win32-Quickq1[.]5[.]6[.]exe[.]v | Triage

Sharing

General

Target

win32-Quickq1.5.6.exe.v
Size

115.6MB
MD5

2fa7d6bc7f4104ef801e07c55e1366c2
SHA1

3b8444be310dafe100072e5cec8530f92c70f941
SHA256

6710f6c71ba74736003dcfd8fd0fc64e918cfa6fc923bd6fbf8bcecebfb4826f
SHA512

7bf5d58a9d707d8a1ef74a74436ecdae58a654ff94e5006ab2fb98c3bed20088ad09dbcd8ba4a1e4ca92b7c8036cbeb3dfa3ba06290b65da7f4ccc9ecfb7c52d
SSDEEP

3145728:eQwQQ81Cvx8qC2G3fwe8O2YxkkCa+w0SPh5BU70yfJS:LxQ2CvyPpnxKJwdJ1yf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
win32-Quickq1.5.6.exe.v

NSIS installer 1 IoCs

resource	yara_rule
sample	nsis_installer_2

Files

win32-Quickq1.5.6.exe.v
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrator\source\repos\科学院计算器\科学院计算器\obj\Release\科学院计算器.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 115.6MB - Virtual size: 115.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ