win32-quickqs[.]exe[.]v | Triage

Sharing

Copy URL Twitter E-mail

General

Target

win32-quickqs.exe.v
Size

120.1MB
MD5

120b7e5646f5b10d981c8da913181c9c
SHA1

dd9711699c41d4578b8fb0bf87a65882664ef5cb
SHA256

d71b15d742ced2141f58dad81cddbe7e4d6d9d2201f10e25bb9e943c4163140a
SHA512

4a758f90f46d71633ef6a9ebf35a584d635311eea48cd02358f7664ffe7bad94e8450b41c7fae32b36c14000d8491356dbbaee9212b7318d960a64c42ddb8068
SSDEEP

3145728:RV8qC2G3fwe8O2YxkkCa+w0SPh5BU70yfJS5QwQQ81Cv:8PpnxKJwdJ1yf9xQ2Cv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
win32-quickqs.exe.v

NSIS installer 1 IoCs

resource	yara_rule
sample	nsis_installer_2

Files

win32-quickqs.exe.v
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrator\source\repos\SONBW\SONBW\obj\Release\SONBW.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 120.1MB - Virtual size: 120.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ