analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

dq.exe

Full analysis: https://app.any.run/tasks/9600c9de-df1c-4ba2-9fbb-5b8768f6713a
Verdict: Malicious activity
Analysis date: August 12, 2022, 22:22:08
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/x-dosexec
File info: PE32 executable (console) Intel 80386, for MS Windows
MD5:

C1105BC7DAA8AF838CF36E3E6630CEE4

SHA1:

D2113BB3E7206BBD0940576264F6D3CA5E4CA982

SHA256:

AAE934E4181CD8204C71104E8B3D43B5C0E46098F13B92740C34CCE105F3A89D

SSDEEP:

24576:91RpNZuUq/S5hFfeGirD8kOJSGrLhZKP/ltm3V3:hpWUQBnEUGrL7KP/lA3V3

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Modifies files in Chrome extension folder

      • dq.exe (PID: 3432)
  • SUSPICIOUS

    • Checks supported languages

      • dq.exe (PID: 3432)
  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

Subsystem: Windows command line
SubsystemVersion: 6
ImageVersion: -
OSVersion: 6
EntryPoint: 0x9661a
UninitializedDataSize: -
InitializedDataSize: 380416
CodeSize: 723968
LinkerVersion: 14.29
PEType: PE32
TimeStamp: 2022:08:13 00:22:01+02:00
MachineType: Intel 386 or later, and compatibles

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date: 12-Aug-2022 22:22:01
Detected languages:
  • English - United States

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x00000108

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 5
Time date stamp: 12-Aug-2022 22:22:01
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
0x00001000
0x000B0A84
0x000B0C00
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.61505
.rdata
0x000B2000
0x0004AD62
0x0004AE00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
6.20277
.data
0x000FD000
0x00007E34
0x00005200
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
4.88404
.rsrc
0x00105000
0x000001E0
0x00000200
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
4.7123
.reloc
0x00106000
0x00009C4C
0x00009E00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
6.58482

Resources

Title
Entropy
Size
Codepage
Language
Type
1
4.91161
381
UNKNOWN
English - United States
RT_MANIFEST

Imports

ADVAPI32.dll
CRYPT32.dll
KERNEL32.dll
USER32.dll
WS2_32.dll
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start dq.exe

Process information

PID
CMD
Path
Indicators
Parent process
3432"C:\Users\admin\Desktop\dq.exe" C:\Users\admin\Desktop\dq.exe
Explorer.EXE
User:
admin
Integrity Level:
MEDIUM
Total events
302
Read events
302
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
121
Text files
1
Unknown types
5

Dropped files

PID
Process
Filename
Type
3432dq.exeC:\Users\admin\AppData\Local\Adobe\A0A2C719-B8B1-4DC7-B33B-C50E709F20B0\status_icon_check_200.png.protectedbinary
MD5:687A41F464D36D4FE72C48C6121E1A28
SHA256:55BF58DC8BAEA959E2EE2C5EACF7D5A416933CAF8518E4E966777A31444FA2ED
3432dq.exeC:\Users\admin\Downloads\wirelessg.jpg.protectedbinary
MD5:65BD53E166AC89729DB3574F7AAD9C0E
SHA256:CA910977C1C4926AF71F0572A1E779AC38D8B44016E6E8E75B403CA609EB3A9B
3432dq.exeC:\Users\admin\AppData\Local\Adobe\A0A2C719-B8B1-4DC7-B33B-C50E709F20B0\status_icon_check_100.png.protectedbinary
MD5:4522FE04FABF10BA25929D153F58F96E
SHA256:9B55068002923403365AF7350559889011290467E1391E73943F5801C6B41805
3432dq.exeC:\Users\admin\Favorites\MSN Websites\MSN Money.url.protectedbinary
MD5:9B16BE541BF45025BA6D9DA75107A64F
SHA256:027C2E2DA20B2D866A88399691FDE2AA77C01B18EE6AA39CD48D83F924ED0E0E
3432dq.exeC:\Users\admin\Favorites\MSN Websites\MSN.url.protectedbinary
MD5:40D57573E4A2EEAF4D477CE327AC3958
SHA256:3A97FC673E408F72E59C878B52BCFE467972E22CEABC5C884314219E6EC3C2CF
3432dq.exeC:\Users\admin\Pictures\insidetimes.jpg.protectedbinary
MD5:3F689DA765F3B8006B71C9FAFD1E456B
SHA256:2502C79B16C59C63AB57005D9C3541560F4BBDB35F4A4C59BB8915DA6BF7660F
3432dq.exeC:\Users\admin\AppData\Local\Adobe\A0A2C719-B8B1-4DC7-B33B-C50E709F20B0\status_icon_caution_150.png.protectedbinary
MD5:25528A76E08F2085A5FDAF92DEBC92D8
SHA256:CBE5C3BC1AAF7F2C42B659A42EE45660C2834FE91D704C0EBD5A7AAD96DAC008
3432dq.exeC:\Users\admin\Favorites\Links\Suggested Sites.url.protectedbinary
MD5:E5002751D945A3668DBDFA8A8EBFD53D
SHA256:B5754F90F46135E45B2AE5321A81942E2C0B6C84F81F65F162B9EADDA643E9DF
3432dq.exeC:\Users\admin\AppData\Local\Adobe\A0A2C719-B8B1-4DC7-B33B-C50E709F20B0\yellow_button_100.png.protectedbinary
MD5:E000BE07478CCC19EA03CDAB2F76CF40
SHA256:C7BB3C2E4432E44080251228DEACE4CA143124AB85CE755A779F186892B6864F
3432dq.exeC:\Users\admin\Favorites\MSN Websites\MSN Autos.url.protectedbinary
MD5:BEDA71D0BD12EEAB01250A48F7D190FE
SHA256:26DEDCFD0D09D121254C1EADF148F47A4C17BE969B1BE7584749D9E70D063E5C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info