Dropped Files

Name 54b8bd60fc3eabf4_grcopy.dll
Download Submit file
Filepath C:\Windows\SysWOW64\grcopy.dll
Size 75.6KB
Processes 668 (505cb6e050387f3649a5edee7b96a69135ffafd51f0a805ae2d5c07b203cf5e2.exe)
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5 b1bda0e34fed25cf157b64840cd7a7de
SHA1 4191a8beafd46261e7f393957041d9ac8235f8c9
SHA256 54b8bd60fc3eabf4050f1ea0b0db89f58a06b7f00efcc72516d0742c25fb1108
CRC32 724787EB
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • anti_dbg - Checks if being debugged
  • network_udp_sock - Communications over UDP network
  • network_tcp_listen - Listen for incoming communication
  • network_smtp_raw - Communications smtp
  • network_dropper - File downloader/dropper
  • network_tcp_socket - Communications over RAW socket
  • network_dns - Communications use DNS
  • escalate_priv - Escalade priviledges
  • win_mutex - Create or check mutex
VirusTotal Search for analysis
Name 148a0a0924609c80_zipfi.dll
Download Submit file
Filepath C:\Windows\SysWOW64\zipfi.dll
Size 75.7KB
Processes 1560 (smnss.exe)
Type Zip archive data, at least v1.0 to extract, compression method=store
MD5 5eaefbf3c61d399c5e536acb78d737a2
SHA1 06241697966a04cf65e295e30b9aac6b42b1c8dc
SHA256 148a0a0924609c80cc6d42e3622e08ed162289212691d7cc51faf4898dbfa4b9
CRC32 6BBCAE3D
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • anti_dbg - Checks if being debugged
  • network_udp_sock - Communications over UDP network
  • network_tcp_listen - Listen for incoming communication
  • network_smtp_raw - Communications smtp
  • network_dropper - File downloader/dropper
  • network_tcp_socket - Communications over RAW socket
  • network_dns - Communications use DNS
  • escalate_priv - Escalade priviledges
  • win_mutex - Create or check mutex
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.