quickassist.exe
- File Path:
C:\Windows\system32\quickassist.exe - Description: Quick Assist
Screenshot
Hashes
| Type | Hash |
|---|---|
| MD5 | 7BCDCE45F31D451C840A09F76E444234 |
| SHA1 | 1A90C4C11AD8151D03020D3DA3F90CDA6D605E67 |
| SHA256 | AE58CEB26C7785FC56A582B351886DD2E02B0B473F49FE312AB7A2560A06F2E5 |
| SHA384 | 2EF3DD0CA670ED81DF90DE39AA79DF177BDE6389AE870B12670AB3791272DD568C7261024D4B00579A087E40D991D791 |
| SHA512 | E2292D44251DB02E6BF7DCE4C6AB61FC0E27AA12A66317953817283BBB4ED880B89FCFF6D34B9001ED51927C5E0E0DFF47EC0DFD3E8182E5B20781C0ACE07D8B |
| SSDEEP | 12288:B4fmOWyMAAk/dxtc+CQCYxpupjXvlYTBvse:B4fmOv/rnCYPupjflEvs |
| IMP | B3B37E90F4622CA003036530E8182BF8 |
| PESHA1 | 519995BE21622531A2B24FA8F15D6CC0D571D713 |
| PE256 | C8BC65B031497F99DC071485BF08CEE8B3124D5EDB05C7836EA3D221CCB051D8 |
Runtime Data
Window Title:
Quick Assist
Open Handles:
| Path | Type |
|---|---|
| (R-D) C:\Windows\apppatch\DirectXApps_FOD.sdb | File |
| (R-D) C:\Windows\System32\en-US\crypt32.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\ieframe.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\jscript9.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\mshtml.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\mswsock.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\quickassist.exe.mui | File |
| (R-D) C:\Windows\System32\en-US\urlmon.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\user32.dll.mui | File |
| (RW-) C:\Users\user | File |
| (RW-) C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2EF6BGRE\StrgMDL2.1.58[1].eot | File |
| (RW-) C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\55503AHR\MemMDL2.1.62[1].eot | File |
| (RW-) C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\P7EE9DF0\8B4JPXFD.htm | File |
| (RW-) C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\P7EE9DF0\DevCMDL2.1.62[1].eot | File |
| (RW-) C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\TEDMJC85\RemtMDL2[1].eot | File |
| (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e | File |
| (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.1320_none_91a11828cc8ae445 | File |
| (RWD) C:\Windows\Fonts | File |
| (RWD) C:\Windows\Fonts\segoeui.ttf | File |
| \BaseNamedObjects__ComCatalogCache__ | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 | Section |
| \BaseNamedObjects\F932B6C7-3A20-46A0-B8A0-8894AA421973 | Section |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 | Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 | Section |
| \BaseNamedObjects\windows_shell_global_counters | Section |
| \Sessions\1\BaseNamedObjects\284HWNDInterface:5d08ba | Section |
| \Sessions\1\BaseNamedObjects\284HWNDInterface:e0910 | Section |
| \Sessions\1\BaseNamedObjects\MSIMGSIZECacheMap | Section |
| \Sessions\1\BaseNamedObjects\UrlZonesSM_user | Section |
| \Sessions\1\BaseNamedObjects\windows_ie_global_counters | Section |
| \Sessions\1\BaseNamedObjects\windows_shell_global_counters | Section |
| \Sessions\1\BaseNamedObjects\windows_webcache_counters_{9B6AB5B3-91BC-4097-835C-EA2DEC95E9CC}_S-1-5-21-2047949552-857980807-821054962-504 | Section |
| \Sessions\1\Windows\Theme449731986 | Section |
| \Windows\Theme1396518710 | Section |
Loaded Modules:
| Path |
|---|
| C:\Windows\system32\ATL.DLL |
| C:\Windows\System32\combase.dll |
| C:\Windows\System32\KERNEL32.DLL |
| C:\Windows\System32\KERNELBASE.dll |
| C:\Windows\System32\msvcrt.dll |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\system32\quickassist.exe |
| C:\Windows\System32\RPCRT4.dll |
| C:\Windows\System32\ucrtbase.dll |
Signature
- Status: Signature verified.
- Serial:
33000002EC6579AD1E670890130000000002EC - Thumbprint:
F7C2F2C96A328C13CDA8CDB57B715BDEA2CBD1D9 - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: QuickAssist.exe.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.1 (WinBuild.160101.0800)
- Product Version: 10.0.19041.1
- Language: Language Neutral
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/73
- VirusTotal Link: https://www.virustotal.com/gui/file/ae58ceb26c7785fc56a582b351886dd2e02b0b473f49fe312ab7a2560a06f2e5/detection
Possible Misuse
The following table contains possible examples of quickassist.exe being misused. While quickassist.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| signature-base | apt_middle_east_talosreport.yar | $s1 = “QuickAssist.exe” fullword wide | CC BY-NC 4.0 |
| signature-base | apt_middle_east_talosreport.yar | $s4 = “name="QuickAssist" “ fullword ascii | CC BY-NC 4.0 |
MIT License. Copyright (c) 2020-2021 Strontic.