA320 0x0001A144 0x00016544 0x00000205
GetModuleFileNameW - 0x647DA324 0x0001A148 0x00016548 0x00000216
GetProcAddress - 0x647DA328 0x0001A14C 0x0001654C 0x00000247
GetSystemTimeAsFileTime - 0x647DA32C 0x0001A150 0x00016550 0x0000027D
GetTickCount - 0x647DA330 0x0001A154 0x00016554 0x00000299
InitializeCriticalSection - 0x647DA334 0x0001A158 0x00016558 0x000002ED
LeaveCriticalSection - 0x647DA338 0x0001A15C 0x0001655C 0x00000328
LoadLibraryA - 0x647DA33C 0x0001A160 0x00016560 0x0000032B
QueryPerformanceCounter - 0x647DA340 0x0001A164 0x00016564 0x00000398
ReleaseMutex - 0x647DA344 0x0001A168 0x00016568 0x000003C4
SetEvent - 0x647DA348 0x0001A16C 0x0001656C 0x00000423
SetUnhandledExceptionFilter - 0x647DA34C 0x0001A170 0x00016570 0x0000046D
Sleep - 0x647DA350 0x0001A174 0x00016574 0x0000047A
SystemTimeToTzSpecificLocalTime - 0x647DA354 0x0001A178 0x00016578 0x00000486
TerminateProcess - 0x647DA358 0x0001A17C 0x0001657C 0x00000488
TlsGetValue - 0x647DA35C 0x0001A180 0x00016580 0x0000048F
UnhandledExceptionFilter - 0x647DA360 0x0001A184 0x00016584 0x0000049C
VirtualProtect - 0x647DA364 0x0001A188 0x00016588 0x000004BC
VirtualQuery - 0x647DA368 0x0001A18C 0x0001658C 0x000004BF
WaitForSingleObject - 0x647DA36C 0x0001A190 0x00016590 0x000004C8
WideCharToMultiByte - 0x647DA370 0x0001A194 0x00016594 0x000004E0
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MessageBoxW - 0x647DA414 0x0001A238 0x00016638 0x00000254
Exports (71)
»
API Name EAT Address Ordinal
kkcs11h_addProvider 0x0000B3E5 0x00000001
kkcs11h_certificate_create 0x00007D14 0x00000002
kkcs11h_certificate_decrypt 0x00007430 0x00000003
kkcs11h_certificate_decryptAny 0x00007A5D 0x00000004
kkcs11h_certificate_deserializeCertificateId 0x0000DDBF 0x00000005
kkcs11h_certificate_duplicateCertificateId 0x00006AEE 0x00000006
kkcs11h_certificate_ensureCertificateAccess 0x000084A4 0x00000007
kkcs11h_certificate_ensureKeyAccess 0x000086F6 0x00000008
kkcs11h_certificate_enumCertificateIds 0x00009404 0x00000009
kkcs11h_certificate_enumTokenCertificateIds 0x000091D9 0x0000000A
kkcs11h_certificate_freeCertificate 0x00006E77 0x0000000B
kkcs11h_certificate_freeCertificateId 0x000069CB 0x0000000C
kkcs11h_certificate_freeCertificateIdList 0x000090F5 0x0000000D
kkcs11h_certificate_getCertificateBlob 0x00008232 0x0000000E
kkcs11h_certificate_getCertificateId 0x00008109 0x0000000F
kkcs11h_certificate_getPromptMask 0x00008041 0x00000010
kkcs11h_certificate_getUserData 0x000080A5 0x00000011
kkcs11h_certificate_lockSession 0x00006F74 0x00000012
kkcs11h_certificate_releaseSession 0x00007018 0x00000013
kkcs11h_certificate_serializeCertificateId 0x0000DB79 0x00000014
kkcs11h_certificate_setCertificateIdCertificateBlob 0x00006CFD 0x00000015
kkcs11h_certificate_setPromptMask 0x00008071 0x00000016
kkcs11h_certificate_setUserData 0x000080D5 0x00000017
kkcs11h_certificate_sign 0x000070C6 0x00000018
kkcs11h_certificate_signAny 0x0000779A 0x00000019
kkcs11h_certificate_signRecover 0x0000727B 0x0000001A
kkcs11h_certificate_unwrap 0x000075E5 0x0000001B
kkcs11h_data_del 0x0000C884 0x0000001C
kkcs11h_data_enumDataObjects 0x0000CC50 0x0000001D
kkcs11h_data_freeDataIdList 0x0000CB5D 0x0000001E
kkcs11h_data_get 0x0000C130 0x0000001F
kkcs11h_data_put 0x0000C4DF 0x00000020
kkcs11h_engine_setCrypto 0x000016E4 0x00000021
kkcs11h_engine_setSystem 0x00001699 0x00000022
kkcs11h_forkFixup 0x0000BBB3 0x00000023
kkcs11h_getFeatures 0x0000AAC0 0x00000024
kkcs11h_getLogLevel 0x0000B01C 0x00000025
kkcs11h_getMessage 0x0000A2D0 0x00000026
kkcs11h_getVersion 0x0000AAB6 0x00000027
kkcs11h_initialize 0x0000AAD2 0x00000028
kkcs11h_logout 0x0000BCEE 0x00000029
kkcs11h_openssl_createSession 0x0000EF31 0x0000002A
kkcs11h_openssl_freeSession 0x0000F0BE 0x0000002B
kkcs11h_openssl_getCleanupHook 0x0000F05A 0x0000002C
kkcs11h_openssl_getX509 0x0000ED54 0x0000002D
kkcs11h_openssl_session_getEVP 0x0000F371 0x0000002E
kkcs11h_openssl_session_getRSA 0x0000F249 0x0000002F
kkcs11h_openssl_session_getX509 0x0000F5B2 0x00000030
kkcs11h_openssl_setCleanupHook 0x0000F08A 0x00000031
kkcs11h_plugAndPlay 0x0000BBBD 0x00000032
kkcs11h_removeProvider 0x0000B8C9 0x00000033
kkcs11h_setForkMode 0x0000B012 0x00000034
kkcs11h_setLogHook 0x0000B075 0x00000035
kkcs11h_setLogLevel 0x0000B004 0x00000036
kkcs11h_setMaxLoginRetries 0x0000B31D 0x00000037
kkcs11h_setPINCachePeriod 0x0000B2B9 0x00000038
kkcs11h_setPINPromptHook 0x0000B197 0x00000039
kkcs11h_setProtectedAuthentication 0x0000B381 0x0000003A
kkcs11h_setSlotEventHook 0x0000B106 0x0000003B
kkcs11h_setTokenPromptHook 0x0000B228 0x0000003C
kkcs11h_terminate 0x0000AD58 0x0000003D
kkcs11h_token_deserializeTokenId 0x0000D9F5 0x0000003E
kkcs11h_token_duplicateTokenId 0x00004602 0x0000003F
kkcs11h_token_ensureAccess 0x0000D3D9 0x00000040
kkcs11h_token_enumTokenIds 0x00005113 0x00000041
kkcs11h_token_freeTokenId 0x00004538 0x00000042
kkcs11h_token_freeTokenIdList 0x0000502F 0x00000043
kkcs11h_token_login 0x00004C4B 0x00000044
kkcs11h_token_logout 0x00004B1F 0x00000045
kkcs11h_token_sameTokenId 0x00004750 0x00000046
must 0x00004E94 0x00000047
e327e107e2aca849703ae31a92673d1c5bb6671928301cf569143c5fd8ba0308 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 b0e76e996976e7e6a3dff3fcd25fc0f4 Copy to Clipboard
SHA1 a81b2dfce2b703da8d552c7c162e417848b3f78d Copy to Clipboard
SHA256 e327e107e2aca849703ae31a92673d1c5bb6671928301cf569143c5fd8ba0308 Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJaE3a:qQh4tRMfCqtUJAxNwTBoJ5q Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
9613163aeb7aa02d8f4f3393cbb5bfad116f78ef4c4ebf754005f14b6dd88c7f Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 32d421e27d87e1f8dfe3528a1a2bdc9c Copy to Clipboard
SHA1 b0137ca593ec63a77958baf6b047b3a9e9b22dda Copy to Clipboard
SHA256 9613163aeb7aa02d8f4f3393cbb5bfad116f78ef4c4ebf754005f14b6dd88c7f Copy to Clipboard
SSDeep 3072:hVgkjVmq2wV6L94aQRaAhVCJrMbF8TBfw6GEU:92wA4jRPhVCJIbF8TBo6FU Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.43
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.2
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
a353f7923c728e7d5f3f6b4225a983663e06fd8b777d32e7416f27f8d9f9bf9d Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 4a7799fbb941c442f6eec10459c7336b Copy to Clipboard
SHA1 d6a54497c99f6da8f5868048e353dffee8e260c0 Copy to Clipboard
SHA256 a353f7923c728e7d5f3f6b4225a983663e06fd8b777d32e7416f27f8d9f9bf9d Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE3G:qQh4tRMfCqtUJAxNwTBoJaW Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
47d0707c1e5662aeaacc579de8f42c00fdcfe8b381283bd66539e35df1dc5432 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 a15632bd3a47ec88bee833aef5ece5a4 Copy to Clipboard
SHA1 db02df989c36cd5630c13b1c503ed20d94b48691 Copy to Clipboard
SHA256 47d0707c1e5662aeaacc579de8f42c00fdcfe8b381283bd66539e35df1dc5432 Copy to Clipboard
SSDeep 3072:hVgkjVmq2wV6L94aQRaAhVCJrMbF8TBfw6GE9:92wA4jRPhVCJIbF8TBo6F9 Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.43
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.2
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
01308a24b5b6abe8ac1c8ef84949c20e97d03d6fee8f951f1d3cb7843e34e471 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 5412d95597a52285fec3fa1fd1dbb761 Copy to Clipboard
SHA1 6921c1257d49507966d820281832761157ae2f33 Copy to Clipboard
SHA256 01308a24b5b6abe8ac1c8ef84949c20e97d03d6fee8f951f1d3cb7843e34e471 Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJaE3g:qQh4tRMfCqtUJAxNwTBoJ5Q Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
6d388c05d5164683fdc6ff414f029205dcf93533daab587cc4624a5233aac661 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 8a6d04a6a117a6afca308cdd87b3d6bf Copy to Clipboard
SHA1 77c1ea41d2f1f976ca9e7d6a8905367a583802e4 Copy to Clipboard
SHA256 6d388c05d5164683fdc6ff414f029205dcf93533daab587cc4624a5233aac661 Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE3H:qQh4tRMfCqtUJAxNwTBoJa3 Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
90e26af474aa0574dbff86c286ba10b84ba561296a6a39842295d0e12e6256f3 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 a4144cbc8155801f8921cf31d4043263 Copy to Clipboard
SHA1 75a9f3ede29c2ffad41d3d9be96bbcf69bb92b1c Copy to Clipboard
SHA256 90e26af474aa0574dbff86c286ba10b84ba561296a6a39842295d0e12e6256f3 Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE3W:qQh4tRMfCqtUJAxNwTBoJaG Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
7e1da9c75a7e6f2b5b8e1980e51978e2c4d5be66a28819a4a7da9976ca92e49d Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 d583592fc4bd10bf417218ea03e59658 Copy to Clipboard
SHA1 02bf54f498b40034fbf71bdd993235761b619d2c Copy to Clipboard
SHA256 7e1da9c75a7e6f2b5b8e1980e51978e2c4d5be66a28819a4a7da9976ca92e49d Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE3f:qQh4tRMfCqtUJAxNwTBoJaP Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
218918dca32b357b4ce5597c0744688fb9205334915cad716e7a113d2e11d056 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 62145c108e3a9a3ae88382479c2785a8 Copy to Clipboard
SHA1 71191858dffd520ba42d5bad800e8d178b547b85 Copy to Clipboard
SHA256 218918dca32b357b4ce5597c0744688fb9205334915cad716e7a113d2e11d056 Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE3c:qQh4tRMfCqtUJAxNwTBoJaM Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
c28a3a863562215b56d8333b0c081f8d7bb4cb1b1864077d9fa01cdbf42396c0 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 a652df5d2fad9f96d521a485268e1700 Copy to Clipboard
SHA1 1f26f33dc095cf7b1b9f0857f8a24d7a1d514cbc Copy to Clipboard
SHA256 c28a3a863562215b56d8333b0c081f8d7bb4cb1b1864077d9fa01cdbf42396c0 Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE3e:qQh4tRMfCqtUJAxNwTBoJaO Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
f22b971ac7d7c312891c8818989d9fbbc0cb8f6babe19b7985458fed17646b7d Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 5dc73acfc0a01e40bff6f4cb55cdaa00 Copy to Clipboard
SHA1 010dedb8e694713e353ecce333e14ed92ec3fbb3 Copy to Clipboard
SHA256 f22b971ac7d7c312891c8818989d9fbbc0cb8f6babe19b7985458fed17646b7d Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE37:qQh4tRMfCqtUJAxNwTBoJar Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
6d90c79ea0e9a31108572c1277b83e8a405faffbac35de30827fc6fe190e767c Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 0e4d8dccb3b7de0b09f4d13bc8a5aa6c Copy to Clipboard
SHA1 5bb36795f99566332082e981c65aa559658a30f5 Copy to Clipboard
SHA256 6d90c79ea0e9a31108572c1277b83e8a405faffbac35de30827fc6fe190e767c Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE3w:qQh4tRMfCqtUJAxNwTBoJag Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
1750fc20e0cb1ca35fc02ebb841b0c0c8202a9d4471ae94afe751d022db027e3 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 d04dd1c99f9f0bc8da9ffa8764452c42 Copy to Clipboard
SHA1 970db7347c39534cb495fce1b129138d5db8aa20 Copy to Clipboard
SHA256 1750fc20e0cb1ca35fc02ebb841b0c0c8202a9d4471ae94afe751d022db027e3 Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE3e:qQh4tRMfCqtUJAxNwTBoJaO Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
7a8b9c97059bb554bbf85cb35f38f7e741795e478cac3d94d8891bd3798f49db Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 d3409540e439f9fda61d78d79d52870f Copy to Clipboard
SHA1 a9d57d16a4582bd39c31c976c81bd5a393b0d044 Copy to Clipboard
SHA256 7a8b9c97059bb554bbf85cb35f38f7e741795e478cac3d94d8891bd3798f49db Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE3R:qQh4tRMfCqtUJAxNwTBoJaB Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
0882326dc8499a7bb57d14d33d2608869a854ed3ffeee2b6796d05ecb60d822b Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 56c1528daa04432097e6d626d098d256 Copy to Clipboard
SHA1 03fc8c09181af816ea487beff26ecb48249c165e Copy to Clipboard
SHA256 0882326dc8499a7bb57d14d33d2608869a854ed3ffeee2b6796d05ecb60d822b Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE3i:qQh4tRMfCqtUJAxNwTBoJaS Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
5cd91baef9372da76b0071ab24b770cf580fe8d3b5c2ea77b925a4e6b16d5be3 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 c662ef9aedfba776cb5de95be4287999 Copy to Clipboard
SHA1 da835da71e8790f73f700a3304e97759836888de Copy to Clipboard
SHA256 5cd91baef9372da76b0071ab24b770cf580fe8d3b5c2ea77b925a4e6b16d5be3 Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE39:qQh4tRMfCqtUJAxNwTBoJat Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
52cbf5aea454d0159662b02c68c137542bfc569a04820e4b376c1756749be54a Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 d7578cab9ab2298e62bbf4f62d137b71 Copy to Clipboard
SHA1 3a01f8d64d661bcb318880761efed9b9d9c463ee Copy to Clipboard
SHA256 52cbf5aea454d0159662b02c68c137542bfc569a04820e4b376c1756749be54a Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJaE3a:qQh4tRMfCqtUJAxNwTBoJ5K Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
ee769c042f5e3d5a663851133bd7e2de4c4efd7f528cbb53200760be91e8f0ae Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 7d428aac6d1bcab2c21f25585f786c00 Copy to Clipboard
SHA1 14415e48068e54099cf58b7e678570646e410bbe Copy to Clipboard
SHA256 ee769c042f5e3d5a663851133bd7e2de4c4efd7f528cbb53200760be91e8f0ae Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJaE3r:qQh4tRMfCqtUJAxNwTBoJ5b Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
222a73779de151d7d27f27fdf12ac90619b1ef680d758be042d2a4c9135df226 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 a35d094bdc38f80878ece0735f374baf Copy to Clipboard
SHA1 f487b64c7faceca62d8bcffda993e4cce5124daa Copy to Clipboard
SHA256 222a73779de151d7d27f27fdf12ac90619b1ef680d758be042d2a4c9135df226 Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE3D:qQh4tRMfCqtUJAxNwTBoJaz Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
0e4b36d70b9a912e6aa06f76dfb71083893f734d287e8ce7b6aefcb2e17e2a4c Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 c9217c6f578793a50a99b5a8f5c3f2b9 Copy to Clipboard
SHA1 6261e266e2a9624581d6cbb04f1d7a4787fbf033 Copy to Clipboard
SHA256 0e4b36d70b9a912e6aa06f76dfb71083893f734d287e8ce7b6aefcb2e17e2a4c Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE39:qQh4tRMfCqtUJAxNwTBoJat Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
81b522a20ea38c14db3d99adf036b5160f5b15d9e65721393739b1e809feff30 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 8cddab3ea093b9aaec28d124907b85b2 Copy to Clipboard
SHA1 1b9b6f2ee9dea2bd4c46392ff502746ae1f00ab4 Copy to Clipboard
SHA256 81b522a20ea38c14db3d99adf036b5160f5b15d9e65721393739b1e809feff30 Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE3G:qQh4tRMfCqtUJAxNwTBoJa2 Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
c51f49e6b36dc2c3d212738379b70360a7293469a50eea54640bc9b04f1bbaec Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 3430060836012dc95c2561ccb1c8e592 Copy to Clipboard
SHA1 d4110215d44fae440ea7a9653e86100b1e30fe00 Copy to Clipboard
SHA256 c51f49e6b36dc2c3d212738379b70360a7293469a50eea54640bc9b04f1bbaec Copy to Clipboard
SSDeep 3072:hVgkjVmq2wV6L94aQRaAhVCJrMbF8TBfw6GEv:92wA4jRPhVCJIbF8TBo6Fv Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.43
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.2
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
49c4bfbe84a8dd917987f578a583dd0c583399f0ad01e7228f95a211cd71bdb7 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 85b06a310c15f343894edffd2a620856 Copy to Clipboard
SHA1 bf4a1826c3e8a02a83ff293f6d1587da1dfc829b Copy to Clipboard
SHA256 49c4bfbe84a8dd917987f578a583dd0c583399f0ad01e7228f95a211cd71bdb7 Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE3x:qQh4tRMfCqtUJAxNwTBoJah Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
de2c9e28b381fd07a9c15962a2067b14e80bd2fa44348f3724d87445866eb33c Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 9cf940b741806668a6647e41249b26d3 Copy to Clipboard
SHA1 077f626cc2cb62a7844df544da7b04b796ec67c4 Copy to Clipboard
SHA256 de2c9e28b381fd07a9c15962a2067b14e80bd2fa44348f3724d87445866eb33c Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE32:qQh4tRMfCqtUJAxNwTBoJaG Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
756ca77a5199da4db03c9274d7ccebbe5b9470112f4b11fb5f8580024f07525c Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 8d2f8e6ae007b2871acb17ddd832d48e Copy to Clipboard
SHA1 4cb0818de4a3c9cc594ebc3c08d231e3b663e7f2 Copy to Clipboard
SHA256 756ca77a5199da4db03c9274d7ccebbe5b9470112f4b11fb5f8580024f07525c Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE3X:qQh4tRMfCqtUJAxNwTBoJaH Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
7543b3fdf8e9dc857c2327b4e6a67d3531b1a2b8debcd1c96fc3ddc2600c2217 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 7ee79a14246997358c0f6c86b5bdbb1e Copy to Clipboard
SHA1 91b83164a872a1f81413ba6ec8e1e6a1d98c31c6 Copy to Clipboard
SHA256 7543b3fdf8e9dc857c2327b4e6a67d3531b1a2b8debcd1c96fc3ddc2600c2217 Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJaE3H:qQh4tRMfCqtUJAxNwTBoJ53 Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
a76ac78e2c3a78de14368421cf2eb6a2961ee5e868d11f45f4ff30b3800f0c3b Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 3fdecf8a6b02641f7bac8a71661fb2c3 Copy to Clipboard
SHA1 8d9681e552321b46c8d5dac42cd6fde222d622f6 Copy to Clipboard
SHA256 a76ac78e2c3a78de14368421cf2eb6a2961ee5e868d11f45f4ff30b3800f0c3b Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJaE3Y:qQh4tRMfCqtUJAxNwTBoJ5I Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
2c453257ec94fd8472453c8e2c76c7b4292284496601f7019b803bdc2dcd4cc5 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 e7cf79b799521b5ed8faf73251bb584f Copy to Clipboard
SHA1 3a16a7d0f34fafb33410adf49015540bf872147d Copy to Clipboard
SHA256 2c453257ec94fd8472453c8e2c76c7b4292284496601f7019b803bdc2dcd4cc5 Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE3N:qQh4tRMfCqtUJAxNwTBoJad Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
eec5f58303e66804381bc63c9c19585b2b31555df112617469dd6d5e254abb6b Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 ebe7831398d044bfcee49250a0e416b1 Copy to Clipboard
SHA1 53c31f63d6dfa4d11961c6431a8717cc2d5a917d Copy to Clipboard
SHA256 eec5f58303e66804381bc63c9c19585b2b31555df112617469dd6d5e254abb6b Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE3u:qQh4tRMfCqtUJAxNwTBoJae Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
3aefe973953b67b18b73e52fa9dbf86cd669afc8be25abb2921cb2a69ac022a8 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 40bcac617fe8afbece996c623cafb92c Copy to Clipboard
SHA1 86d3b508cd2cf061ea22d9af72ad6ef8421ae225 Copy to Clipboard
SHA256 3aefe973953b67b18b73e52fa9dbf86cd669afc8be25abb2921cb2a69ac022a8 Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE3d:qQh4tRMfCqtUJAxNwTBoJat Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
901c854fc780439022d390bc61c86567557b76148ed1359d65a822a69299d9e2 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 56f07b2a120cc919a4b98a7b5f5d9644 Copy to Clipboard
SHA1 4528b0461a1141c717d0b99ec470fbd2212ab3e6 Copy to Clipboard
SHA256 901c854fc780439022d390bc61c86567557b76148ed1359d65a822a69299d9e2 Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE3I:qQh4tRMfCqtUJAxNwTBoJa4 Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
8e006303a02afc6effd9d3026d306894de74b1b53b61930f6001622569a0d7fe Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 87df774f30193cc01483ffd411dc7158 Copy to Clipboard
SHA1 039c9840da48da3f9913a67800534a801a57256b Copy to Clipboard
SHA256 8e006303a02afc6effd9d3026d306894de74b1b53b61930f6001622569a0d7fe Copy to Clipboard
SSDeep 3072:hVgkjVmq2wV6L94aQRaAhVCJrMbF8TBfw6GEI:92wA4jRPhVCJIbF8TBo6FI Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.43
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.2
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
9e27c9862f9d2d9d17382129c19103374e0aeca45b5d8a21ed8622a3278f8c2e Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 0eca7b6f62bb3f43b5b0062232bbad29 Copy to Clipboard
SHA1 2963bf942d8590b5cdce9a9f07447ae54278e0c7 Copy to Clipboard
SHA256 9e27c9862f9d2d9d17382129c19103374e0aeca45b5d8a21ed8622a3278f8c2e Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE3g:qQh4tRMfCqtUJAxNwTBoJaQ Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
706cc85bafdfd8e6dd25276ccb6645fac4d62cf2aa561f697752b29d72c5ce3a Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 c582c6524d2d61cc65f72797bfc6d601 Copy to Clipboard
SHA1 662618f1264759b792112b39d3a8cfa390245fe6 Copy to Clipboard
SHA256 706cc85bafdfd8e6dd25276ccb6645fac4d62cf2aa561f697752b29d72c5ce3a Copy to Clipboard
SSDeep 3072:hVgkjVmq2wV6L94aQRaAhVCJrMbF8TBfw6GE8:92wA4jRPhVCJIbF8TBo6F8 Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.43
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.2
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
68e812f784a30167e426ff2d97a14e8e982af0f92fcd751337123cd1dd5e3880 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 170bd2467f832c78df2558013fd3cd23 Copy to Clipboard
SHA1 25365e771b903028fdff8f8abf7d5856ad7ff02d Copy to Clipboard
SHA256 68e812f784a30167e426ff2d97a14e8e982af0f92fcd751337123cd1dd5e3880 Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE3o:qQh4tRMfCqtUJAxNwTBoJa4 Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
e781e1b53dce170ddb3c47cb2f3ab750cad93b8d275740e42910fa061e7f50c3 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 ad1d93c17ce93cfabc9ebc72bd146c75 Copy to Clipboard
SHA1 4ed8b7ab6763025aa1da56d824ce9a07e72f73a3 Copy to Clipboard
SHA256 e781e1b53dce170ddb3c47cb2f3ab750cad93b8d275740e42910fa061e7f50c3 Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE3W:qQh4tRMfCqtUJAxNwTBoJam Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
58a13110375501937d22a0e47c691fbd9f2504f164542380957bdb46e1d5cab8 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 5de1f5a366f0192cec3365d3dbf1766a Copy to Clipboard
SHA1 6bb25da02996644ec460833e794254c152f8bd99 Copy to Clipboard
SHA256 58a13110375501937d22a0e47c691fbd9f2504f164542380957bdb46e1d5cab8 Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE3l:qQh4tRMfCqtUJAxNwTBoJa1 Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
fb98f7cacf25a90af7f16057bc97c1af62930f697299902e02c8ff6c56126b51 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 c8c614230a9a82824da325182fa38987 Copy to Clipboard
SHA1 35f4ada2f284a7f3ba3637daccc557361d9685db Copy to Clipboard
SHA256 fb98f7cacf25a90af7f16057bc97c1af62930f697299902e02c8ff6c56126b51 Copy to Clipboard
SSDeep 3072:hVgkjVmq2wV6L94aQRaAhVCJrMbF8TBfw6GEp:92wA4jRPhVCJIbF8TBo6Fp Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.43
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.2
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
eb8ef298a407ff57551912ad2148ad1ce79978e3e5b966ae6e433e02e75a4a9e Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 dbf8a9842cdcfb27b16b489aa6c307fe Copy to Clipboard
SHA1 b1e99d31bb9b6418d560af4fc08bf2619286661f Copy to Clipboard
SHA256 eb8ef298a407ff57551912ad2148ad1ce79978e3e5b966ae6e433e02e75a4a9e Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJaE3T:qQh4tRMfCqtUJAxNwTBoJ5D Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
8a62499ecd55f03e9bf31e992b2d265f390f2b685cbe424ff646cf7f754aab0f Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 59c24bb588f9bef118341fde2de7e789 Copy to Clipboard
SHA1 27a6cdec4b3ddca7ecf73113c40ae3c6e974cdbd Copy to Clipboard
SHA256 8a62499ecd55f03e9bf31e992b2d265f390f2b685cbe424ff646cf7f754aab0f Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE34:qQh4tRMfCqtUJAxNwTBoJao Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
b1a95272d923a1381dcad7f46ae5129d38cf637ed3dac661bcdf24ca0788ace0 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 c6536c9b9106a4399b8b907354e5e40c Copy to Clipboard
SHA1 a7963ac9f245ae20f0b077093e8e9e60c3f17580 Copy to Clipboard
SHA256 b1a95272d923a1381dcad7f46ae5129d38cf637ed3dac661bcdf24ca0788ace0 Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE3u:qQh4tRMfCqtUJAxNwTBoJae Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
b71e25bb5b84e29abcedce0eca026586732f14c443e9fc846334e6b958b1d41c Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 1b093039caa602ef5fd58c2a55d9cd46 Copy to Clipboard
SHA1 a47914a05d951eaecda5f615a1df453d715f9760 Copy to Clipboard
SHA256 b71e25bb5b84e29abcedce0eca026586732f14c443e9fc846334e6b958b1d41c Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJaE3W:qQh4tRMfCqtUJAxNwTBoJ5G Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
26dea646f5cf8d05dd41f7557482a019b8cf5724e5529a6397c21fdc78155fc2 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 6eb79547fa38b98263789b5293228ebb Copy to Clipboard
SHA1 88b007459a9a14aa072a076c302402bc85d8f3ea Copy to Clipboard
SHA256 26dea646f5cf8d05dd41f7557482a019b8cf5724e5529a6397c21fdc78155fc2 Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE3w:qQh4tRMfCqtUJAxNwTBoJag Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
5fa0938891f533bb6600b9876f1d8b481913a3a9a201f051d30861959bb8904d Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 9585c07ef8e64ddd8053e51cda157391 Copy to Clipboard
SHA1 a17e2e26d753f797f60c24e8a527c0bb393bceee Copy to Clipboard
SHA256 5fa0938891f533bb6600b9876f1d8b481913a3a9a201f051d30861959bb8904d Copy to Clipboard
SSDeep 3072:hFQGpV0kS95ObbMv8mCOihAAfBqJZmtfVcTBfw8mEE:VS9kPyCVh1fBqJEtfVcTBI8lE Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.45
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
90271ff4fb9f86f62c8ba58fde9a587029e14ac9436e39492cfcec81c2f3a483 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 be5d6cd6c02a2a17165ae88debc04312 Copy to Clipboard
SHA1 015b1a0edb36111821a0e8e9d552772bc78cfb8c Copy to Clipboard
SHA256 90271ff4fb9f86f62c8ba58fde9a587029e14ac9436e39492cfcec81c2f3a483 Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE39:qQh4tRMfCqtUJAxNwTBoJat Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
a9ea314d77adb0c8343d548a26a2d21a27654d83b5886b6586f5100eb64c130b Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 79e4fa93ffd6f38e494a36b8715c6c51 Copy to Clipboard
SHA1 eb1d452b98d8cd9166eabcb7803af7c2a5b1ccef Copy to Clipboard
SHA256 a9ea314d77adb0c8343d548a26a2d21a27654d83b5886b6586f5100eb64c130b Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE3K:qQh4tRMfCqtUJAxNwTBoJaa Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
746c30d1333cdbcb905d9c57507760854b42d74cb2f6bc2a7995e9b8b74a3682 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 5d02005f31cc72453d8a0d75d311a478 Copy to Clipboard
SHA1 4dcd9198c394411498811be24d97179539e4358f Copy to Clipboard
SHA256 746c30d1333cdbcb905d9c57507760854b42d74cb2f6bc2a7995e9b8b74a3682 Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJxE3/:qQh4tRMfCqtUJAxNwTBoJav Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
3c9d959373480bb130399318c597fb268cdd0c2431755c67311bd6969b330d05 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 a61189cf7111bd4f8e5279c4b2430500 Copy to Clipboard
SHA1 f3cbecbc720754a81683d8449880af6192ca355e Copy to Clipboard
SHA256 3c9d959373480bb130399318c597fb268cdd0c2431755c67311bd6969b330d05 Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJaE3T:qQh4tRMfCqtUJAxNwTBoJ5D Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
65ba0c1fc8435c1f88c0d2e29cfd6fbeb8d555e1621cdc8c57cbeb3656a92ff9 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 e567baf131b969658acdae44cf4b7569 Copy to Clipboard
SHA1 739ff2ca574bb1bdbebe41312c61da06f7f0e56c Copy to Clipboard
SHA256 65ba0c1fc8435c1f88c0d2e29cfd6fbeb8d555e1621cdc8c57cbeb3656a92ff9 Copy to Clipboard
SSDeep 3072:hjwduVQGTh4OdZgRAFfJAqtUJQnxNwTBfQJaE3j:qQh4tRMfCqtUJAxNwTBoJ5z Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.48
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
b66edd478cb08d34d81c07c2cbd9392e27fcadcd8c72f38133bef89263e2cf82 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 79c3a093b149fbed00df95b10a371ce6 Copy to Clipboard
SHA1 dec24c508541ce08a2437058d2dffecd2d396e03 Copy to Clipboard
SHA256 b66edd478cb08d34d81c07c2cbd9392e27fcadcd8c72f38133bef89263e2cf82 Copy to Clipboard
SSDeep 3072:hVgkjVmq2wV6L94aQRaAhVCJrMbF8TBfw6GE0:92wA4jRPhVCJIbF8TBo6F0 Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.43
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.2
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.83
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.86
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
d0b78a7ad2f6b8adea6857c9bf097609246a125461a2e774f6d003d15fd0c239 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 130.00 KB
MD5 1541e2de8ae3ce5e90a96b25f9549e0c Copy to Clipboard
SHA1 2f45a58360ba2463a7b2dd45b4014e596d5657ea Copy to Clipboard
SHA256 d0b78a7ad2f6b8adea6857c9bf097609246a125461a2e774f6d003d15fd0c239 Copy to Clipboard
SSDeep 3072:hFQGpV0kS95ObbMv8mCOihAAfBqJZmtfWgcTBfw8mEE:VS9kPyCVh1fBqJEtfWgcTBI8lE Copy to Clipboard
ImpHash e691d2d770fea3e99dbc2a226b1d5802 Copy to Clipboard
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-13 15:30 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018648 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.56
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.97
.data 0x1001F000 0x000020D4 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.85
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.29
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.43
Imports (6)
»
msvcrt.dll (18)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_snprintf - 0x1001A0F4 0x0001E2C4 0x0001CEC4 0x000002F5
memchr - 0x1001A0F8 0x0001E2C8 0x0001CEC8 0x000004AE
malloc - 0x1001A0FC 0x0001E2CC 0x0001CECC 0x000004A4
_errno - 0x1001A100 0x0001E2D0 0x0001CED0 0x0000011C
_strtoi64 - 0x1001A104 0x0001E2D4 0x0001CED4 0x0000033A
_vsnprintf - 0x1001A108 0x0001E2D8 0x0001CED8 0x0000038E
memset - 0x1001A10C 0x0001E2DC 0x0001CEDC 0x000004B4
qsort - 0x1001A110 0x0001E2E0 0x0001CEE0 0x000004C0
_ftol2_sse - 0x1001A114 0x0001E2E4 0x0001CEE4 0x0000015B
_vsnwprintf - 0x1001A118 0x0001E2E8 0x0001CEE8 0x00000394
free - 0x1001A11C 0x0001E2EC 0x0001CEEC 0x0000046C
_time64 - 0x1001A120 0x0001E2F0 0x0001CEF0 0x00000354
strncpy - 0x1001A124 0x0001E2F4 0x0001CEF4 0x000004E6
strchr - 0x1001A128 0x0001E2F8 0x0001CEF8 0x000004D9
strtod - 0x1001A12C 0x0001E2FC 0x0001CEFC 0x000004ED
localeconv - 0x1001A130 0x0001E300 0x0001CF00 0x0000049F
memcpy - 0x1001A134 0x0001E304 0x0001CF04 0x000004B0
atol - 0x1001A138 0x0001E308 0x0001CF08 0x00000447
KERNEL32.dll (47)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
FindNextFileW - 0x1001A000 0x0001E1D0 0x0001CDD0 0x0000018F
GetTickCount - 0x1001A004 0x0001E1D4 0x0001CDD4 0x0000030A
SetThreadPriority - 0x1001A008 0x0001E1D8 0x0001CDD8 0x00000562
FlushFileBuffers - 0x1001A00C 0x0001E1DC 0x0001CDDC 0x000001A2
LocalAlloc - 0x1001A010 0x0001E1E0 0x0001CDE0 0x000003CE
GetExitCodeProcess - 0x1001A014 0x0001E1E4 0x0001CDE4 0x0000023F
GetSystemTimeAsFileTime - 0x1001A018 0x0001E1E8 0x0001CDE8 0x000002EC
GetFileAttributesW - 0x1001A01C 0x0001E1EC 0x0001CDEC 0x00000248
MultiByteToWideChar - 0x1001A020 0x0001E1F0 0x0001CDF0 0x000003F3
SetCurrentDirectoryA - 0x1001A024 0x0001E1F4 0x0001CDF4 0x0000050A
Sleep - 0x1001A028 0x0001E1F8 0x0001CDF8 0x00000581
lstrcmpiW - 0x1001A02C 0x0001E1FC 0x0001CDFC 0x00000637
GetDriveTypeW - 0x1001A030 0x0001E200 0x0001CE00 0x00000232
GetLastError - 0x1001A034 0x0001E204 0x0001CE04 0x00000264
CreateDirectoryW - 0x1001A038 0x0001E208 0x0001CE08 0x000000BD
lstrcatA - 0x1001A03C 0x0001E20C 0x0001CE0C 0x00000630
CreateMutexW - 0x1001A040 0x0001E210 0x0001CE10 0x000000DD
GetCurrentThread - 0x1001A044 0x0001E214 0x0001CE14 0x0000021E
GetProcessId - 0x1001A048 0x0001E218 0x0001CE18 0x000002B9
DisconnectNamedPipe - 0x1001A04C 0x0001E21C 0x0001CE1C 0x00000125
lstrcmpA - 0x1001A050 0x0001E220 0x0001CE20 0x00000633
K32GetModuleFileNameExW - 0x1001A054 0x0001E224 0x0001CE24 0x000003A7
MoveFileW - 0x1001A058 0x0001E228 0x0001CE28 0x000003EF
ExitThread - 0x1001A05C 0x0001E22C 0x0001CE2C 0x00000162
GetNumberFormatA - 0x1001A060 0x0001E230 0x0001CE30 0x00000294
GetCurrentProcessId - 0x1001A064 0x0001E234 0x0001CE34 0x0000021B
SwitchToThread - 0x1001A068 0x0001E238 0x0001CE38 0x0000058B
GetModuleHandleW - 0x1001A06C 0x0001E23C 0x0001CE3C 0x0000027B
GetProcAddress - 0x1001A070 0x0001E240 0x0001CE40 0x000002B1
HeapCreate - 0x1001A074 0x0001E244 0x0001CE44 0x0000034A
HeapFree - 0x1001A078 0x0001E248 0x0001CE48 0x0000034C
HeapAlloc - 0x1001A07C 0x0001E24C 0x0001CE4C 0x00000348
GetModuleHandleA - 0x1001A080 0x0001E250 0x0001CE50 0x00000278
LoadLibraryA - 0x1001A084 0x0001E254 0x0001CE54 0x000003C5
GetCurrentProcess - 0x1001A088 0x0001E258 0x0001CE58 0x0000021A
lstrcatW - 0x1001A08C 0x0001E25C 0x0001CE5C 0x00000631
WideCharToMultiByte - 0x1001A090 0x0001E260 0x0001CE60 0x00000602
FindFirstFileW - 0x1001A094 0x0001E264 0x0001CE64 0x00000183
GetWindowsDirectoryW - 0x1001A098 0x0001E268 0x0001CE68 0x00000329
SetFileAttributesW - 0x1001A09C 0x0001E26C 0x0001CE6C 0x0000051F
lstrlenW - 0x1001A0A0 0x0001E270 0x0001CE70 0x00000640
LoadLibraryW - 0x1001A0A4 0x0001E274 0x0001CE74 0x000003C8
FreeLibrary - 0x1001A0A8 0x0001E278 0x0001CE78 0x000001AE
GetCommandLineW - 0x1001A0AC 0x0001E27C 0x0001CE7C 0x000001DA
GetVersionExA - 0x1001A0B0 0x0001E280 0x0001CE80 0x0000031D
GetSystemInfo - 0x1001A0B4 0x0001E284 0x0001CE84 0x000002E6
GetCurrentDirectoryW - 0x1001A0B8 0x0001E288 0x0001CE88 0x00000214
USER32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CharUpperBuffA - 0x1001A0E8 0x0001E2B8 0x0001CEB8 0x0000003D
CharUpperBuffW - 0x1001A0EC 0x0001E2BC 0x0001CEBC 0x0000003E
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CommandLineToArgvW - 0x1001A0E0 0x0001E2B0 0x0001CEB0 0x00000008
ole32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoCreateInstance - 0x1001A140 0x0001E310 0x0001CF10 0x00000028
CoInitializeEx - 0x1001A144 0x0001E314 0x0001CF14 0x0000005E
CoSetProxyBlanket - 0x1001A148 0x0001E318 0x0001CF18 0x00000084
CoInitializeSecurity - 0x1001A14C 0x0001E31C 0x0001CF1C 0x0000005F
OLEAUT32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SafeArrayGetLBound 0x00000014 0x1001A0C0 0x0001E290 0x0001CE90 -
SysFreeString 0x00000006 0x1001A0C4 0x0001E294 0x0001CE94 -
SysAllocString 0x00000002 0x1001A0C8 0x0001E298 0x0001CE98 -
VariantClear 0x00000009 0x1001A0CC 0x0001E29C 0x0001CE9C -
SafeArrayGetUBound 0x00000013 0x1001A0D0 0x0001E2A0 0x0001CEA0 -
SafeArrayDestroy 0x00000010 0x1001A0D4 0x0001E2A4 0x0001CEA4 -
SafeArrayGetElement 0x00000019 0x1001A0D8 0x0001E2A8 0x0001CEA8 -
Exports (1)
»
API Name EAT Address Ordinal
must 0x00001000 0x00000001
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
c:\wkssvc Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes (not extracted)
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 128 Bytes
MD5 cc90851958032b8c8bbb7b24ec6271dd Copy to Clipboard
SHA1 e027ad2ea4049374a3b01af2e3626b667dc816bc Copy to Clipboard
SHA256 c2d814a34b184b7cdf10e4e7a4311ff15db99326d6dd8d328b53bf9e19ccf858 Copy to Clipboard
SSDeep 3:Fl: Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image