Malicious
Classifications
Injector Banking Trojan
Threat Names
QBot Mal/Generic-S
Dynamic Analysis Report
Created on 2022-04-19T03:27:00
f0fc0e1700296e299a34707361b859d20a07b147da4b0c1c0401696d655fd605.dll
Windows DLL (x86-32)
Remarks (2/2)
(0x02000009): DLL files normally need to be submitted with an appropriate loader. Analysis result may be incomplete if an appropriate loader was not submitted.
(0x0200000E): The overall sleep time of all monitored processes was truncated from "1 hour, 6 minutes, 22 seconds" to "9 minutes, 30 seconds" to reveal dormant functionality.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| File Name | Category | Type | Verdict | Actions |
|---|
| C:\Users\kEecfMwgj\Desktop\f0fc0e1700296e299a34707361b859d20a07b147da4b0c1c0401696d655fd605.dll | Sample File | Binary |
malicious
|
...
|
»
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 709.83 KB |
| MD5 |
fe61080715e97b623082d86305828bd2
|
| SHA1 |
e50bfb7820c52202c65c0e65139310dd374f0bb8
|
| SHA256 |
f0fc0e1700296e299a34707361b859d20a07b147da4b0c1c0401696d655fd605
|
| SSDeep |
12288:vsWo0UvQ84KOU40IEaGTftVbCbKBaZJBIZc1mwqwJKeUQFMyaIrR9PsXlwo2WuNU:vsSEQ7l0IgTftJlaZJBIZ47JKeZF9rrg
|
| ImpHash |
d543fb7568aef63b978ba52e286db07a
|
File Reputation Information
»
| Verdict |
malicious
|
| Names | Mal/Generic-S |
PE Information
»
| Image Base | 0x10000000 |
| Size Of Code | 0xaca00 |
| Size Of Initialized Data | 0x800 |
| File Type | FileType.dll |
| Subsystem | Subsystem.windows_gui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2022-04-18 09:24:24+00:00 |
Sections (4)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x10001000 | 0xac932 | 0xaca00 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 4.38 |
| .rdata | 0x100ae000 | 0x368 | 0x400 | 0xace00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.9 |
| .data | 0x100af000 | 0x44 | 0x200 | 0xad200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 1.0 |
| .reloc | 0x100b0000 | 0x9c | 0x200 | 0xad400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 2.15 |
Imports (1)
»
MSVFW32.dll (14)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ICInstall | - | 0x100ae000 | 0xae220 | 0xad020 | 0x1f |
| ICGetInfo | - | 0x100ae004 | 0xae224 | 0xad024 | 0x1b |
| ICSendMessage | - | 0x100ae008 | 0xae228 | 0xad028 | 0x25 |
| ICDraw | - | 0x100ae00c | 0xae22c | 0xad02c | 0x18 |
| ICLocate | - | 0x100ae010 | 0xae230 | 0xad030 | 0x20 |
| ICSeqCompressFrameStart | - | 0x100ae014 | 0xae234 | 0xad034 | 0x28 |
| ICSeqCompressFrameEnd | - | 0x100ae018 | 0xae238 | 0xad038 | 0x27 |
| ICSeqCompressFrame | - | 0x100ae01c | 0xae23c | 0xad03c | 0x26 |
| DrawDibClose | - | 0x100ae020 | 0xae240 | 0xad040 | 0x2 |
| DrawDibRealize | - | 0x100ae024 | 0xae244 | 0xad044 | 0x9 |
| DrawDibDraw | - | 0x100ae028 | 0xae248 | 0xad048 | 0x3 |
| MCIWndRegisterClass | - | 0x100ae02c | 0xae24c | 0xad04c | 0x2c |
| GetOpenFileNamePreviewA | - | 0x100ae030 | 0xae250 | 0xad050 | 0xf |
| GetOpenFileNamePreviewW | - | 0x100ae034 | 0xae254 | 0xad054 | 0x10 |
Exports (20)
»
| Api name | EAT Address | Ordinal |
|---|---|---|
| APYylI90 | 0xad286 | 0x1 |
| BJ9vYTIZ | 0xad102 | 0x2 |
| C867zOSo | 0xad1cc | 0x3 |
| DkqpyEj | 0xad540 | 0x4 |
| DllRegisterServer | 0xa52d9 | 0x5 |
| FACiVaNdi | 0xace57 | 0x6 |
| FkqUOSI | 0xad3cc | 0x7 |
| Fo1WAU | 0xad06a | 0x8 |
| FoXdTt | 0xad627 | 0x9 |
| H74L6WP55 | 0xacfd0 | 0xa |
| HFxp0uyO | 0xacfa7 | 0xb |
| HhuNHQNbON | 0xace01 | 0xc |
| HqhliBHM | 0xad5d7 | 0xd |
| JVq1qxiBWO | 0xad2da | 0xe |
| Jdyl0plZW | 0xad31a | 0xf |
| JfICdz | 0xad154 | 0x10 |
| JoSOH6k | 0xad440 | 0x11 |
| Jtg0b9DEVZ8 | 0xacec8 | 0x12 |
| KGoeBIhi | 0xace22 | 0x13 |
| KdWbkIqM | 0xace3b | 0x14 |
Digital Signature Information
»
| Verification Status | Failed |
| Verification Error | The signature hash does not match the file contents |
Certificate: Microsoft Corporation
»
| Issued by | Microsoft Corporation |
| Parent Certificate | Microsoft Code Signing PCA 2011 |
| Country Name | US |
| Valid From | 2019-05-02 23:37 (UTC+2) |
| Valid Until | 2020-05-02 23:37 (UTC+2) |
| Algorithm | sha256_rsa |
| Serial Number | 33 00 00 01 51 9E 8D 8F 40 71 A3 0E 41 00 00 00 00 01 51 |
| Thumbprint | 62 00 9A AA BD AE 74 9F D4 7D 19 15 09 58 32 9B F6 FF 4B 34 |
Certificate: Microsoft Code Signing PCA 2011
»
| Issued by | Microsoft Code Signing PCA 2011 |
| Country Name | US |
| Valid From | 2011-07-08 22:59 (UTC+2) |
| Valid Until | 2026-07-08 23:09 (UTC+2) |
| Algorithm | sha256_rsa |
| Serial Number | 61 0E 90 D2 00 00 00 00 00 03 |
| Thumbprint | F2 52 E7 94 FE 43 8E 35 AC E6 E5 37 62 C0 A2 34 A2 C5 21 35 |
| c:\samr | Dropped File | Unknown |
N/A
Not Available because the file was not extracted successfully.
|
...
|
»
| MIME Type | - |
| File Size | - |
| MD5 | - |
| SHA1 | - |
| SHA256 | - |
| SSDeep | - |
| ImpHash | - |
