Dropped Files

Name 63130ab770f00553_data.exe
Download Submit file
Filepath C:\Users\Administrator\AppData\Local\Temp\data.exe
Size 172.5KB
Processes 2604 (645028c193bd4908_backup.exe)
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5 e69958a1d4d5c6417fb646c79e0c1e78
SHA1 c27335ae25ae595eb8ea55482e481d732a8c612f
SHA256 63130ab770f00553adf8d9dd9970d376c19765ec675e56fa15062a05692dc2f1
CRC32 901E90A0
ssdeep None
Yara
  • suspicious_packer_section - The packer/protector section names/keywords
  • SEH__vba - (no description)
  • escalate_priv - Escalade priviledges
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_token - Affect system token
VirusTotal Search for analysis
Name 30cb8377c4c6c86f_backup.exe
Download Submit file
Filepath C:\backup.exe
Size 172.5KB
Processes 2964 (backup.exe)
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5 12d5f7d64ce9ca63be37370b87d8fedf
SHA1 c1406e58f45c58841aba70701492ec9ed77426e2
SHA256 30cb8377c4c6c86f816c3ba95eb0143e88dc22650338bf50b5ffeb958cc8935b
CRC32 CAB1ECA8
ssdeep None
Yara
  • suspicious_packer_section - The packer/protector section names/keywords
  • SEH__vba - (no description)
  • escalate_priv - Escalade priviledges
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_token - Affect system token
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.