QI[.]EXE | Triage

Sharing

General

Target

QI.EXE
Size

5.7MB
MD5

71058566c0821ca320639f18c62905f0
SHA1

235e751fb521829628f4df4d43b88e0ed6396a5d
SHA256

fbb98a26d5543ecd8be85870352b7641d151121a4dffa5a5dd53e3fd455886c5
SHA512

f7f7aad683bca495f438ff1fb9a91b02300d624dd3fb8f5491ee4ca7b52ea1b6641ccd12821e07399a1156ac3f6e6a13e62be286e7c66aa89ab226f91e196c1b
SSDEEP

98304:Mtx1TaW8Q9CzAY+mVmDmOaEaJchTNhpLGJMz6coX2XwFUSWPSdmAijGrCvVYusl0:MI/Q9C8YT6aJchTNjGiz7XwFWam7irCH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
QI.EXE

Files

QI.EXE
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ