Dropped Files

Name de28df3e89f794d4_grcopy.dll
Download Submit file
Filepath C:\Windows\SysWOW64\grcopy.dll
Size 75.6KB
Processes 2488 (Readme.exe)
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5 c570385156924524ae9aec69bdd359f2
SHA1 4aedbaf9d551de5de1d8d358e31c41ddb1f17422
SHA256 de28df3e89f794d4db5c1ce4a091ce0bf9c64bb3b2a3c66ecdcaade6dc495975
CRC32 73C350EC
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • anti_dbg - Checks if being debugged
  • network_udp_sock - Communications over UDP network
  • network_tcp_listen - Listen for incoming communication
  • network_smtp_raw - Communications smtp
  • network_dropper - File downloader/dropper
  • network_tcp_socket - Communications over RAW socket
  • network_dns - Communications use DNS
  • escalate_priv - Escalade priviledges
  • win_mutex - Create or check mutex
VirusTotal Search for analysis
Name ba207b4a26b4f41e_zipfi.dll
Download Submit file
Filepath C:\Windows\SysWOW64\zipfi.dll
Size 75.7KB
Processes 2276 (smnss.exe)
Type Zip archive data, at least v1.0 to extract, compression method=store
MD5 c93997197ca564400ea5a4ff6167675c
SHA1 14ebd230342dbff4ebebd597c5028bf3017c0ba8
SHA256 ba207b4a26b4f41e73add28d46c63ee53307bd51046b62d9a0c15ab9a3e8c409
CRC32 F646A8A6
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • anti_dbg - Checks if being debugged
  • network_udp_sock - Communications over UDP network
  • network_tcp_listen - Listen for incoming communication
  • network_smtp_raw - Communications smtp
  • network_dropper - File downloader/dropper
  • network_tcp_socket - Communications over RAW socket
  • network_dns - Communications use DNS
  • escalate_priv - Escalade priviledges
  • win_mutex - Create or check mutex
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.