quasar | f95fb456e2d1dcf82b05cc0865a3a46724e85a97f5a5034c607b02fcbd87853d

General

Target

f95fb456e2d1dcf82b05cc0865a3a46724e85a97f5a5034c607b02fcbd87853d
Size

104KB
MD5

0585aa70ed286fb0e6478a844fa4fce3
SHA1

879b5c58df32ad77cada3befa3fe3c817666d590
SHA256

f95fb456e2d1dcf82b05cc0865a3a46724e85a97f5a5034c607b02fcbd87853d
SHA512

00772845d68b55db3ba15c3313dcf366adfb3086f8cbb4de05bce9ad514d248b73b96a41ec3fbfd1a1725e1f5bd0d3c637f7df01ee95dc33bfea40dea7d97159
SSDEEP

3072:NK8CWxY4Cb+8NL3cVCUnWTTYKcBgxCg9I0c:NKuxY4CblNbcBnmTtLL9I0c

Score

10^/10

quasar

Quasar payload 1 IoCs

resource	yara_rule
static1/unpack001/a857d40d6bc12165d5bedf2fe5c271440dc1afadcb67be7d1ff9653865aa2f9a.exe	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a857d40d6bc12165d5bedf2fe5c271440dc1afadcb67be7d1ff9653865aa2f9a.exe

f95fb456e2d1dcf82b05cc0865a3a46724e85a97f5a5034c607b02fcbd87853d
.zip

Password: infected
a857d40d6bc12165d5bedf2fe5c271440dc1afadcb67be7d1ff9653865aa2f9a.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\QuasarRAT-master\RemoteClient\obj\x86\Debug\RemoteClient.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ