quasar | $ONI$-Stub[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

$ONI$-Stub.exe
Size

3.8MB
MD5

9bc07ccdcad9342cb5bc1ba486e79326
SHA1

f41e35ff0abf574fef6b2c54c81aa931f1a6727b
SHA256

caf2cb3d9a22d74ec73ce89ced81e2218115e5495a72517de6fc118cc3088cfc
SHA512

df9794cc5d1ecccab5b98f00828bc763e72acb9129010bc8370f51c1917620750ebef6f765d78f3d37d5c16a8320fee0b61eca3886436b497182bd9ecef30820
SSDEEP

49152:kPrLTGZJwSBkNBwU47g9sntFJxZTOCdw9Wco/OHeoDCtTHHB72eh2NT:kPrLTGZRH/tFJ/TOCdw3oL

Score

10^/10

quasar

Malware Config

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
$ONI$-Stub.exe

Files

$ONI$-Stub.exe
.exe windows:4 windows x86 arch:x86

9dc12590a8415085e474837eeac1b8c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA

kernel32

DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesExA
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
RemoveDirectoryA
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject

msvcrt

_pclose
_popen
_strdup
_stricoll
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_chdir
_errno
_fpreset
_fullpath
_iob
_isctype
_onexit
_pctype
_setmode
abort
atexit
calloc
exit
fclose
fgets
fopen
fread
free
fseek
fwrite
getenv
malloc
mbstowcs
memcpy
perror
realloc
setlocale
signal
sprintf
strcat
strcoll
strlen
tolower
vfprintf
wcscpy
wcslen
wcstombs

shell32

ShellExecuteExA

user32

MessageBoxW

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 112B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/14
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 512B - Virtual size: 329B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 512B - Virtual size: 151B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9dc12590a8415085e474837eeac1b8c4

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

shell32

user32

Sections

.text Size: 16KB - Virtual size: 15KB

.data Size: 265KB - Virtual size: 265KB

.rdata Size: 2KB - Virtual size: 1KB

/4 Size: 3KB - Virtual size: 2KB

.bss Size: - Virtual size: 112B

.idata Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

/14 Size: 512B - Virtual size: 56B

/29 Size: 8KB - Virtual size: 7KB

/41 Size: 512B - Virtual size: 329B

/55 Size: 512B - Virtual size: 456B

/67 Size: 512B - Virtual size: 56B

/80 Size: 512B - Virtual size: 151B

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 265KB - Virtual size: 265KB

.rdata
Size: 2KB - Virtual size: 1KB

/4
Size: 3KB - Virtual size: 2KB

.bss
Size: - Virtual size: 112B

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

/14
Size: 512B - Virtual size: 56B

/29
Size: 8KB - Virtual size: 7KB

/41
Size: 512B - Virtual size: 329B

/55
Size: 512B - Virtual size: 456B

/67
Size: 512B - Virtual size: 56B

/80
Size: 512B - Virtual size: 151B