85fa6e8877b567b03e9a3fa65013c4fc

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2020-Jun-14 12:32:45
Detected languages English - United States
CompanyName Quicksnooker
FileDescription QuickSnooker launcher
LegalCopyright Copyright 2019
ProductName QuickSnooker launcher
FileVersion 1.00.0037
ProductVersion 1.00.0037
InternalName qsLaunch6
OriginalFilename qsLaunch6.exe

Plugin Output

Info Matching compiler(s): Microsoft Visual Basic 5.0
Microsoft Visual Basic v5.0/v6.0
Microsoft Visual Basic v5.0 - v6.0
Microsoft Visual Basic v6.0
Info Interesting strings found in the binary: Contains domain names:
  • http://www.quicksnooker.com
  • http://www.quicksnooker.com/download/
  • http://www.quicksnooker.com/download/location.txt
  • paint.net
  • quicksnooker.com
  • www.quicksnooker.com
Info The PE is digitally signed. Signer: QuickSnooker
Issuer: Sectigo RSA Code Signing CA
Malicious VirusTotal score: 5/68 (Scanned on 2021-08-13 11:35:40) Bkav: W32.AIDetect.malware2
FireEye: Generic.mg.85fa6e8877b567b0
Paloalto: generic.ml
Webroot: W32.Trojan.Gen
MaxSecure: Trojan.Malware.300983.susgen

Hashes

MD5 85fa6e8877b567b03e9a3fa65013c4fc
SHA1 e4d5f5580efc02aa78b638dc393f14b27afd8ac2
SHA256 ad347f922127935f02887236c658bfe6425493390a0528bf630c1d719ddb3bed
SHA3 45eb6e91ccb660570cc2f5d444482fd6f2e69d1a26f43334c06ce6f965120815
SSDeep 3072:RmSF+c+TxLLSsNZ8AJkIXELfWCEPKQbEIjPCS:RvF+FVSgZpJkIXIwHbhzr
Imports Hash 0f156d21395b6aa0ac3a0ef8fb040eea

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xb8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2020-Jun-14 12:32:45
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x1a000
SizeOfInitializedData 0x3000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000016E8 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x1b000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 1.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x1e000
SizeOfHeaders 0x1000
Checksum 0x1ff5c
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 0228eb7e7e014652475ff169123aad15
SHA1 869d535533d73df6bb0ca5b2b0398500eef47f12
SHA256 b01a4c01610c49c8f98271f0866228929bd4f2302fde8d9aa7bbc41b6061f25e
SHA3 b4d036423f97d3c06bd5cce6451edfc13e7f698b704fc1d775825693f44edcbb
VirtualSize 0x19f34
VirtualAddress 0x1000
SizeOfRawData 0x1a000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.67772

.data

MD5 620f0b67a91f7f74151bc5be745b7110
SHA1 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d
SHA256 ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7
SHA3 a99f9ed58079237f7f0275887f0c03a0c9d7d8de4443842297fceea67e423563
VirtualSize 0x1238
VirtualAddress 0x1b000
SizeOfRawData 0x1000
PointerToRawData 0x1b000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 ada65c027768881214e1cd07852a594d
SHA1 2948183c6267539bf1bac6d82728a2d520f361d2
SHA256 cd43a1131c6dfea0e655d16db6980c623fd0a154a292f14c2880384dd9c7aade
SHA3 d51093ebcacad29aa1a1bca7b29bf4694994603f8bc21483fd201cf03ad6d669
VirtualSize 0x9a0
VirtualAddress 0x1d000
SizeOfRawData 0x1000
PointerToRawData 0x1c000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.15081

Imports

MSVBVM60.DLL __vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaFreeVar
__vbaAryMove
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
#518
__vbaResume
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaOnError
__vbaObjSet
#595
_adj_fdiv_m16i
#303
_adj_fdivr_m16i
#598
#309
_CIsin
#709
#631
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
#529
__vbaPutOwner3
__vbaObjVar
DllFunctionCall
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
#600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
#605
_adj_fprem
_adj_fdivr_m64
#607
#608
#531
#716
__vbaFPException
__vbaInStrVar
__vbaVarCat
#645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaVar2Vec
#648
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
#576
_adj_fdivr_m32
_adj_fdiv_r
#685
#100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaLateMemCall
__vbaStrToAnsi
__vbaVarDup
#616
__vbaVarLateMemCallLd
__vbaFpI4
#617
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Delayed Imports

30001

Type RT_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x130
TimeDateStamp 2020-Jun-14 12:32:45
Entropy 2.57965
MD5 a20d09bee9b4207ad5a3b67a78c1dce3
SHA1 ca85fbf532389887f3837bbadd1c579040b99c8b
SHA256 2d3915cdc82e909357d44c4de1b8890bd753605c28df11b10299e3fd09d930b9
SHA3 e3b2b0325b24bb74af126af0863b39a6e63c08820f69cf0ae582a31bfc1052db

30002

Type RT_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x2e8
TimeDateStamp 2020-Jun-14 12:32:45
Entropy 1.76987
MD5 24799ca590d42134e7103b06d46fd960
SHA1 4af9a0fe3b7371abc50a18e851f3122fce9a2ffa
SHA256 a32e750bc1b0315530097434a7e1d324b843e1f5ffd95238b49d3a8aa8e6fe09
SHA3 9a17698629ef5e7a1c567a9669be74aa2c9d8356ecfba40c48811e4dcf5ea875

30003

Type RT_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x128
TimeDateStamp 2020-Jun-14 12:32:45
Entropy 2.07177
MD5 e6c5053ba1c848d7e16701a2d08fb8c6
SHA1 f253482c0fa25197130f6475f2ded060527843bf
SHA256 46dc088910439dad6a0d69da5e64227d04a640845fd1c31e90a7d4340c539fe0
SHA3 1e6c369197dd1a466ea87357db49ec559ecf82c0c3fa13af1a383445945861e6

1

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x30
TimeDateStamp 2020-Jun-14 12:32:45
Entropy 2.97836
Detected Filetype Icon file
MD5 835a20def9b2661b64b8ac06b4901f36
SHA1 70732dac88537f00c89d105f986ef843d3aca818
SHA256 cbdcb84268fcf2a25b844c1dca787de835c0376e82c1a2e62814a3c940a26cfb
SHA3 9a2de99425a7e2086c65d82719bf44696cfe58b8077ce214e814ceeeb78ba1f4

1 (#2)

Type RT_VERSION
Language English - United States
Codepage Unicode (UTF 16LE)
Size 0x2e0
TimeDateStamp 2020-Jun-14 12:32:45
Entropy 3.36278
MD5 66c0be3e6720ee66e802da4a4bdb18c3
SHA1 b1f112176ce87f9d33ac87e9d8f6c40a0addb4bb
SHA256 dc2d59ec4f735d056dce812ed595bb4dc2d8d03d73a534c75add6890c19f2589
SHA3 99bc5c296d75c1cc4657e3e5701c7b149813dcd93fec70d85fe589367f9a8775

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.37
ProductVersion 1.0.0.37
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Quicksnooker
FileDescription QuickSnooker launcher
LegalCopyright Copyright 2019
ProductName QuickSnooker launcher
FileVersion (#2) 1.00.0037
ProductVersion (#2) 1.00.0037
InternalName qsLaunch6
OriginalFilename qsLaunch6.exe
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x88cecc0b
Unmarked objects 0
14 (7299) 1
9 (8783) 3
13 (VS98 SP6 build 8804) 1

Errors

<-- -->