File name: | dq.exe |
Full analysis: | https://app.any.run/tasks/9600c9de-df1c-4ba2-9fbb-5b8768f6713a |
Verdict: | Malicious activity |
Analysis date: | August 12, 2022, 22:22:08 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
MIME: | application/x-dosexec |
File info: | PE32 executable (console) Intel 80386, for MS Windows |
MD5: | C1105BC7DAA8AF838CF36E3E6630CEE4 |
SHA1: | D2113BB3E7206BBD0940576264F6D3CA5E4CA982 |
SHA256: | AAE934E4181CD8204C71104E8B3D43B5C0E46098F13B92740C34CCE105F3A89D |
SSDEEP: | 24576:91RpNZuUq/S5hFfeGirD8kOJSGrLhZKP/ltm3V3:hpWUQBnEUGrL7KP/lA3V3 |
.exe | | | Win64 Executable (generic) (64.6) |
---|---|---|
.dll | | | Win32 Dynamic Link Library (generic) (15.4) |
.exe | | | Win32 Executable (generic) (10.5) |
.exe | | | Generic Win/DOS Executable (4.6) |
.exe | | | DOS Executable Generic (4.6) |
Subsystem: | Windows command line |
---|---|
SubsystemVersion: | 6 |
ImageVersion: | - |
OSVersion: | 6 |
EntryPoint: | 0x9661a |
UninitializedDataSize: | - |
InitializedDataSize: | 380416 |
CodeSize: | 723968 |
LinkerVersion: | 14.29 |
PEType: | PE32 |
TimeStamp: | 2022:08:13 00:22:01+02:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_CUI |
Compilation Date: | 12-Aug-2022 22:22:01 |
Detected languages: |
|
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000108 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 5 |
Time date stamp: | 12-Aug-2022 22:22:01 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x000B0A84 | 0x000B0C00 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.61505 |
.rdata | 0x000B2000 | 0x0004AD62 | 0x0004AE00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.20277 |
.data | 0x000FD000 | 0x00007E34 | 0x00005200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.88404 |
.rsrc | 0x00105000 | 0x000001E0 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.7123 |
.reloc | 0x00106000 | 0x00009C4C | 0x00009E00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.58482 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 4.91161 | 381 | UNKNOWN | English - United States | RT_MANIFEST |
ADVAPI32.dll |
CRYPT32.dll |
KERNEL32.dll |
USER32.dll |
WS2_32.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3432 | "C:\Users\admin\Desktop\dq.exe" | C:\Users\admin\Desktop\dq.exe | Explorer.EXE | |
User: admin Integrity Level: MEDIUM |
PID | Process | Filename | Type | |
---|---|---|---|---|
3432 | dq.exe | C:\Users\admin\AppData\Local\Adobe\A0A2C719-B8B1-4DC7-B33B-C50E709F20B0\status_icon_check_200.png.protected | binary | |
MD5:687A41F464D36D4FE72C48C6121E1A28 | SHA256:55BF58DC8BAEA959E2EE2C5EACF7D5A416933CAF8518E4E966777A31444FA2ED | |||
3432 | dq.exe | C:\Users\admin\Downloads\wirelessg.jpg.protected | binary | |
MD5:65BD53E166AC89729DB3574F7AAD9C0E | SHA256:CA910977C1C4926AF71F0572A1E779AC38D8B44016E6E8E75B403CA609EB3A9B | |||
3432 | dq.exe | C:\Users\admin\AppData\Local\Adobe\A0A2C719-B8B1-4DC7-B33B-C50E709F20B0\status_icon_check_100.png.protected | binary | |
MD5:4522FE04FABF10BA25929D153F58F96E | SHA256:9B55068002923403365AF7350559889011290467E1391E73943F5801C6B41805 | |||
3432 | dq.exe | C:\Users\admin\Favorites\MSN Websites\MSN Money.url.protected | binary | |
MD5:9B16BE541BF45025BA6D9DA75107A64F | SHA256:027C2E2DA20B2D866A88399691FDE2AA77C01B18EE6AA39CD48D83F924ED0E0E | |||
3432 | dq.exe | C:\Users\admin\Favorites\MSN Websites\MSN.url.protected | binary | |
MD5:40D57573E4A2EEAF4D477CE327AC3958 | SHA256:3A97FC673E408F72E59C878B52BCFE467972E22CEABC5C884314219E6EC3C2CF | |||
3432 | dq.exe | C:\Users\admin\Pictures\insidetimes.jpg.protected | binary | |
MD5:3F689DA765F3B8006B71C9FAFD1E456B | SHA256:2502C79B16C59C63AB57005D9C3541560F4BBDB35F4A4C59BB8915DA6BF7660F | |||
3432 | dq.exe | C:\Users\admin\AppData\Local\Adobe\A0A2C719-B8B1-4DC7-B33B-C50E709F20B0\status_icon_caution_150.png.protected | binary | |
MD5:25528A76E08F2085A5FDAF92DEBC92D8 | SHA256:CBE5C3BC1AAF7F2C42B659A42EE45660C2834FE91D704C0EBD5A7AAD96DAC008 | |||
3432 | dq.exe | C:\Users\admin\Favorites\Links\Suggested Sites.url.protected | binary | |
MD5:E5002751D945A3668DBDFA8A8EBFD53D | SHA256:B5754F90F46135E45B2AE5321A81942E2C0B6C84F81F65F162B9EADDA643E9DF | |||
3432 | dq.exe | C:\Users\admin\AppData\Local\Adobe\A0A2C719-B8B1-4DC7-B33B-C50E709F20B0\yellow_button_100.png.protected | binary | |
MD5:E000BE07478CCC19EA03CDAB2F76CF40 | SHA256:C7BB3C2E4432E44080251228DEACE4CA143124AB85CE755A779F186892B6864F | |||
3432 | dq.exe | C:\Users\admin\Favorites\MSN Websites\MSN Autos.url.protected | binary | |
MD5:BEDA71D0BD12EEAB01250A48F7D190FE | SHA256:26DEDCFD0D09D121254C1EADF148F47A4C17BE969B1BE7584749D9E70D063E5C |