SECOH-QAD[.]exe | Triage

Resubmissions

04/07/2023, 08:37

230704-kjge3adb9x 3

11/06/2023, 06:15

230611-gz1bbsgf65 3

Sharing

Copy URL Twitter E-mail

General

Target

SECOH-QAD.exe
Size

2KB
MD5

f705a8d067b32d92617f5c2077ff0e5c
SHA1

4fb55ae8d1bb61f62756300979d9b130c9e0e80e
SHA256

3391c079862ae302820c48b1b661f9409ffb2e99c426818cc2242195c2f8e31a
SHA512

31c8bafa7d4e4dbbcda102a4b15bc2dac68e40d036b76b74c835bfca3492beab9bfa1cfb85d45d0ee572c138243bf21f16a731cf22d53b79a0fdf9f32db64d8b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume4/Windows/SECOH-QAD.exe

Files

SECOH-QAD.exe
.zip

Password: S@ndb0x!2023@@
Device/HarddiskVolume4/Windows/SECOH-QAD.exe
.exe windows x64

Password: S@ndb0x!2023@@

80d4996be4f3279aee256ea8a8635393

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

wcsstr
wcslen
_wcsicmp
wcschr

kernel32

Thread32Next
ResumeThread
SuspendThread
WriteProcessMemory
CloseHandle
ExitProcess
GetCommandLineW
DebugActiveProcessStop
CreateProcessW
WaitForSingleObject
CreateRemoteThread
OpenProcess
Thread32First
VirtualFreeEx
Sleep
GetExitCodeProcess
GetStartupInfoW
GetLastError
GetProcAddress
VirtualAllocEx
Process32FirstW
OpenThread
GetExitCodeThread
Process32NextW
GetModuleHandleA
CreateToolhelp32Snapshot

Sections

.text
Size: 1024B - Virtual size: 1023B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
manifest.json