quickassist[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

quickassist.exe
Size

656KB
MD5

121ec2bf4dae2a0f06bd9cb50d81c501
SHA1

54baf3d56ab2814868362d39ca4bc0ce746aa6b9
SHA256

522e6963d8590c2f6c42ed4d7988fed640655944b3f700f8ed7d0f12a92d5791
SHA512

031d4f20ba82fccf0baa904501ade61811827ca560dc846d76081b29448916d04cd1e887c00874e3c1f41f87e33c4bcdbf276dcad624bf099ce850d3e4ded5af
SSDEEP

6144:iC1mlyt2nAdDBSrYUGHlSpHkhJtYI0iORKzjjUHp68589cRQpLy7xwKxp8wZwK+P:iC1mlbXMJtYN7ZpjZb+JZFgYwTM5CKh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
quickassist.exe

Files

quickassist.exe
.exe windows x64

e263304182003f6ee4cb8a0ccc6d1a7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__CxxFrameHandler3
??0exception@@QEAA@AEBQEBDH@Z
_amsg_exit
__wgetmainargs
__set_app_type
__C_specific_handler
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
exit
_exit
_cexit
__setusermatherr
_initterm
_wcmdln
_fmode
??0exception@@QEAA@XZ
_wcsicmp
_wcsnicmp
_commode
?terminate@@YAXXZ
_lock
_unlock
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
??0exception@@QEAA@AEBQEBD@Z
memmove
memcpy
free
??_V@YAXPEAX@Z
malloc
memcpy_s
_vsnwprintf
realloc
_purecall
sprintf_s
__dllonexit
_onexit
memmove_s
_itow_s
?what@exception@@UEBAPEBDXZ
_callnewh
_CxxThrowException
??1type_info@@UEAA@XZ
memset
_XcptFilter
memcmp
wcscmp

atl

ord32
ord30

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LockResource
LoadResource
GetModuleHandleW
FreeLibrary
LoadStringW
GetModuleFileNameA
SizeofResource
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

SetEvent
CreateMutexExW
ReleaseMutex
CreateSemaphoreExW
WaitForMultipleObjectsEx
WaitForSingleObject
CreateEventExW
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionEx
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
OpenSemaphoreW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteCriticalSection
InitializeSRWLock

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
OpenProcessToken
GetStartupInfoW
TerminateProcess
CreateThread
ExitThread
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoCreateFreeThreadedMarshaler
StringFromGUID2
CoCreateGuid
CoCreateInstanceFromApp
CoGetApartmentType
CoUninitialize
CoInitializeEx

oleaut32

SysFreeString
SysAllocString
SafeArrayUnaccessData
VariantInit
VariantChangeType
SafeArrayCreate
SafeArrayAccessData
SafeArrayDestroy
SysStringLen

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegGetValueW
RegCreateKeyExW
RegSetValueExW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
AdjustTokenPrivileges
CheckTokenMembership
GetTokenInformation

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringLen
WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsIsStringEmpty
WindowsCreateString

api-ms-win-core-threadpool-l1-2-0

TrySubmitThreadpoolCallback
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
CallbackMayRunLong

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
SetRestrictedErrorInfo
RoOriginateError
GetRestrictedErrorInfo
RoTransformError

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-ntuser-sysparams-l1-1-0

SystemParametersInfoW
EnumDisplayMonitors
GetSystemMetrics

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor
SetProcessDpiAwareness

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

uxtheme

SetWindowThemeAttribute

gdiplus

GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipGetPropertyItemSize
GdipLoadImageFromStream
GdipGetPropertyItem
GdipImageGetFrameDimensionsList
GdipDrawImageRectI
GdipDrawImageI
GdipGraphicsClear
GdipDeleteGraphics
GdipImageGetFrameCount
GdipCreateBitmapFromScan0
GdipImageGetFrameDimensionsCount
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipImageSelectActiveFrame
GdipDisposeImage

ext-ms-win-com-ole32-l1-1-0

OleInitialize
OleUninitialize

ext-ms-win-ntuser-draw-l1-1-0

EndPaint
UpdateWindow
BeginPaint
InvalidateRect

ext-ms-win-ntuser-window-l1-1-0

SetWindowsHookExW
BringWindowToTop
GetWindowRect
DefWindowProcW
ShowWindow
DestroyWindow
UnhookWindowsHookEx
GetClientRect
SetWindowTextW
CallNextHookEx

api-ms-win-ntuser-ie-window-l1-1-0

GetWindowLongPtrW
KillTimer
SetTimer
SetWindowLongPtrW
UnregisterClassW

api-ms-win-ntuser-ie-message-l1-1-0

PostMessageW
PostQuitMessage
GetMessageW
TranslateMessage
DispatchMessageW

rpcrt4

UuidCreate

ext-ms-win-ntuser-keyboard-l1-1-0

GetKeyState
SendInput

ext-ms-win-gdi-devcaps-l1-1-0

GetDeviceCaps

ext-ms-win-ntuser-dc-access-ext-l1-1-0

ReleaseDC
GetDC

ext-ms-win-ntuser-menu-l1-1-0

GetSystemMenu
EnableMenuItem

ext-ms-win-shell-shell32-l1-2-0

ShellExecuteW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-rtcore-ntuser-window-l1-1-0

SetWindowPos
GetParent
RegisterClassExW
CreateWindowExW

d2d1

ord1

d3d11

D3D11CreateDevice

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-core-shutdown-l1-1-1

InitiateShutdownW

api-ms-win-core-windowserrorreporting-l1-1-3

RegisterApplicationRestart

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

crypt32

CryptProtectData
CryptUnprotectData

dcomp

DCompositionCreateSurfaceHandle
DCompositionCreateDevice2

sas

SendSAS

ext-ms-win-ntuser-window-l1-1-1

SetLayeredWindowAttributes
UpdateLayeredWindow

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

ext-ms-win-ole32-bindctx-l1-1-0

CoGetObject

ext-ms-win-gdi-draw-l1-1-0

CreateSolidBrush

ext-ms-win-rtcore-gdi-object-l1-1-0

DeleteObject

ext-ms-win-ntuser-windowclass-l1-1-2

SetClassLongPtrW
GetClassLongPtrW

ext-ms-win-ntuser-gui-l1-1-0

FillRect
LoadIconW

Sections

.text
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e263304182003f6ee4cb8a0ccc6d1a7a

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

atl

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-com-l1-1-0

oleaut32

api-ms-win-core-registry-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-security-base-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-shcore-scaling-l1-1-1

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

uxtheme

gdiplus

ext-ms-win-com-ole32-l1-1-0

ext-ms-win-ntuser-draw-l1-1-0

ext-ms-win-ntuser-window-l1-1-0

api-ms-win-ntuser-ie-window-l1-1-0

api-ms-win-ntuser-ie-message-l1-1-0

rpcrt4

ext-ms-win-ntuser-keyboard-l1-1-0

ext-ms-win-gdi-devcaps-l1-1-0

ext-ms-win-ntuser-dc-access-ext-l1-1-0

ext-ms-win-ntuser-menu-l1-1-0

ext-ms-win-shell-shell32-l1-2-0

api-ms-win-core-com-l1-1-1

api-ms-win-rtcore-ntuser-window-l1-1-0

d2d1

d3d11

api-ms-win-core-url-l1-1-0

api-ms-win-core-shutdown-l1-1-1

api-ms-win-core-windowserrorreporting-l1-1-3

api-ms-win-core-registry-l1-1-1

crypt32

dcomp

sas

ext-ms-win-ntuser-window-l1-1-1

api-ms-win-core-apiquery-l1-1-0

ext-ms-win-ole32-bindctx-l1-1-0

ext-ms-win-gdi-draw-l1-1-0

ext-ms-win-rtcore-gdi-object-l1-1-0

ext-ms-win-ntuser-windowclass-l1-1-2

ext-ms-win-ntuser-gui-l1-1-0

Sections

.text Size: 397KB - Virtual size: 397KB

.rdata Size: 184KB - Virtual size: 184KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 16KB - Virtual size: 16KB

.rsrc Size: 46KB - Virtual size: 45KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 397KB - Virtual size: 397KB

.rdata
Size: 184KB - Virtual size: 184KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 46KB - Virtual size: 45KB

.reloc
Size: 9KB - Virtual size: 8KB