File name: | dq.exe |
Full analysis: | https://app.any.run/tasks/e5dfb6be-2e6a-49a3-b288-e1a46508370b |
Verdict: | Malicious activity |
Analysis date: | August 12, 2022, 17:59:58 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
MIME: | application/x-dosexec |
File info: | PE32 executable (console) Intel 80386, for MS Windows |
MD5: | 22219922E56B02CCABB4A61943539EEA |
SHA1: | 540022FF7A12887C90CA7FFF5E1CC5E7EF113115 |
SHA256: | E34A92806CCA8C7E83E5E62AA56900E6FBB8D86EC82677BE975DD0319D8BC77C |
SSDEEP: | 24576:+y/S9SHC8BKB17BRAsG+1t8DGBhjKP/N6kfV3:HSezY/qGB1KP/N6kfV3 |
.exe | | | Win64 Executable (generic) (64.6) |
---|---|---|
.dll | | | Win32 Dynamic Link Library (generic) (15.4) |
.exe | | | Win32 Executable (generic) (10.5) |
.exe | | | Generic Win/DOS Executable (4.6) |
.exe | | | DOS Executable Generic (4.6) |
Subsystem: | Windows command line |
---|---|
SubsystemVersion: | 6 |
ImageVersion: | - |
OSVersion: | 6 |
EntryPoint: | 0x9664a |
UninitializedDataSize: | - |
InitializedDataSize: | 380416 |
CodeSize: | 723968 |
LinkerVersion: | 14.29 |
PEType: | PE32 |
TimeStamp: | 2022:08:12 19:59:44+02:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_CUI |
Compilation Date: | 12-Aug-2022 17:59:44 |
Detected languages: |
|
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000110 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 5 |
Time date stamp: | 12-Aug-2022 17:59:44 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x000B0AB4 | 0x000B0C00 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.61488 |
.rdata | 0x000B2000 | 0x0004AD62 | 0x0004AE00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.20287 |
.data | 0x000FD000 | 0x00007E34 | 0x00005200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.88659 |
.rsrc | 0x00105000 | 0x000001E0 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.7123 |
.reloc | 0x00106000 | 0x00009C54 | 0x00009E00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.58871 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 4.91161 | 381 | UNKNOWN | English - United States | RT_MANIFEST |
ADVAPI32.dll |
CRYPT32.dll |
KERNEL32.dll |
USER32.dll |
WS2_32.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
676 | "C:\Users\admin\Desktop\dq.exe" | C:\Users\admin\Desktop\dq.exe | — | Explorer.EXE |
User: admin Integrity Level: MEDIUM |
PID | Process | Filename | Type | |
---|---|---|---|---|
676 | dq.exe | C:\Users\admin\Links\desktop.ini.protected | binary | |
MD5:4759D8C2E876F8D79D34AF7AE49CBA8A | SHA256:2F01613503401691C4726EB7D36451A802E356332B5E4BFA1CA28F31FB704CE5 | |||
676 | dq.exe | C:\Users\admin\Favorites\desktop.ini.protected | binary | |
MD5:AD8708732C7343451734811B90DBA688 | SHA256:340631370F77DE3737F8A44CF91AEEDD387D1DAB402012F532F5AF42C4D4296B | |||
676 | dq.exe | C:\Users\admin\Music\desktop.ini.protected | binary | |
MD5:C1562A1DA567298762FD9E7A74241710 | SHA256:C97EEC610B0C34423CB2CD34C43E02DDCE2D7E71E1881981FD8A2D84B29596A3 | |||
676 | dq.exe | C:\Users\admin\AppData\Local\Adobe\A0A2C719-B8B1-4DC7-B33B-C50E709F20B0\96458326-0F6E-4F95-88EE-ED9F0B2D5401.protected | binary | |
MD5:37EEFDB34F301E4B816ACC767711FE2A | SHA256:7303321F8A66A1233D3001092F63B5F2FFADA0A1B93482DD880EB2D582FBF930 | |||
676 | dq.exe | C:\Users\admin\Downloads\giveregistered.png.protected | binary | |
MD5:16A9671BE81F83B85539C0EA5D895102 | SHA256:98D7F1469A071B6B6E76581902DDE28885F4DA1817C1CDBCB00964B86CB7C5FC | |||
676 | dq.exe | C:\Users\admin\Videos\desktop.ini.protected | binary | |
MD5:6561329D78BC33F8F63CD3301E2300B9 | SHA256:8D826FC0AD177C74E22329F532AC43BF3DD141B70EC193E20F5D37E900B90916 | |||
676 | dq.exe | C:\Users\admin\Desktop\chairmature.png.protected | binary | |
MD5:3B4E867F9205204C5854B3F10313AF4E | SHA256:B99F8EB8211AED701585E3D91E17D410F0413A75CD42E9A27DB37C1C1AD98882 | |||
676 | dq.exe | C:\Users\admin\Contacts\admin.contact.protected | binary | |
MD5:C8BD21D9A15EACE32189AE64103ACF5B | SHA256:FC273682F0E83F503B11F1B881EC669903AF78074F4D96554892599FBAC886F5 | |||
676 | dq.exe | C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp.protected | binary | |
MD5:CAA500321AEC2AB81AD7073F219B35FF | SHA256:8B7FCED261B29E9E4E1FAE35D6BEC030487B767B16B529F9837DA4CAD807075E | |||
676 | dq.exe | C:\Users\admin\Desktop\casinoebay.png.protected | binary | |
MD5:23FE05CFE4ECD7DBDF411431EADFBD0E | SHA256:9580737950402D06307A2ACE77B44D503DEBDD32A593C66959EA0A4B2C5CC658 |