quasar | Adobe Acrobat DC Setup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Adobe Acrobat DC Setup.exe
Size

3.6MB
MD5

e5ba9440e3338884a7963995ca9132d7
SHA1

aa177c582fff33279a5e9fd27104c43cbf8d8a70
SHA256

1eac2dc913dd6753e4195898af82412511a503990e1d5b7a86fd5919f6feee82
SHA512

54e3b044a9ae4583e89695e9c7ab1e6933ea38ff55473f32537b0a9adf6522a7fb433bc143224e0b6f79223692b474acbd1196fc2e2b361f1182062250a76bc7
SSDEEP

98304:4ZeSO1fNPbR/5pGs4+Lrlkixl7u2J43gZxbCaly7yhR+pd2SwGJYdy8K+I:cIWJX8K

Score

10^/10

quasar

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
3000

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Adobe Acrobat DC Setup.exe

Files

Adobe Acrobat DC Setup.exe
.exe windows x86

Password: adobe

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 189B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 443KB - Virtual size: 442KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ