Dropped Files

Name 8af5959bd5f30ebe_perfhost.exe
Download Submit file
Filepath C:\Windows\SysWOW64\perfhost.exe
Size 1.4MB
Processes 2164 (d463e5b74daae385d73b8c8216cd0c2.exe)
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 bb1e4329368a37fd0fb86fc49c4c520b
SHA1 e3df7c1dd8adf32fd90c5b163d05987be5dc35ea
SHA256 8af5959bd5f30ebee1d97726efcca5dca55a4d5f2c47e1b8c2bd498ac54d901d
CRC32 F48478F3
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name e535649aa2e3deff_aspnet_state.exe
Download Submit file
Filepath C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
Size 1.5MB
Processes 2164 (d463e5b74daae385d73b8c8216cd0c2.exe)
Type PE32+ executable (console) x86-64, for MS Windows
MD5 4f3ac5a3ae0d757eb3482f031f9fd7f6
SHA1 2e97f870daf173697cb4ce1886829e72ba636249
SHA256 e535649aa2e3deff83df3d6f1fb9b3d29bac052c4863f736e8d8b043cd307bc1
CRC32 FA4F31E9
ssdeep None
Yara
  • DebuggerException__SetConsoleCtrl - (no description)
  • anti_dbg - Checks if being debugged
  • network_tcp_listen - Listen for incoming communication
  • network_tcp_socket - Communications over RAW socket
  • win_registry - Affect system registries
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.