Dropped Files

Name 16ab28b7473143f3_grcopy.dll
Download Submit file
Filepath C:\Windows\SysWOW64\grcopy.dll
Size 75.6KB
Processes 2104 (54b8bd60fc3eabf4_grcopy.dll)
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5 75e3c5c6fd0a1a05e40fa35ca7eb5eb0
SHA1 2cc72904b4d3c710c1be874b3457b1d06dce11a3
SHA256 16ab28b7473143f3e083c226c41e84fca06e28d38f8a715e469830c95a1a7597
CRC32 3DC087AB
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • anti_dbg - Checks if being debugged
  • network_udp_sock - Communications over UDP network
  • network_tcp_listen - Listen for incoming communication
  • network_smtp_raw - Communications smtp
  • network_dropper - File downloader/dropper
  • network_tcp_socket - Communications over RAW socket
  • network_dns - Communications use DNS
  • escalate_priv - Escalade priviledges
  • win_mutex - Create or check mutex
VirusTotal Search for analysis
Name 5eecfd7737c1e1f1_zipfi.dll
Download Submit file
Filepath C:\Windows\SysWOW64\zipfi.dll
Size 75.7KB
Processes 2352 (smnss.exe)
Type Zip archive data, at least v1.0 to extract, compression method=store
MD5 3baee149233874bea9ed306a8bc09a7e
SHA1 7be5d0285eb1b661ec338761a85a30814be2f178
SHA256 5eecfd7737c1e1f18d729a2611dfcb49ea413b8a47228d98975184813df749a5
CRC32 64D17F65
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • anti_dbg - Checks if being debugged
  • network_udp_sock - Communications over UDP network
  • network_tcp_listen - Listen for incoming communication
  • network_smtp_raw - Communications smtp
  • network_dropper - File downloader/dropper
  • network_tcp_socket - Communications over RAW socket
  • network_dns - Communications use DNS
  • escalate_priv - Escalade priviledges
  • win_mutex - Create or check mutex
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.