Dropped Files

Name 34df6753ba3fa12c_dw20.exe
Download Submit file
Filepath C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE
Size 12.1MB
Processes 2712 (b3c43f1954f50e1cd3d72ac10db4f3585cb24458b3fb0709ebf710c1e5bee303.exe)
Type PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5 c3d84af030b1549e67dfd080a8199732
SHA1 b843911df617d69ee7eea15a4d03a48e1dfdf58b
SHA256 34df6753ba3fa12caf5327d7a5fb096a091ed1f2289c31cf3086a827c7e3584b
CRC32 975AF67A
ssdeep None
Yara
  • Base64_encoded_Executable - Detects an base64 encoded executable (often embedded)
  • DebuggerException__ConsoleCtrl - (no description)
  • DebuggerException__SetConsoleCtrl - (no description)
  • SEH__vectored - (no description)
  • create_service - Create a windows service
  • network_udp_sock - Communications over UDP network
  • network_tcp_listen - Listen for incoming communication
  • network_tcp_socket - Communications over RAW socket
  • network_dns - Communications use DNS
  • escalate_priv - Escalade priviledges
VirusTotal Search for analysis
Name f7fc4bd58a59eb6f_msaddndr.dll
Download Submit file
Filepath C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL
Size 12.2MB
Processes 2712 (b3c43f1954f50e1cd3d72ac10db4f3585cb24458b3fb0709ebf710c1e5bee303.exe)
Type PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5 71c7cc2328e8688bf33d8a9c6b915195
SHA1 b5ef6b5233a06b05bcc0e3905f0a7b8c04ee2064
SHA256 f7fc4bd58a59eb6f33314f24735e36d0bcf6652db44b4b0a4bad7c258b5c413b
CRC32 0465272D
ssdeep None
Yara
  • Base64_encoded_Executable - Detects an base64 encoded executable (often embedded)
  • DebuggerException__ConsoleCtrl - (no description)
  • DebuggerException__SetConsoleCtrl - (no description)
  • SEH__vectored - (no description)
  • create_service - Create a windows service
  • network_udp_sock - Communications over UDP network
  • network_tcp_listen - Listen for incoming communication
  • network_tcp_socket - Communications over RAW socket
  • network_dns - Communications use DNS
  • escalate_priv - Escalade priviledges
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.