Dropped Files

Name 471f3a1caa3ecde4_backup.exe
Download Submit file
Filepath C:\Users\Administrator\AppData\Local\Temp\0C7910BA-F902-421E-9E69-CF9AEE0DD4D7\backup.exe
Size 92.4KB
Processes 1472 (55bdae6f51cb9ff4_backup.exe)
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5 537660c5051a3c32575a860577628372
SHA1 068e89774b6ece057d8525c8ecb965f7b477c050
SHA256 471f3a1caa3ecde497b9fda46c0d3d9b8b38f13caee177c7d2fdc8815b47dec0
CRC32 4C16D61A
ssdeep None
Yara
  • suspicious_packer_section - The packer/protector section names/keywords
  • SEH__vba - (no description)
  • escalate_priv - Escalade priviledges
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_token - Affect system token
VirusTotal Search for analysis
Name 2fc35c575ad69162_backup.exe
Download Submit file
Filepath C:\backup.exe
Size 92.4KB
Processes 2924 (backup.exe)
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5 a40bd7408592b1ab07767732c700864f
SHA1 69a6f7842681d7b02d8a179a67ee4456a5d3963e
SHA256 2fc35c575ad69162edf3690a70a8687830a831c97bd3a6cf28d9c7922fed27c4
CRC32 B89DE37F
ssdeep None
Yara
  • suspicious_packer_section - The packer/protector section names/keywords
  • SEH__vba - (no description)
  • escalate_priv - Escalade priviledges
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_token - Affect system token
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.