quickassist[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

quickassist.exe
Size

955KB
MD5

f259e4dcc9751ee08557da7e60f7cde2
SHA1

6c009fd5d19e73f1d2647c1e1ebc8a3b955730d1
SHA256

82f4533f85d2a288cac51941b766cd170a5476bb04dd7fce26280744b243b344
SHA512

a821f930e5a94af763c20d6ae818e4cac2191003b2d559bef81d07985ebf5f4798b32e45868e7a8210310e6c56e5c862325ad9a00bf609619ba0cda0c2958b30
SSDEEP

12288:R6C4zpT0OVEiqeTkJx1pSs+TGT0p52xLCZrmn1ogw1tbBXj5EB39Q:RkzpT7EigL6r2grlgwX9FSN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
quickassist.exe

Files

quickassist.exe
.exe windows:10 windows x64 arch:x64

9bfecd8df4dcf6816be8824f003c7fd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

QuickAssist.pdb

Imports

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
FindResourceExW
LoadStringW
LockResource
SizeofResource
FreeLibrary
GetModuleHandleW
FreeLibraryAndExitThread
GetProcAddress
LoadResource
LoadLibraryExA
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
CreateMutexExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LeaveCriticalSection
ReleaseMutex
InitializeCriticalSectionEx
WaitForSingleObjectEx
ReleaseSemaphore
CreateEventW
ResetEvent
CreateSemaphoreExW
SetEvent
InitializeSRWLock
TryAcquireSRWLockExclusive
ReleaseSRWLockShared
CreateEventExW
WaitForMultipleObjectsEx
OpenSemaphoreW
AcquireSRWLockShared
EnterCriticalSection
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSize
HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

ExitProcess
GetCurrentProcess
TerminateProcess
OpenProcessToken
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread
CreateProcessAsUserW
TlsGetValue
CreateThread
ExitThread
GetStartupInfoW
TlsSetValue
TlsAlloc
TlsFree

api-ms-win-core-localization-l1-2-0

IsValidCodePage
GetACP
LCMapStringW
GetCPInfo
GetOEMCP
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

oleaut32

VariantClear
SysFreeString
SafeArrayUnaccessData
SafeArrayDestroy
SysAllocStringLen
SafeArrayCreate
SysStringByteLen
VarBstrCmp
VarUI4FromStr
SysStringLen
LoadTypeLi
LoadRegTypeLi
SysAllocString
VariantChangeType
OleCreateFontIndirect
VariantInit
SafeArrayAccessData

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CLSIDFromString
CLSIDFromProgID
CoGetApartmentType
CoGetClassObject
StringFromGUID2
CoInitializeEx
CoCreateInstanceFromApp
CoCreateGuid
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
CoGetObjectContext
CoUninitialize

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
SubmitThreadpoolWork
SetThreadpoolTimer
CloseThreadpoolTimer
CloseThreadpoolWork
CreateThreadpoolTimer
TrySubmitThreadpoolCallback
WaitForThreadpoolTimerCallbacks
CallbackMayRunLong

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegGetValueW
RegDeleteValueW
RegQueryInfoKeyW
RegCloseKey
RegCreateKeyExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsIsStringEmpty
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringLen
WindowsDuplicateString
WindowsGetStringRawBuffer

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
GetRestrictedErrorInfo
RoOriginateErrorW
RoTransformError
RoOriginateError

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalAlloc

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics
SystemParametersInfoW
EnumDisplayMonitors

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor
GetScaleFactorForMonitor
SetProcessDpiAwareness

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-file-l1-2-0

GetTempPathW

urlmon

URLDownloadToFileW

api-ms-win-core-file-l1-1-0

GetFileType
SetFilePointerEx
WriteFile
FindFirstFileExW
FindClose
CreateFileW
GetFileAttributesW
FindNextFileW
FlushFileBuffers
GetTempFileNameW

api-ms-win-security-base-l1-1-0

CreateRestrictedToken
CheckTokenMembership
AdjustTokenPrivileges
CreateWellKnownSid
GetTokenInformation

wintrust

WinVerifyTrust

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-processenvironment-l1-1-0

FreeEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetEnvironmentVariableW
SetStdHandle
GetStdHandle
GetEnvironmentStringsW

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache
IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
InitOnceExecuteOnce

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlUnwindEx
RtlVirtualUnwind
RtlPcToFileHeader
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-console-l1-1-0

GetConsoleMode
GetConsoleCP
WriteConsoleW

api-ms-win-core-fibers-l1-1-0

FlsFree
FlsSetValue
FlsGetValue
FlsAlloc

gdi32

GetDeviceCaps
GetTextExtentPoint32W
CreateFontIndirectW
GetObjectW
DeleteDC
DeleteObject
GetStockObject
BitBlt
CreateCompatibleDC
SetBkMode
SelectObject
CreateCompatibleBitmap
CreateSolidBrush

ole32

OleInitialize
OleLockRunning
OleUninitialize
CoGetObject

user32

UnhookWindowsHookEx
BeginPaint
EndPaint
GetSystemMenu
FillRect
InvalidateRect
CreateWindowExW
DispatchMessageW
UpdateLayeredWindow
DestroyWindow
SetWindowsHookExW
UpdateWindow
TranslateMessage
GetWindowLongW
EnableMenuItem
SetWindowLongW
SendMessageW
GetWindowTextW
PostQuitMessage
ReleaseDC
CallNextHookEx
GetWindowTextLengthW
CallWindowProcW
MonitorFromWindow
RegisterWindowMessageW
ReleaseCapture
SendInput
GetClientRect
LoadIconW
IsDialogMessageW
CreateAcceleratorTableW
MoveWindow
GetDesktopWindow
GetFocus
SetTimer
DestroyAcceleratorTable
GetSysColor
RegisterClassExW
LoadCursorW
KillTimer
GetClassInfoExW
UnregisterClassW
GetClassNameW
IsWindow
GetDlgItem
GetParent
SetWindowPos
IsChild
GetWindow
DefWindowProcW
SetFocus
GetKeyState
SetCapture
GetWindowLongPtrW
SetClassLongPtrW
SetLayeredWindowAttributes
RedrawWindow
SetWindowLongPtrW
ClientToScreen
ScreenToClient
GetAncestor
PostMessageW
SetWindowTextW
GetClassLongPtrW
BringWindowToTop
GetWindowRect
InvalidateRgn
GetMessageW
GetDC
ShowWindow

comctl32

InitCommonControlsEx

uxtheme

SetWindowThemeAttribute

gdiplus

GdipFree
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromScan0
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipAlloc
GdipCloneImage
GdipLoadImageFromStream
GdipDrawImageRectI
GdipDrawImageI
GdipGraphicsClear
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipDisposeImage

rpcrt4

UuidCreate

ext-ms-win-shell-shell32-l1-2-0

ShellExecuteW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

d2d1

ord1

d3d11

D3D11CreateDevice

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-core-shutdown-l1-1-1

InitiateShutdownW

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

crypt32

CryptProtectData
CryptUnprotectData

dcomp

DCompositionCreateDevice2
DCompositionCreateSurfaceHandle

sas

SendSAS

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

ext-ms-win-kernel32-windowserrorreporting-l1-1-1

RegisterApplicationRestart

Sections

.text
Size: 599KB - Virtual size: 599KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 263KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9bfecd8df4dcf6816be8824f003c7fd0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-shcore-scaling-l1-1-1

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-file-l1-2-0

urlmon

api-ms-win-core-file-l1-1-0

api-ms-win-security-base-l1-1-0

wintrust

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-fibers-l1-1-0

gdi32

ole32

user32

comctl32

uxtheme

gdiplus

rpcrt4

ext-ms-win-shell-shell32-l1-2-0

api-ms-win-core-com-l1-1-1

d2d1

d3d11

api-ms-win-core-url-l1-1-0

api-ms-win-core-shutdown-l1-1-1

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-registry-l1-1-1

crypt32

dcomp

sas

api-ms-win-core-apiquery-l1-1-0

ext-ms-win-kernel32-windowserrorreporting-l1-1-1

Sections

.text Size: 599KB - Virtual size: 599KB

.rdata Size: 263KB - Virtual size: 262KB

.data Size: 7KB - Virtual size: 14KB

.pdata Size: 26KB - Virtual size: 25KB

.text
Size: 599KB - Virtual size: 599KB

.rdata
Size: 263KB - Virtual size: 262KB

.data
Size: 7KB - Virtual size: 14KB

.pdata
Size: 26KB - Virtual size: 25KB

.rsrc
Size: 46KB - Virtual size: 46KB

.reloc
Size: 11KB - Virtual size: 11KB