quasar | maybe-protected[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

maybe-protected.exe
Size

1001KB
MD5

97f32d572e7eab88f7505d885fe02f31
SHA1

163421fb9df8991f11e6f7d6000b6f7c3473352d
SHA256

fc1b2c9e8e203602a211e743b346018f63a4e08cea3d8b3c47ef5aada058b6af
SHA512

944dedd47c76e94d8475d2b09ddf9096f5f5af229cb73b73ff844cd571f26ddf5744a5147c87820df56f5b82113e5cd5c30e927f88e59c43ca5820ebfd4dd842
SSDEEP

24576:BLp59CUu8FvFG0NmJw/BGtV+lELZwjGHldzNDtLpz87:/59CUu8FvYR7HTz

Score

10^/10

quasar

Malware Config

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
maybe-protected.exe

Files

maybe-protected.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 998KB - Virtual size: 997KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ