QRes[.]exe | Triage

Sharing

General

Target

QRes.exe
Size

4KB
MD5

ca493006d55ebda9f97c7848cee144a7
SHA1

82671680c2fd7037e3982da62227bfa9611f91ee
SHA256

66252b80e1f62e284d60ddfc340fa7d6b651929d85360cee0f78cc04a8c5e343
SHA512

35f0eada98d97edfea875f1301eeb84fb81d9e1f59a63098bb73b963bf6d463fb5c780840a3aacbcf6d2e7fb8fbda139bb1c61625b6f334cf4fe6d5677fcc035
SSDEEP

96:XsK1jHA1J4NV/HMjiNOi7XV8jr1enQYzjaADfNP4oyn:dj/Hco8jrgQoja2fNP4oyn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
QRes.exe

Files

QRes.exe
.exe windows:4 windows x86

f3899020c1ea8bbf0c84a80689caa590

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetVersion
lstrcatA
lstrcpyA

user32

ReleaseDC
wsprintfA
ChangeDisplaySettingsA
GetDC
EnumDisplaySettingsA

gdi32

GetDeviceCaps

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

msvcrt

printf
__getmainargs
_initterm
_controlfp
_except_handler3
memset
_exit
_XcptFilter
exit
__p___initenv
__set_app_type
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode

Sections

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE