quasar | 49416c6ff8ab8acdb58cc76313b37e40N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49416c6ff8ab8acdb58cc76313b37e40N.exe
Size

7.3MB
MD5

49416c6ff8ab8acdb58cc76313b37e40
SHA1

6ef696eebbe4044a1042ecf05da6165b866f7c7f
SHA256

e8495cf162901ea41b563416d6bae7314fc326153909fc4dc2fbf3789bb4ddce
SHA512

bce5705d168ae73910503d588b282ab9f4a133e06df9ba0abfff26d570e5eca12c333d9918adc35f4ff3320eeebf8508807ecf8b686058bab6fab8301641cb33
SSDEEP

98304:YvA22SsaNYfdPBldt6+dBcjHzwRJ6q3uJn/ML1u+GgQMn4c7/u4k4m97os4s4kB2:G17jKf3cML1u+GgV77/kZoWt7SovTTGj

Score

10^/10

quasar

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
3000

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49416c6ff8ab8acdb58cc76313b37e40N.exe

Files

49416c6ff8ab8acdb58cc76313b37e40N.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\1134\My Documents\Visual Studio 2008\Projects\72389 binder stub\72389 binder stub\obj\Debug\72389 binder stub.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ