quasar | Client-built[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Client-built.exe
Size

175KB
MD5

e38eb9b45ede385c53cc721dbc61e7df
SHA1

60be9ce63f207c6f29db52211b3ca7f9103f24ab
SHA256

5d0a8532de5c3ed6a740ae399ad2a1419acac588d836354eea893294213a7ab9
SHA512

b57e1b1e5eaf54f1dd01d9e20a72eb4d98a823b268034e0d39be30f4a417f18495dd03f539e1652387a0e83dbf6069db960b23d3920107eeeb5664685ad7442e
SSDEEP

3072:pPynXIa08VX2XqHKyVg/6dhjfPcYbdrUFsnCHbcl/pwDUDWlCjyC/Q:2+qHKyVtdhjfEYb+sOIDWlSyCo

Score

10^/10

quasar

Malware Config

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Client-built.exe

Files

Client-built.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ