qz1.exe
First submission 2024-10-18 07:22:08
File details
File type: | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows |
Mime type: | application/x-dosexec |
File size: | 19.0 KB (19456 bytes) |
Compile time: | 1970-01-01 01:00:00 |
MD5: | d4aa29575d62a2b48767b576f43e071b |
SHA1: | 9a695aca1b4761069d54ffbbd5eca05cfe8003c9 |
SHA256: | 6796f19e369889be95d6f784536447faffd0e45967627d78077ce702741ed312 |
Import Hash : | 147442e63270e287ed57d33257638324 |
Sections 9 | .text .data .rdata .pdata .xdata .bss .idata .CRT .tls |
Directories 2 | import tls |
File features detected
Anti VM
Signed
XOR
OSINT Enrichments
Virus Total: | 57/77 VT report date: 2024-10-17 18:21:34 |
Malware Type 1 | trojan |
Threat Type 3 | cobaltstrike dump marte |
URLs, FQDN and IP indicators 1
PE Sections 2 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x1000 | 0x20a8 | 8704 | 7990c3d0eb3d6829d9b7d23c3b69ee26d8d79a79 | 3040ba596609d0f7ba50ac030468b13e | |
.data | 0x4000 | 0x4f0 | 1536 | a9ed2802d5116a4da2ba0e38ca2cacbc0bad45ca | 719375b0e939b8d1e1ab4fd62e8d8d95 | |
.rdata | 0x5000 | 0x910 | 2560 | e28c7eadd25f9477b55c9265a1da7674029250b0 | b02c91451e7abad85f4a5bbe48fd6333 | |
.pdata | 0x6000 | 0x2b8 | 1024 | da5785b5a59be46929d82a70f8943e7fa0be0b66 | ad5ec754cf0e204a3a3c39436081f3bc | |
.xdata | 0x7000 | 0x238 | 1024 | 2714d9e2c3d1b1fd1575c12a5f1babce8e222944 | 6ce9e303fb86766d702ecb2b174cf348 | |
.bss | 0x8000 | 0x9d0 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
.idata | 0x9000 | 0x8d8 | 2560 | 361120770d755e2c333edd52e03ced1675caa623 | ec8dedb62953693cf02784f71f75d547 | |
.CRT | 0xa000 | 0x68 | 512 | 48e7f86626e0f41a8a0ee900c304c59e0f7d25f7 | 52d79e9aecf5d5c3145d3ec54aa197a8 | |
.tls | 0xb000 | 0x10 | 512 | 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 | bf619eac0cdf3f68d496ea9344137e8b |
Packers detected 1
Microsoft Visual C++ 8.0 (DLL) |
Anti debug functions 3
GetLastError |
TerminateProcess |
UnhandledExceptionFilter |
Strings analysis - File found
Library |
KERNEL32.dll |
MSVCRT.dll |
Import functions
Name | Latest seen | MD5 |
---|---|---|
gotomeeting.exe | 2024-05-16 10:19:04 | 877187ad95d25a0e3582331588ac8892 |
beacon.exe | 2024-05-25 14:10:04 | 927ee11071594552182a02d7b0b971fa |
abc.exe | 2024-06-01 11:06:03 | 0423137cc78e3e3d7af3ecb534847d1b |
h.exe | 2024-07-04 10:40:04 | b958d6940edc44e8d99a9e5c074acd5a |
Utility.exe | 2024-08-30 16:42:03 | 3cd08960d873ee9bbe2bc64e4a5460ef |
Journal.exe | 2024-09-22 15:09:01 | 59fc81032d61afec30ba06c776f7f3cd |
Charter.exe | 2024-09-22 15:26:01 | 03487ec0103b22c20bcc2f6864a705e7 |
Utility2.exe | 2024-09-22 16:01:02 | 4bd25a55bcb6aec078ab1d909cfabe64 |
service.exe | 2024-09-22 16:04:01 | 4b6b4048c597d60f54030b1d4fb3f376 |
Utility3.exe | 2024-09-22 16:08:02 | 0b86a1aad0c4a168bfffbe1da6cdd45e |
Monitor.exe | 2024-09-22 16:09:02 | 20cfd4b4f12dc4aae8971d7b95b870e2 |
update.exe | 2024-09-28 15:22:02 | dc66a0481a259a5c8820880822ff0b3a |
system.exe | 2024-10-06 04:17:03 | 24a4b0bab13585fcd3dbb00e8de9e78f |
Session-https.exe | 2024-10-13 01:42:02 | f05982b55c7a85b9e71a941fe2295848 |
a.exe | 2024-10-15 07:39:02 | a3eb49b7dce841199a2882b7d1c27a57 |