SECOH-QAD[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SECOH-QAD.exe
Size

2KB
MD5

58099170bcea4e8b6fbaf1d63b53d386
SHA1

66746b669dfa311cbe40c694124fe760531f3202
SHA256

4fd5412d35272dc18ac031943cbb5cf5c8531c45abf3278659ed177da0d3e685
SHA512

e11a6bf3142bd7f389efb59bb837568abf51f15172123938440394a32457a45d183cbe8de3fc5c163b2b9979944206a7907a2817943387f5038d34e8151b9e75

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume4/Windows/SECOH-QAD.exe

Files

SECOH-QAD.exe
.zip

Password: S@ndb0x!2023@@
Device/HarddiskVolume4/Windows/SECOH-QAD.exe
.exe windows x64

Password: S@ndb0x!2023@@

80d4996be4f3279aee256ea8a8635393

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

wcsstr
wcslen
_wcsicmp
wcschr

kernel32

Thread32Next
ResumeThread
SuspendThread
WriteProcessMemory
CloseHandle
ExitProcess
GetCommandLineW
DebugActiveProcessStop
CreateProcessW
WaitForSingleObject
CreateRemoteThread
OpenProcess
Thread32First
VirtualFreeEx
Sleep
GetExitCodeProcess
GetStartupInfoW
GetLastError
GetProcAddress
VirtualAllocEx
Process32FirstW
OpenThread
GetExitCodeThread
Process32NextW
GetModuleHandleA
CreateToolhelp32Snapshot

Sections

.text
Size: 1024B - Virtual size: 1023B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
manifest.json