QuickBooksDownloder[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

QuickBooksDownloder.exe
Size

591KB
MD5

262a55e1e99eae5d4e896982dd85da5b
SHA1

1c5ebf6401dc48fd53b49c679e3d710a586027df
SHA256

edc10d157b786c85908610eaed46109e3530c63a7f970fd6f4a32f1fab79e374
SHA512

6b726b631002dedf5f8b76205f990245ce4c1b24329d9f3e55bda4abb5c702999ab4ccd089af1d08dde941afd426b267134e9d29ee961b41996a55a13ce985a4
SSDEEP

12288:vVW3Z2+kZ+l7hCYG5SgZ8jKZLGcQz+zB0Sc:vVavkZC7MYGwgZ8jHTzEB0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
QuickBooksDownloder.exe

Files

QuickBooksDownloder.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 585KB - Virtual size: 584KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ