Static Analysis

PE Compile Time

2021-09-27 19:30:19

PE Imphash

7b3bf330d8b8bdc633b50cd4fbfebe95

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00016718 0x00016800 6.63166798693
.rdata 0x00018000 0x000047d8 0x00004800 6.99363470745
.data 0x0001d000 0x00001790 0x00001800 7.7276025971
.rsrc 0x0001f000 0x000004f8 0x00000600 7.27848574452
.reloc 0x00020000 0x00000c08 0x00000e00 6.21409848529

Resources

Name Offset Size Language Sub-language File type
RT_RCDATA 0x0001f4cc 0x00000029 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_RCDATA 0x0001f4cc 0x00000029 LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library WS2_32.dll:
0x6d528104 inet_ntoa
Library msvcrt.dll:
0x6d52810c localeconv
0x6d528110 strtod
0x6d528114 strchr
0x6d528118 strncpy
0x6d52811c _time64
0x6d528120 malloc
0x6d528124 free
0x6d528128 memset
0x6d52812c memchr
0x6d528130 _strtoi64
0x6d528134 _ftol2_sse
0x6d528138 _vsnwprintf
0x6d52813c memcpy
0x6d528140 atol
0x6d528144 _errno
0x6d528148 qsort
0x6d52814c _snprintf
0x6d528150 _vsnprintf
Library KERNEL32.dll:
0x6d528000 GetWindowsDirectoryW
0x6d528004 GetSystemInfo
0x6d528008 GetTickCount
0x6d52800c LoadLibraryW
0x6d528010 FlushFileBuffers
0x6d528014 GetVersionExA
0x6d528018 lstrcmpiA
0x6d52801c LocalAlloc
0x6d528020 SetFileAttributesW
0x6d528024 FindNextFileW
0x6d528028 FindFirstFileW
0x6d52802c GetExitCodeProcess
0x6d528030 GetCurrentProcess
0x6d528034 CreateMutexA
0x6d528038 lstrcmpA
0x6d52803c DuplicateHandle
0x6d528040 GetCurrentThread
0x6d528044 lstrcpynA
0x6d528048 GetLastError
0x6d52804c lstrcatA
0x6d528050 CreateDirectoryW
0x6d528054 DisconnectNamedPipe
0x6d528058 lstrcpynW
0x6d52805c GetProcessId
0x6d528060 lstrcatW
0x6d528064 lstrcpyW
0x6d528068 GetCurrentProcessId
0x6d52806c lstrcmpiW
0x6d528070 SetLastError
0x6d528074 OutputDebugStringA
0x6d528078 GetModuleFileNameW
0x6d52807c GetFileAttributesW
0x6d528080 GetModuleHandleA
0x6d528084 MultiByteToWideChar
0x6d528088 GetDriveTypeW
0x6d528090 MoveFileW
0x6d528094 SwitchToThread
0x6d528098 GetProcAddress
0x6d52809c HeapCreate
0x6d5280a0 HeapFree
0x6d5280a4 HeapAlloc
0x6d5280a8 WideCharToMultiByte
0x6d5280ac LoadLibraryA
0x6d5280b0 FreeLibrary
0x6d5280b8 SetThreadPriority
0x6d5280bc CreatePipe
Library USER32.dll:
0x6d5280e4 DestroyWindow
0x6d5280e8 CreateWindowExA
0x6d5280ec UnregisterClassA
0x6d5280f0 RegisterClassExA
0x6d5280f4 CharUpperBuffA
0x6d5280f8 DefWindowProcA
0x6d5280fc CharUpperBuffW
Library ole32.dll:
0x6d528158 CoInitializeSecurity
0x6d52815c CoSetProxyBlanket
0x6d528160 CoCreateInstance
0x6d528164 CoInitializeEx
Library OLEAUT32.dll:
0x6d5280c4 SafeArrayDestroy
0x6d5280c8 SafeArrayGetUBound
0x6d5280cc SafeArrayGetElement
0x6d5280d0 SafeArrayGetLBound
0x6d5280d4 SysFreeString
0x6d5280d8 VariantClear
0x6d5280dc SysAllocString

Exports

Ordinal Address Name
1 0x6d515e77 DllRegisterServer
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
RmSSj-Z
RmdSVW3
Xj@YjCf
t{SVSSjdh
RmVhW1Qm
RmVSSh
RmSVW3
SVWj13
WuOjF_jG
u,WWSV
toSVVVVj
t?VVSWj
t(jZ^3
RmSVWj
QQSVW3
GYY;>r
RmVWQj
QQVWj7Y
RmSVW3
\SVWjD^V3
RmSVWj@h
RmVWQ3
PSSSSSSh
QQQQQQQj
RmVVVj
PRRRRRRR3
PWWWWWWj
_^[u!j
t<WWWWjdh
RmSPQP
RmWWWj
WWWWPQ
$SVWh[
$SVWhF
$SVWh[
YY_^[3
F<_^[]
YYj0[;
<]YYuD
~<:YYueSV
YY_^[]
F,+N\;
Fl+Fp=
f+NdfI
)~p)~l)~\V
Fast decoding Code from Chris Anderson
invalid literal/length code
invalid distance code
invalid distance too far back
wkPSQR
Genuu8
ntelu0
ineIu(
asm686 with masm, optimised assembly code from Brian Raiter, written 1998
\u%04X
\u%04X\u%04X
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
ole32.dll
kernel32.dll
GetProcAddress
deflate 1.2.11 Copyright 1995-2017 Jean-loup Gailly and Mark Adler
Qkkbal
[-&LMb#{'
w+OQvr
INSKyu
)\ZEo^m/
H*0"ZOW
mj>zjZ
IiGM>nw
ewh/?y
OZw3(?
V_:X1:
inflate 1.2.11 Copyright 1995-2017 Mark Adler
Rmneed dictionary
stream end
file error
stream error
data error
insufficient memory
buffer error
incompatible version
u."|P3J
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
|$$$}rstuvwxyz{$$$$$$$>?@ABCDEFGHIJKLMNOPQRSTUVW$$$$$$XYZ[\]^_`abcdefghijklmnopq
%u;%u;%u
%u;%u;%u;
Global
Hello qqq
%u&%s&%u
sadccdcdsasa
cdcdwqwqwq
advapi32.dll
%u.%u.%u.%u.%u.%u.%04x
LocalLow
1.2.11
stager_1.dll
DllRegisterServer
.text$mn
.idata$5
.rdata
.edata
.rdata$voltmd
.rdata$zzzdbg
.idata$2
.idata$3
.idata$4
.idata$6
WS2_32.dll
_vsnprintf
_snprintf
_errno
_strtoi64
memchr
memset
malloc
_time64
strncpy
strchr
strtod
localeconv
msvcrt.dll
GetCurrentProcess
CreateMutexA
lstrcmpA
DuplicateHandle
GetCurrentThread
lstrcpynA
GetLastError
lstrcatA
CreateDirectoryW
DisconnectNamedPipe
lstrcpynW
GetProcessId
lstrcatW
lstrcpyW
GetCurrentProcessId
lstrcmpiW
SetLastError
OutputDebugStringA
GetModuleFileNameW
GetFileAttributesW
GetModuleHandleA
MultiByteToWideChar
GetDriveTypeW
K32GetModuleFileNameExW
MoveFileW
SwitchToThread
GetProcAddress
HeapCreate
HeapFree
HeapAlloc
WideCharToMultiByte
LoadLibraryA
FreeLibrary
lstrcmpiA
GetSystemTimeAsFileTime
SetThreadPriority
CreatePipe
GetExitCodeProcess
FindFirstFileW
FindNextFileW
SetFileAttributesW
LocalAlloc
FlushFileBuffers
LoadLibraryW
GetVersionExA
GetSystemInfo
GetWindowsDirectoryW
GetTickCount
KERNEL32.dll
CharUpperBuffA
CharUpperBuffW
RegisterClassExA
UnregisterClassA
CreateWindowExA
DefWindowProcA
DestroyWindow
USER32.dll
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
ole32.dll
OLEAUT32.dll
_vsnwprintf
_ftol2_sse
memcpy
]36nP)jO
2]j<%Gj.
Q6)[+D
{9<[lO
v8.\bo
i>4_'Y
2eir!
}1-/5_
fwY|7I
|86Z2Z
`8*@$_
d6wJ:N
wW<H7B
e>7\6J
q65CbH
}$6I6w
|!wK.G
wWwJ:N
w/</gX
a#,Y5S
d2Y]-D
w$:]+[
T>5J1!
{%<\*J
H8x(+V
vK:}<\+32
PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
1#151=1S1Y1d1j1
4-525C5H5v5
:#:N:b:r:
;>;C;f;m;|;
<'<-<6<;<b<{<
=!=&=0=F=U=[=d=j=
0=1^2f3
9"9'9/9:9F9S9j9v9
;+;2;8;M;];v;
>0?6?e?n?y?
0"0-040F0L0S0`0~0
1(2C2N2`2p2v2
6;7Y7g7
;#;+;1;=;O;c;v;
=A=O=f=o=|=
=&>o>{>
=$=+=7=D=m=
>!>+>D>
?:?X?f?r?
1!2E2P2]2e2l2z2
5<5t5{5
5E6P6V6c6
6!727E7o7
7B8S8}8
9)949N9
9B:U:Z:
<*<8<P<i<
==N=b=
>B>O>x>
?!?2?:?K?S?^?o?u?
0/0E0O0f0
4(4H4T4
:3:|:&;
;G<R<g<~<
=.>E>W>z>
2}3u4}4&7
3(3I3c3y3
424C4T4g4
B1i1)2e2
5@6e7q7
778]8j8y8
9,9G9a9j9}9
:%:<:B:H:W:_:v:
=#=B=_=
;*<7<Y<k<
=6=F=O=b=w=
>A>V>|>
2/2G2_2u2
3"424Q4e4F5
838_8}8
;4;A;l;
<-<\<u<
=4>F>R>d>
0 0N0a0
4%4A4G4
6+6Q6^6k6s6x6
8&8M8g8
9909I9-:
;%;:;M;\;g;
1070m0
3'363<3L3U3k3q3
9(:-:;:
:);Q;#<
?#?b?y?
0"2)2d2j2
5%505t5.6L6
8%8B8`8
9G9L9W9b9
0'1A1P1U1
8+8a89D9
:":Q:q:{:
;$;Y;k;~;
<P<^<k<
J2&303B3N3]3
8D9H9L9P9T9X9\9`9d9h9l9p9t9
9:':B:H:`:h:
I2_2j2
I1U2i2
(0X0_0n0u0
1"1<1C1O1Y1s1z1
2K2R2a2h2
d4l4t4|4
#+3;CScs
SystemDrive
USERPROFILE
REG_DWORD
REG_SZ
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Qbot.11!c
Elastic Windows.Trojan.Qbot
ClamAV Win.Keylogger.Qakbot-9916943-1
CMC Clean
CAT-QuickHeal Trojan.Ghanarava.1713912989f2da90
Skyhigh BehavesLike.Win32.Dropper.ch
ALYac Gen:Variant.Razy.950267
Cylance Unsafe
Zillya Trojan.Qbot.Win32.14044
Sangfor Banker.Win32.Qbot.Vq28
CrowdStrike win/malicious_confidence_100% (W)
Alibaba TrojanBanker:Win32/Qakbot.7c262761
K7GW Riskware ( 0040eff71 )
K7AntiVirus Riskware ( 0040eff71 )
Baidu Clean
VirIT Clean
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of Win32/Qbot.DM
APEX Malicious
Avast Win32:BankerX-gen [Trj]
Cynet Malicious (score: 100)
Kaspersky Trojan-Banker.Win32.Qbot.acpa
BitDefender Gen:Variant.Razy.950267
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Gen:Variant.Razy.950267
Tencent Win32.Trojan-Banker.Qbot.Qqil
Sophos Troj/Qbot-IB
F-Secure Heuristic.HEUR/AGEN.1302363
DrWeb Clean
VIPRE Gen:Variant.Razy.950267
TrendMicro Clean
McAfeeD ti!78ECEB27A491
Trapmine malicious.high.ml.score
CTX dll.unknown.razy
Emsisoft Gen:Variant.Razy.950267 (B)
huorong Trojan/Injector.ahv
FireEye Generic.mg.32d985df8494a57c
Jiangmin Clean
Webroot Clean
Varist W32/Qbot.GD.gen!Eldorado
Avira HEUR/AGEN.1302363
Fortinet W32/Qbot.DK!tr
Antiy-AVL Trojan/Win32.Qbot
Kingsoft malware.kb.a.777
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.Razy.DE7FFB
SUPERAntiSpyware Clean
Microsoft Trojan:Win32/Qakbot.AD!MTB
Google Detected
AhnLab-V3 Trojan/Win.QakBot.C4634013
Acronis Clean
McAfee Trojan-FTYB!32D985DF8494
TACHYON Clean
VBA32 Trojan.LE.0719
Malwarebytes Backdoor.Qbot
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall Clean
Rising Backdoor.Qakbot!1.F0E4 (CLASSIC)
Yandex Trojan.PWS.Qbot!zswdJ58p4fg
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.192226519.susgen
GData Gen:Variant.Razy.950267
AVG Win32:BankerX-gen [Trj]
DeepInstinct MALICIOUS
alibabacloud Trojan[spy]:Win/Banker.JTH
IRMA Signature
ESET Security (Windows) a variant of Win32/Qbot.DM trojan
Avast Core Security (Linux) Win32:BankerX-gen [Trj]
C4S ClamAV (Linux) Win.Keylogger.Qakbot-9916943-1
F-Secure Antivirus (Linux) Heuristic.HEUR/AGEN.1302363 [Aquarius]
McAfee CLI scanner (Linux) Trojan-FTYB
Bitdefender Antivirus (Linux) Gen:Variant.Razy.950267
G Data Antivirus (Windows) Virus: Gen:Variant.Razy.950267 (Engine A)
Sophos Anti-Virus (Linux) Troj/Qbot-IB
DrWeb Antivirus (Linux) Clean
Trend Micro SProtect (Linux) Clean
ClamAV (Linux) Win.Keylogger.Qakbot-9916943-1
eScan Antivirus (Linux) Gen:Variant.Razy.950267(DB)
Kaspersky Standard (Windows) UDS:Trojan-Banker.Win32.Qbot.acpa
Emsisoft Commandline Scanner (Windows) Gen:Variant.Razy.950267 (B)
Cuckoo

We're processing your submission... This could take a few seconds.