Try VMRay Platform
Malicious
Classifications

Trojan Banker Injector

Threat Names

QBot

Dynamic Analysis Report

Created on 2023-06-22T22:39:30+00:00

286512f7ef23bd2b9e331775433fa3a00832bb9e701ad4ec1e7fe8bd00026e72.js

JScript
...

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "52 minutes, 37 seconds" to "3 minutes, 30 seconds" to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\kEecfMwgj\Desktop\286512f7ef23bd2b9e331775433fa3a00832bb9e701ad4ec1e7fe8bd00026e72.js Sample File JavaScript
Malicious
...
»
Also Known As C:\Users\KEECFM~1\Desktop\286512f7ef23bd2b9e331775433fa3a00832bb9e701ad4ec1e7fe8bd00026e72.js (Accessed File)
MIME Type text/javascript
File Size 342.39 KB
MD5 cd715954fccde30a32dde3e912bca686 Copy to Clipboard
SHA1 d50561aab1039455d6844e41fc718e5479740251 Copy to Clipboard
SHA256 286512f7ef23bd2b9e331775433fa3a00832bb9e701ad4ec1e7fe8bd00026e72 Copy to Clipboard
SSDeep 6144:bcFYID3OLgu44c/3F1amoAk5MuXvCG8YtnZ593m:fIS1xbC Copy to Clipboard
ImpHash -
b613a90ac58d95c7b0b20c8df883fd6a72e8c148efbab7b19abc461426aa0071 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 0abf10669b3ba06b929e306702c53687 Copy to Clipboard
SHA1 c2d9f2de9d50ab32a5f181c407be214e6ba74429 Copy to Clipboard
SHA256 b613a90ac58d95c7b0b20c8df883fd6a72e8c148efbab7b19abc461426aa0071 Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAm+1bWeMLM:KjwD41/nQS8EXbgMjotJTR8YTB4m8C4 Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
032309a9b307c427dbfea28f3612e777f048be6b46160d0a3c1438c8a096f1ad Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 73be5b5609db6cb7cba2aa4e428ad6a7 Copy to Clipboard
SHA1 6885057e61deabcb1ec6e8f324cc05791d35088d Copy to Clipboard
SHA256 032309a9b307c427dbfea28f3612e777f048be6b46160d0a3c1438c8a096f1ad Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAmp1bWeMzM:KjwD41/nQS8EXbgMjotJTR8YTB4mnCg Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
4b732f20a120b1e323373c67f34c1b1bc6f9a411405ddb46af39264d0c6a8949 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 25ba3d085fb77a11327a63342207fadb Copy to Clipboard
SHA1 e9837f9f47c38d07180a00b15f287fb2e59b2647 Copy to Clipboard
SHA256 4b732f20a120b1e323373c67f34c1b1bc6f9a411405ddb46af39264d0c6a8949 Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAmp1bWeMHM:KjwD41/nQS8EXbgMjotJTR8YTB4mnCs Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
cd890a9c6c0bacf3e2f33f206fc49713d9f0c8982ca254e16362dbb49316e290 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 335b705d6990b0722a2d5f90d29ba948 Copy to Clipboard
SHA1 129954b52f59fb2e9e6f3756eebc74f54d50be40 Copy to Clipboard
SHA256 cd890a9c6c0bacf3e2f33f206fc49713d9f0c8982ca254e16362dbb49316e290 Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAm+1bWeM+M:KjwD41/nQS8EXbgMjotJTR8YTB4m8Ct Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
45507a96fbf43c3f0fb60be634e8f79523d59dd0c27accbf6896bb09744e4473 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 b6cffc142ccad3db6c11ea155cf3d110 Copy to Clipboard
SHA1 7a1f16df9b33dbe5c4cdf9204c2b6a6e4cbd4f1d Copy to Clipboard
SHA256 45507a96fbf43c3f0fb60be634e8f79523d59dd0c27accbf6896bb09744e4473 Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAmp1bWeMDM:KjwD41/nQS8EXbgMjotJTR8YTB4mnCw Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
63a7fd6620975a43fe615201d6d018923d4ad569e40b00dc004b73da971012a6 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 61172bccbfc2cf50f748fa736e7f4b71 Copy to Clipboard
SHA1 4b6ce1e026e82dda71ff7cab906068d0cdd0ad6a Copy to Clipboard
SHA256 63a7fd6620975a43fe615201d6d018923d4ad569e40b00dc004b73da971012a6 Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAm+1bWeMfM:KjwD41/nQS8EXbgMjotJTR8YTB4m8Ck Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
80474bd0da0298f95574efb5c210c215b3e63b09ae4bdf2954d9359302e6c1db Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 f41b19aa43fd114c14baf27e10dd4355 Copy to Clipboard
SHA1 d68a21599985d75fcc9756ead53606ff3458e838 Copy to Clipboard
SHA256 80474bd0da0298f95574efb5c210c215b3e63b09ae4bdf2954d9359302e6c1db Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAmp1bWeMfM:KjwD41/nQS8EXbgMjotJTR8YTB4mnCk Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
f141ed4718577508cf2fbbd1e711fe1f897faa8104063fee246118d128e9dd2f Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 4b03668f77fb1264c8929cbe0f90a5a3 Copy to Clipboard
SHA1 b2144e959dda8091a0c31da0a65496929d6619d5 Copy to Clipboard
SHA256 f141ed4718577508cf2fbbd1e711fe1f897faa8104063fee246118d128e9dd2f Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAmp1bWeM5M:KjwD41/nQS8EXbgMjotJTR8YTB4mnCC Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
ab52091cf0a04147b1345060ffce20ceae7d2025b143e612e53497eb6c76f223 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 43f312e2b78796ef79dd121ef65d3dfc Copy to Clipboard
SHA1 3260fe4e1a1d54149f3033861fd54ded140c9819 Copy to Clipboard
SHA256 ab52091cf0a04147b1345060ffce20ceae7d2025b143e612e53497eb6c76f223 Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAmp1bWeMtM:KjwD41/nQS8EXbgMjotJTR8YTB4mnC+ Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
fbcdad46748ac9f52b0b2eaddf5a53c048ce0fae9073c4b6c6ba46be63a35306 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 f397d2cf0bee7d33570b2a649044b522 Copy to Clipboard
SHA1 cbb1519a0e754795459ce9a91b3249364a362f0b Copy to Clipboard
SHA256 fbcdad46748ac9f52b0b2eaddf5a53c048ce0fae9073c4b6c6ba46be63a35306 Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAmp1bWeMpM:KjwD41/nQS8EXbgMjotJTR8YTB4mnCy Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
2beaed0553baeaf07cae189d3dd46a0c75db748939465fcbbfc433ac01d6fda6 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 46d4d6266b0f6d4554c2018b1c902601 Copy to Clipboard
SHA1 9d6c2539fe2c409f93332a3855a8c13841020b03 Copy to Clipboard
SHA256 2beaed0553baeaf07cae189d3dd46a0c75db748939465fcbbfc433ac01d6fda6 Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAmp1bWeMdIM:KjwD41/nQS8EXbgMjotJTR8YTB4mnC5 Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
13d40af569f829be3e0619249e1d4e85cd031981bdf7da2f203eedf553e73722 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 98ac382d6072041f5899ab6564f77068 Copy to Clipboard
SHA1 89340d118cfdf63baafd28162a314e7ad8a53f5d Copy to Clipboard
SHA256 13d40af569f829be3e0619249e1d4e85cd031981bdf7da2f203eedf553e73722 Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAmp1bWeMGM:KjwD41/nQS8EXbgMjotJTR8YTB4mnC1 Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
ffc37458553cfb6651c2e90300c7c4eecb15547e008fa6dd8bdddc71cebab1aa Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 66301f40b1e2c70ad8fe76b94dc692c5 Copy to Clipboard
SHA1 0c2c6cc6f99a2b1912ae9b7714078933caa5f797 Copy to Clipboard
SHA256 ffc37458553cfb6651c2e90300c7c4eecb15547e008fa6dd8bdddc71cebab1aa Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAmp1bWeM0M:KjwD41/nQS8EXbgMjotJTR8YTB4mnCX Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
115ec5439a0e2547fda33ccf4b955e77b91ed68d2d8d6549062ee3b11e9f4f61 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 a4f08064c037a2b8784e78d56fe87302 Copy to Clipboard
SHA1 d1ad666b3d044a36c1c98dc43c8afcbd323c1eae Copy to Clipboard
SHA256 115ec5439a0e2547fda33ccf4b955e77b91ed68d2d8d6549062ee3b11e9f4f61 Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAm+1bWeMWM:KjwD41/nQS8EXbgMjotJTR8YTB4m8CF Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
be21ce0861c1d3535c08c23066a68e87b5c6b054609d011a253e1e1372305314 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 bfcfb5ba4f8819d171cc1abcd6f08037 Copy to Clipboard
SHA1 346e3f936cdf9353c5c9d489397ee1accffa427d Copy to Clipboard
SHA256 be21ce0861c1d3535c08c23066a68e87b5c6b054609d011a253e1e1372305314 Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAmp1bWeMtM:KjwD41/nQS8EXbgMjotJTR8YTB4mnC+ Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
869125e84b5f17c2ab170795f935dfce4e8e07480a65e30db74f8f72c90032d4 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 050b192e39d5ca8bb40ab1c7fff2c19e Copy to Clipboard
SHA1 a06e75d6f3a6f9ab8cf007c945d21ccc79777cf0 Copy to Clipboard
SHA256 869125e84b5f17c2ab170795f935dfce4e8e07480a65e30db74f8f72c90032d4 Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAmp1bWeMuM:KjwD41/nQS8EXbgMjotJTR8YTB4mnCd Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
f1ccbd1b49e91b66131db6864232957529c8ff4be36faeaebafab094b9b7f1ac Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 7199eb803d865d8700082b5cf8ebaed0 Copy to Clipboard
SHA1 334779dc35a9f0edf774b43e7de59e89dd454af5 Copy to Clipboard
SHA256 f1ccbd1b49e91b66131db6864232957529c8ff4be36faeaebafab094b9b7f1ac Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAmp1bWeMzM:KjwD41/nQS8EXbgMjotJTR8YTB4mnCg Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
2b642df909ad9cdab21023cbec39b90e51637fd4b101cdeff2ec4ed8b4798563 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 2dbf8afeab5335458cbb8e9bb8c8da7e Copy to Clipboard
SHA1 35098d4a60b50a1a099fc7a0c238b9fc1a3dc641 Copy to Clipboard
SHA256 2b642df909ad9cdab21023cbec39b90e51637fd4b101cdeff2ec4ed8b4798563 Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAmp1bWeMsM:KjwD41/nQS8EXbgMjotJTR8YTB4mnCv Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
bb652875caa06cb3e161d40678628c781c9977c94c08ac815ad6eece2851e5af Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 d3152bc1eb36823bc41999abac0765f0 Copy to Clipboard
SHA1 dea7718816261bd9c8e7a0f5ba7dd6db1a8d27e2 Copy to Clipboard
SHA256 bb652875caa06cb3e161d40678628c781c9977c94c08ac815ad6eece2851e5af Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAmp1bWeMGM:KjwD41/nQS8EXbgMjotJTR8YTB4mnC1 Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
88520e6aa6c51aba8adf68664b89684afaf565cc77f03848ba04565564badf46 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 73ec2063dd60eb5fc5f570233d2ffe72 Copy to Clipboard
SHA1 1169f564b521aeba9016579ce40bbaac2a8f2919 Copy to Clipboard
SHA256 88520e6aa6c51aba8adf68664b89684afaf565cc77f03848ba04565564badf46 Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAm+1bWeMXM:KjwD41/nQS8EXbgMjotJTR8YTB4m8C8 Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
b50e3b1996333e3f4ba1e5d253c95e0697501f3a0d79a0fd5b5786499587c8bc Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 35c8e8b889f36a0b3d5c71d269a770c9 Copy to Clipboard
SHA1 05eb66fa6a563c1fd484ede96465db22f3143e6a Copy to Clipboard
SHA256 b50e3b1996333e3f4ba1e5d253c95e0697501f3a0d79a0fd5b5786499587c8bc Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAmp1bWeMOIM:KjwD41/nQS8EXbgMjotJTR8YTB4mnCs Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
bb7d8ac37f91af16e0696d9dd83c02ccae35ac281a7215ca2a8f9fac059b4b47 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 ee1876fb8d47929b716e58bddbaa83a3 Copy to Clipboard
SHA1 cc2750f5a5c3eedb63e65b31ff2ca4f259ff0321 Copy to Clipboard
SHA256 bb7d8ac37f91af16e0696d9dd83c02ccae35ac281a7215ca2a8f9fac059b4b47 Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAm+1bWeMOM:KjwD41/nQS8EXbgMjotJTR8YTB4m8C9 Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
780647d96686cd7787cd87f2e84929d0631600f1819c3057607fb31317fad1ad Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 7d82d1846549d88bbff61d1bd7bdfd75 Copy to Clipboard
SHA1 2f5bc17ec80456977eaaa10bd4732f6c2c86020a Copy to Clipboard
SHA256 780647d96686cd7787cd87f2e84929d0631600f1819c3057607fb31317fad1ad Copy to Clipboard
SSDeep 3072:VnPYcZtZHhf+pE90L6+j5zZCb+dJAC8nJxmefscTBfwFy1bWeMhM:5Vh2pE90L6mzZCSdCdnJsefscTBIFwCK Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.44
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.56
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
301e1eab21e947a5af6f9f0feafe7b1d6f7c1e6b8ac0104d7434f40643787c6c Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 b4a02973058205d55b5119a42dd2d405 Copy to Clipboard
SHA1 6141c8da85f6a3221af42de192d902c3bf1e83d4 Copy to Clipboard
SHA256 301e1eab21e947a5af6f9f0feafe7b1d6f7c1e6b8ac0104d7434f40643787c6c Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAmp1bWeM4M:KjwD41/nQS8EXbgMjotJTR8YTB4mnCT Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
9d0bff67d85c5d48863a67eef86fbc4b91779b1f89d41776d45b787aa01fe195 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 6bfccd64dcbd16c86a9ac49544856893 Copy to Clipboard
SHA1 b196305ec3b4e42f2230bfd0e1332984884b2c3e Copy to Clipboard
SHA256 9d0bff67d85c5d48863a67eef86fbc4b91779b1f89d41776d45b787aa01fe195 Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAmp1bWeMGM:KjwD41/nQS8EXbgMjotJTR8YTB4mnC1 Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
f7780b52362249d676a59d3a72ac6ce40f1560c0356a6d064f0f16731dccce55 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 cc260f00c1e9c5640e906ba699122322 Copy to Clipboard
SHA1 2f2d71596c170d21babc902180e0353526cabfba Copy to Clipboard
SHA256 f7780b52362249d676a59d3a72ac6ce40f1560c0356a6d064f0f16731dccce55 Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAm+1bWeMuM:KjwD41/nQS8EXbgMjotJTR8YTB4m8Cd Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
cd3684aea8ac062deb1d8a4c1fa2fb2382da2290528999a49f04a71527860db0 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 349829ce6752047d9b6c2be76fee5216 Copy to Clipboard
SHA1 dcde783d1675a202f02f833cacf1f9e94e31b1dc Copy to Clipboard
SHA256 cd3684aea8ac062deb1d8a4c1fa2fb2382da2290528999a49f04a71527860db0 Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAm+1bWeMFM:KjwD41/nQS8EXbgMjotJTR8YTB4m8C2 Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
ff03c02b94a8594083047efd8522ddc432526f7fe19db7b303d6d26ceb1ec108 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 73ff5284fb0c8b92b4d6c3887baf8fdd Copy to Clipboard
SHA1 50b8af204b5102902133dfaba3957c7608ae48f4 Copy to Clipboard
SHA256 ff03c02b94a8594083047efd8522ddc432526f7fe19db7b303d6d26ceb1ec108 Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAmp1bWeM+M:KjwD41/nQS8EXbgMjotJTR8YTB4mnCt Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
7dfdf79c8f4a195193969012527fa39e626e573eb506f6ae2fd3fdf363b57f47 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 c2aaac58f97e7c3963afaab40ca28e98 Copy to Clipboard
SHA1 8f8fc28b09878ca54d3fe48e4121e91c9b5f05df Copy to Clipboard
SHA256 7dfdf79c8f4a195193969012527fa39e626e573eb506f6ae2fd3fdf363b57f47 Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAmp1bWeMoM:KjwD41/nQS8EXbgMjotJTR8YTB4mnCD Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
e151f03cd8bccbe66755855aea52efcf953f8621a156996862c873e7c23892c8 Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 6822634875406359ae11865166d39a77 Copy to Clipboard
SHA1 0c4a725b8119ef5caf3dfdf09dfe7890a8618e74 Copy to Clipboard
SHA256 e151f03cd8bccbe66755855aea52efcf953f8621a156996862c873e7c23892c8 Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAmp1bWeM6M:KjwD41/nQS8EXbgMjotJTR8YTB4mnCx Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
4fde8f91e68a5c829c1f27159e9244d7d61d84b514dd57cd42ee60ecfc49042b Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 5c18f501b4fcc0ca1aa1806c715c977d Copy to Clipboard
SHA1 f698dda47ce866603421d452c85ac9df4f3d1af2 Copy to Clipboard
SHA256 4fde8f91e68a5c829c1f27159e9244d7d61d84b514dd57cd42ee60ecfc49042b Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAmp1bWeMrM:KjwD41/nQS8EXbgMjotJTR8YTB4mnCY Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
d20aebe1efc64390b3df911f6d98c209ebbf042441ba1838b705cbb45139529f Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 a28e9d5da7e7e7c8ae9e55d3d80d7a28 Copy to Clipboard
SHA1 6cfeb1172226762a7373cede65307a9cdc1d6d5e Copy to Clipboard
SHA256 d20aebe1efc64390b3df911f6d98c209ebbf042441ba1838b705cbb45139529f Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAmp1bWeM7M:KjwD41/nQS8EXbgMjotJTR8YTB4mnCo Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
7ccaa78f1301462ddd01310b6eab123583f3b5eb05590edf25f8539974b07efb Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 55e6321d9cebd52fd1dddc971e5f7827 Copy to Clipboard
SHA1 42a533f65c72aad4902582e969e4a4f37e6586cd Copy to Clipboard
SHA256 7ccaa78f1301462ddd01310b6eab123583f3b5eb05590edf25f8539974b07efb Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAmp1bWeMWM:KjwD41/nQS8EXbgMjotJTR8YTB4mnCF Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
4c4537622c8517313e196ac419fa1408306ee9803a9af75eb4ee4966fdb7b7db Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 144.00 KB
MD5 098b319676dcc0d91dc89fc179406de2 Copy to Clipboard
SHA1 ac989180779ecadac879403c96efa2e7c6aa60b4 Copy to Clipboard
SHA256 4c4537622c8517313e196ac419fa1408306ee9803a9af75eb4ee4966fdb7b7db Copy to Clipboard
SSDeep 3072:VN6BrR4trHD671/nlqSsjEXbZCMGAo4jOJo3CR8YTBfAmp1bWeMDM:KjwD41/nQS8EXbgMjotJTR8YTB4mnCw Copy to Clipboard
ImpHash -
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.55
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.21
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.84
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.89
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
89c23c74007fa94ce211d4c7df481788214f0a8732237fd58e120b9f528a883b Memory Dump Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 130.00 KB
MD5 273385aac69afcf23b7719accf4f0530 Copy to Clipboard
SHA1 abd0a32b0a12ecff05a179d282e02a67d976fc11 Copy to Clipboard
SHA256 89c23c74007fa94ce211d4c7df481788214f0a8732237fd58e120b9f528a883b Copy to Clipboard
SSDeep 3072:VnPYcZtZHhf+pE90L6+j5zZCb+dJAC8nJxmefjgcTBfwFy1bWeMhM:5Vh2pE90L6mzZCSdCdnJsefjgcTBIFwp Copy to Clipboard
ImpHash af0e442125435e0851867f1e2c3da56f Copy to Clipboard
PE Information
»
Image Base 0x10000000
Entry Point 0x10001015
Size Of Code 0x00018800
Size Of Initialized Data 0x00007C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-06-22 14:38 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00018628 0x00018800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.55
.rdata 0x1001A000 0x000047FA 0x00004800 0x00018C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.97
.data 0x1001F000 0x0000213C 0x00002000 0x0001D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.89
.rsrc 0x10022000 0x00000510 0x00000600 0x0001F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.29
.reloc 0x10023000 0x00000CD4 0x00000E00 0x0001FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.43
Imports (6)
»
msvcrt.dll (18)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_snprintf - 0x1001A0F4 0x0001E2C4 0x0001CEC4 0x000002F5
memchr - 0x1001A0F8 0x0001E2C8 0x0001CEC8 0x000004AE
malloc - 0x1001A0FC 0x0001E2CC 0x0001CECC 0x000004A4
_errno - 0x1001A100 0x0001E2D0 0x0001CED0 0x0000011C
_strtoi64 - 0x1001A104 0x0001E2D4 0x0001CED4 0x0000033A
_vsnprintf - 0x1001A108 0x0001E2D8 0x0001CED8 0x0000038E
memset - 0x1001A10C 0x0001E2DC 0x0001CEDC 0x000004B4
qsort - 0x1001A110 0x0001E2E0 0x0001CEE0 0x000004C0
_ftol2_sse - 0x1001A114 0x0001E2E4 0x0001CEE4 0x0000015B
_vsnwprintf - 0x1001A118 0x0001E2E8 0x0001CEE8 0x00000394
free - 0x1001A11C 0x0001E2EC 0x0001CEEC 0x0000046C
_time64 - 0x1001A120 0x0001E2F0 0x0001CEF0 0x00000354
strncpy - 0x1001A124 0x0001E2F4 0x0001CEF4 0x000004E6
strchr - 0x1001A128 0x0001E2F8 0x0001CEF8 0x000004D9
strtod - 0x1001A12C 0x0001E2FC 0x0001CEFC 0x000004ED
localeconv - 0x1001A130 0x0001E300 0x0001CF00 0x0000049F
memcpy - 0x1001A134 0x0001E304 0x0001CF04 0x000004B0
atol - 0x1001A138 0x0001E308 0x0001CF08 0x00000447
KERNEL32.dll (47)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetTickCount - 0x1001A000 0x0001E1D0 0x0001CDD0 0x0000030A
SetThreadPriority - 0x1001A004 0x0001E1D4 0x0001CDD4 0x00000562
FlushFileBuffers - 0x1001A008 0x0001E1D8 0x0001CDD8 0x000001A2
LocalAlloc - 0x1001A00C 0x0001E1DC 0x0001CDDC 0x000003CE
GetExitCodeProcess - 0x1001A010 0x0001E1E0 0x0001CDE0 0x0000023F
GetSystemTimeAsFileTime - 0x1001A014 0x0001E1E4 0x0001CDE4 0x000002EC
GetFileAttributesW - 0x1001A018 0x0001E1E8 0x0001CDE8 0x00000248
MultiByteToWideChar - 0x1001A01C 0x0001E1EC 0x0001CDEC 0x000003F3
SetCurrentDirectoryA - 0x1001A020 0x0001E1F0 0x0001CDF0 0x0000050A
Sleep - 0x1001A024 0x0001E1F4 0x0001CDF4 0x00000581
lstrcmpiW - 0x1001A028 0x0001E1F8 0x0001CDF8 0x00000637
GetDriveTypeW - 0x1001A02C 0x0001E1FC 0x0001CDFC 0x00000232
GetLastError - 0x1001A030 0x0001E200 0x0001CE00 0x00000264
CreateDirectoryW - 0x1001A034 0x0001E204 0x0001CE04 0x000000BD
lstrcatA - 0x1001A038 0x0001E208 0x0001CE08 0x00000630
CreateMutexW - 0x1001A03C 0x0001E20C 0x0001CE0C 0x000000DD
GetCurrentThread - 0x1001A040 0x0001E210 0x0001CE10 0x0000021E
GetProcessId - 0x1001A044 0x0001E214 0x0001CE14 0x000002B9
DisconnectNamedPipe - 0x1001A048 0x0001E218 0x0001CE18 0x00000125
lstrcmpA - 0x1001A04C 0x0001E21C 0x0001CE1C 0x00000633
K32GetModuleFileNameExW - 0x1001A050 0x0001E220 0x0001CE20 0x000003A7
MoveFileW - 0x1001A054 0x0001E224 0x0001CE24 0x000003EF
ExitThread - 0x1001A058 0x0001E228 0x0001CE28 0x00000162
GetNumberFormatA - 0x1001A05C 0x0001E22C 0x0001CE2C 0x00000294
GetCurrentProcessId - 0x1001A060 0x0001E230 0x0001CE30 0x0000021B
SwitchToThread - 0x1001A064 0x0001E234 0x0001CE34 0x0000058B
GetModuleHandleW - 0x1001A068 0x0001E238 0x0001CE38 0x0000027B
GetProcAddress - 0x1001A06C 0x0001E23C 0x0001CE3C 0x000002B1
HeapCreate - 0x1001A070 0x0001E240 0x0001CE40 0x0000034A
HeapFree - 0x1001A074 0x0001E244 0x0001CE44 0x0000034C
HeapAlloc - 0x1001A078 0x0001E248 0x0001CE48 0x00000348
lstrlenW - 0x1001A07C 0x0001E24C 0x0001CE4C 0x00000640
LoadLibraryW - 0x1001A080 0x0001E250 0x0001CE50 0x000003C8
FreeLibrary - 0x1001A084 0x0001E254 0x0001CE54 0x000001AE
GetModuleHandleA - 0x1001A088 0x0001E258 0x0001CE58 0x00000278
LoadLibraryA - 0x1001A08C 0x0001E25C 0x0001CE5C 0x000003C5
GetCurrentProcess - 0x1001A090 0x0001E260 0x0001CE60 0x0000021A
lstrcatW - 0x1001A094 0x0001E264 0x0001CE64 0x00000631
GetWindowsDirectoryW - 0x1001A098 0x0001E268 0x0001CE68 0x00000329
WideCharToMultiByte - 0x1001A09C 0x0001E26C 0x0001CE6C 0x00000602
FindFirstFileW - 0x1001A0A0 0x0001E270 0x0001CE70 0x00000183
FindNextFileW - 0x1001A0A4 0x0001E274 0x0001CE74 0x0000018F
SetFileAttributesW - 0x1001A0A8 0x0001E278 0x0001CE78 0x0000051F
GetCommandLineW - 0x1001A0AC 0x0001E27C 0x0001CE7C 0x000001DA
GetVersionExA - 0x1001A0B0 0x0001E280 0x0001CE80 0x0000031D
GetSystemInfo - 0x1001A0B4 0x0001E284 0x0001CE84 0x000002E6
GetCurrentDirectoryW - 0x1001A0B8 0x0001E288 0x0001CE88 0x00000214
USER32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CharUpperBuffA - 0x1001A0E8 0x0001E2B8 0x0001CEB8 0x0000003D
CharUpperBuffW - 0x1001A0EC 0x0001E2BC 0x0001CEBC 0x0000003E
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CommandLineToArgvW - 0x1001A0E0 0x0001E2B0 0x0001CEB0 0x00000008
ole32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoCreateInstance - 0x1001A140 0x0001E310 0x0001CF10 0x00000028
CoInitializeEx - 0x1001A144 0x0001E314 0x0001CF14 0x0000005E
CoSetProxyBlanket - 0x1001A148 0x0001E318 0x0001CF18 0x00000084
CoInitializeSecurity - 0x1001A14C 0x0001E31C 0x0001CF1C 0x0000005F
OLEAUT32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SafeArrayGetLBound 0x00000014 0x1001A0C0 0x0001E290 0x0001CE90 -
SysFreeString 0x00000006 0x1001A0C4 0x0001E294 0x0001CE94 -
SysAllocString 0x00000002 0x1001A0C8 0x0001E298 0x0001CE98 -
VariantClear 0x00000009 0x1001A0CC 0x0001E29C 0x0001CE9C -
SafeArrayGetUBound 0x00000013 0x1001A0D0 0x0001E2A0 0x0001CEA0 -
SafeArrayDestroy 0x00000010 0x1001A0D4 0x0001E2A4 0x0001CEA4 -
SafeArrayGetElement 0x00000019 0x1001A0D8 0x0001E2A8 0x0001CEA8 -
Exports (1)
»
API Name EAT Address Ordinal
zertc 0x00001000 0x00000001
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
QBotCoreModule QBot Trojan Core DLL Banker, Trojan
5/5
...
c:\users\keecfmwgj\appdata\roaming\microsoft\windows\cookies\keecfmwgj@oracle[2].txt Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 953 Bytes
MD5 42169644a3ce46b5152264300c1427bb Copy to Clipboard
SHA1 c19cb4ab7826931e663a38a357ae78452b29aa92 Copy to Clipboard
SHA256 b246bbb5d33055f8230b277ad649b7235487ac235af02f99f97d30b42d9f5926 Copy to Clipboard
SSDeep 24:UBZ6Qtyadn43kVVh7ybwDMZhlhtAJg4Qp:TQtyaF43MVhecM7ztKgLp Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\roaming\microsoft\windows\cookies\keecfmwgj@oracle[1].txt Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 512 Bytes
MD5 8a9211dc3c85ba736ee9c6d5a69c55be Copy to Clipboard
SHA1 95d51bd307797a3d65ce152da78c100b0f430f4d Copy to Clipboard
SHA256 e5a6b0ad551a5f4e261258eaf333dc2d394b9991c9bce25f04e4c5f46048e291 Copy to Clipboard
SSDeep 12:GVBSs4Ut6Ehtym3d7j4SIHvwRD1WI/ddRRzv:UBZ6Qtyadn43kVR Copy to Clipboard
ImpHash -
c:\samr Dropped File Empty
Clean
...
  • Actions
»
Also Known As c:\wkssvc (Dropped File, Not Extracted, Modified File)
MIME Type application/x-empty
File Size 0 Bytes (not extracted)
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\local\microsoft\windows\temporary internet files\content.ie5\x9ohk109\t5[1] Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 184 Bytes
MD5 742c787cd5c50e98a0b642c778b1014d Copy to Clipboard
SHA1 e937559ea352326038ff2fba022d984c6b785b1b Copy to Clipboard
SHA256 ee53c578cc18eeb743bfe887e5e9e80026438e165442528e6c5cac6ef4a6c08a Copy to Clipboard
SSDeep 3:FBMXFWaXMUjU/jXNn8pxIIqbwEW3D2TK3VVUpwwgcOQ64LU5WU+Q+T5CdppnSX0n:7KWcjjOB4BGc2TK3jUpw9Hp4LUIUjVSk Copy to Clipboard
ImpHash -
bd50618de9ee069529d9882f1eb51c9defd0febb38aae14c17e1977b65720158 Downloaded File HTML
Clean
...
»
MIME Type text/html
File Size 175 Bytes
MD5 a195eff831acad3e8f20707625fb13fa Copy to Clipboard
SHA1 297b6f89aa211b0d2ec667a260e2ede04e99e198 Copy to Clipboard
SHA256 bd50618de9ee069529d9882f1eb51c9defd0febb38aae14c17e1977b65720158 Copy to Clipboard
SSDeep 3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLKqIeXZK1IwcWWGu:q43tISl6kXiMIWSU6XlI5AI01IpfGu Copy to Clipboard
ImpHash -
519059995e97ae49a86da834c1c2d2e48fa94730de36080eace7cc369858270b Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 80 Bytes
MD5 21edf4e12e52c07fc4464147023d96da Copy to Clipboard
SHA1 711e1afa55b8575483476b70cb08a0a2d2e07a16 Copy to Clipboard
SHA256 519059995e97ae49a86da834c1c2d2e48fa94730de36080eace7cc369858270b Copy to Clipboard
SSDeep 3:NmQIGYwdPHv/MdyODmViUJoM1jcBzT0:NmQIPuUdyfoMqM Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image