Gridinsoft Logo

QAssist.sys Rootkit Gen Analysis

Updated 1 day ago
Checked by Malware Check
QAssist.sys

Technical Analysis

File Name QAssist.sys
File Type
PE32+ executable (native) x86-64, for MS Windows
Scanner Version 1.0.220.174
Database Version 2025-07-16 10:00:24 UTC
⚠

Rootkit.Win64.Gen.dd!c

Malware family: Gen

This is a generic detection identifier for files exhibiting Trojan horse characteristics. It indicates malware that disguises itself as legitimate software while containing malicious code designed to compromise system security or steal information.
N/A
Detection Rate
77,896
File Size (bytes)
2025-07-16
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
4e34c068e764ad0ff0cb58bc4f143197
SHA1
1a392a469fc8c65d80055c1a7aaee27bf5ebe7c4
SHA256
6cce28b275d5ec20992bb13790976caf434ab46ddbfd5cfd431d33424943122b
SHA512
dcea6d76452b1ac9e3c1fed7463fe873b4dd4603ec67a4e204c27ba2c1ea79415508c3044223626f0ae499a9b7a3d6fb283f0978b5e20a58e959c9440376e98b
ImpHash
c87552e11a3332ee555e899523d456cb

PE Analysis

Basic Information

β–Ό
Image Base 0x140000000
Entry Point 0x140014000
Compilation Time 2019-01-21 09:54:44
Checksum 0x00021a97 (Actual: 0x00021a97)
OS Version 6.3
PEiD Signatures PE32+ executable (native) x86-64, for MS Windows
PDB Path F:\hidden-master\x64\Debug\QAssist.pdb
Digital Signature Chain verification from CN=δΈŠζ΅·εŸŸθ”θ½―δ»ΆζŠ€ζœ―ζœ‰ι™ε…¬εΈ, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=δΈŠζ΅·εŸŸθ”θ½―δ»ΆζŠ€ζœ―ζœ‰ι™ε…¬εΈ, L=Shanghai, ST=Shanghai, C=CN (serial:126900153444839291149629157194106580695, sha1:31e5380e1e0e1dd841f0c1741b38556b252e6231) failed: The path could not be validated because intermediate certificate 1 expired 2020-02-07 23:59:59Z
Imports 2 libraries
FLTMGR, ntoskrnl
Exports 0 functions
Resources 0 Resources
Sections 6 Sections

PE Sections

β–Ό
Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 62,357 bytes 62,464 bytes 6.02 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 2DD4534BF273C23DC641AB0D3B3E192C
.rdata 0x00011000 3,244 bytes 3,584 bytes 5.04 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ 9CE98747A7235AC6CB11B421CDA0212F
.data 0x00012000 1,072 bytes 512 bytes 0.28 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE EE8E428290EC42160C5E2A30F80215A5
.pdata 0x00013000 1,752 bytes 2,048 bytes 4.18 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ B4E35B97C2B7959598FE16D710E1015F
INIT 0x00014000 2,240 bytes 2,560 bytes 4.89 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 45D53E02738460C444E82CDEC927F800
.reloc 0x00015000 28 bytes 512 bytes 0.38 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 9AA7E25CA6497535B4F6DF324DA32496

Certificate Chain Analysis

β–Ό
No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

Chain verification from CN=δΈŠζ΅·εŸŸθ”θ½―δ»ΆζŠ€ζœ―ζœ‰ι™ε…¬εΈ, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=δΈŠζ΅·εŸŸθ”θ½―δ»ΆζŠ€ζœ―ζœ‰ι™ε…¬εΈ, L=Shanghai, ST=Shanghai, C=CN (serial:126900153444839291149629157194106580695, sha1:31e5380e1e0e1dd841f0c1741b38556b252e6231) failed: The path could not be validated because intermediate certificate 1 expired 2020-02-07 23:59:59Z

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Rootkit.Win64.Gen.dd!c Removal

Gridinsoft has the capability to identify and eliminate Rootkit.Win64.Gen.dd!c without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware