quickassist.exe
- File Path:
C:\Windows\system32\quickassist.exe - Description: Quick Assist
Screenshot
Hashes
| Type | Hash |
|---|---|
| MD5 | 39AB5ED601B0C39DCE3B7D269847C944 |
| SHA1 | B13914A7207F2ED60F229FD2FDECDA9AD3F2EC78 |
| SHA256 | F3FF9DB4C29E460735FFA8E9B0882A27BA5AC67351CD2ADEA759E496D8BA918A |
| SHA384 | 3E0B54D31F45FA314BFC25823B72358D98AB5190B1B8383569EA90F66AD850BA911DBC540A8D851050C173437A42069B |
| SHA512 | C95644E0C5255E36FFF2A67641DBD2235EFE2268ACC8F3BC6DFBE81A7A4FFC90FD99D2003C27D809FA0516CDE63D68F2DD2EC94DEB52870E82660D768F9A3DE0 |
| SSDEEP | 12288:CKyWgF3B0YvjxtdsTR8ZgOoqR+GizpAG:CKyWgfjxjsKZCq4/ |
| IMP | E2E46D7CC60155253B0BA0DAE9B6394F |
| PESHA1 | F2704BD4B3DFE13CDA77DD38AB9D31FBBF529EE9 |
| PE256 | F7BF2D20A7D836D5EA9140A0DAB0AA3AE1AF468A06E8F49DF67C1B22A1D56D56 |
Runtime Data
Window Title:
Quick Assist
Open Handles:
| Path | Type |
|---|---|
| (R-D) C:\Windows\apppatch\DirectXApps_FOD.sdb | File |
| (R-D) C:\Windows\System32\en-US\crypt32.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\ieframe.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\jscript9.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\mshtml.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\mswsock.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\quickassist.exe.mui | File |
| (R-D) C:\Windows\System32\en-US\urlmon.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\user32.dll.mui | File |
| (RW-) C:\Users\user | File |
| (RW-) C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3X3M6V65\DevCMDL2.1.62[1].eot | File |
| (RW-) C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3X3M6V65\RDT5YZRU.htm | File |
| (RW-) C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AU189C9G\StrgMDL2.1.58[1].eot | File |
| (RW-) C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\EFGLGQ51\RemtMDL2[1].eot | File |
| (RW-) C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\X4THQAJB\MemMDL2.1.62[1].eot | File |
| (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21 | File |
| (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.685_none_faeca4db76168538 | File |
| (RWD) C:\Windows\Fonts | File |
| (RWD) C:\Windows\Fonts\segoeui.ttf | File |
| \BaseNamedObjects__ComCatalogCache__ | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 | Section |
| \BaseNamedObjects\F932B6C7-3A20-46A0-B8A0-8894AA421973 | Section |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 | Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 | Section |
| \BaseNamedObjects\windows_shell_global_counters | Section |
| \Sessions\1\BaseNamedObjects\1e60HWNDInterface:1b0636 | Section |
| \Sessions\1\BaseNamedObjects\1e60HWNDInterface:2c0460 | Section |
| \Sessions\1\BaseNamedObjects\MSIMGSIZECacheMap | Section |
| \Sessions\1\BaseNamedObjects\UrlZonesSM_user | Section |
| \Sessions\1\BaseNamedObjects\windows_ie_global_counters | Section |
| \Sessions\1\BaseNamedObjects\windows_shell_global_counters | Section |
| \Sessions\1\BaseNamedObjects\windows_webcache_counters_{9B6AB5B3-91BC-4097-835C-EA2DEC95E9CC}_S-1-5-21-2047949552-857980807-821054962-504 | Section |
| \Sessions\1\Windows\Theme1175649999 | Section |
| \Windows\Theme601709542 | Section |
Loaded Modules:
| Path |
|---|
| C:\Windows\System32\advapi32.dll |
| C:\Windows\system32\ATL.DLL |
| C:\Windows\System32\combase.dll |
| C:\Windows\System32\GDI32.dll |
| C:\Windows\System32\gdi32full.dll |
| C:\Windows\System32\KERNEL32.DLL |
| C:\Windows\System32\KERNELBASE.dll |
| C:\Windows\System32\msvcp_win.dll |
| C:\Windows\System32\msvcrt.dll |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\OLEAUT32.dll |
| C:\Windows\system32\quickassist.exe |
| C:\Windows\System32\RPCRT4.dll |
| C:\Windows\System32\sechost.dll |
| C:\Windows\System32\shcore.dll |
| C:\Windows\System32\ucrtbase.dll |
| C:\Windows\System32\USER32.dll |
| C:\Windows\system32\UxTheme.dll |
| C:\Windows\System32\win32u.dll |
Signature
- Status: Signature verified.
- Serial:
330000023241FB59996DCC4DFF000000000232 - Thumbprint:
FF82BC38E1DA5E596DF374C53E3617F7EDA36B06 - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: QuickAssist.exe.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.1 (WinBuild.160101.0800)
- Product Version: 10.0.19041.1
- Language: Language Neutral
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/75
- VirusTotal Link: https://www.virustotal.com/gui/file/f3ff9db4c29e460735ffa8e9b0882a27ba5ac67351cd2adea759e496d8ba918a/detection
Possible Misuse
The following table contains possible examples of quickassist.exe being misused. While quickassist.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| signature-base | apt_middle_east_talosreport.yar | $s1 = “QuickAssist.exe” fullword wide | CC BY-NC 4.0 |
| signature-base | apt_middle_east_talosreport.yar | $s4 = “name="QuickAssist" “ fullword ascii | CC BY-NC 4.0 |
MIT License. Copyright (c) 2020-2021 Strontic.