Dropped Files

Name 0bf281ef94246e4c_qnifaysqki.exe
Download Submit file
Filepath C:\Temp\qnifaysqki.exe
Size 361.0KB
Processes 2632 (smkecwupmhfzpjhb.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 15d5ff96fed576c440ae09b0ccead2c0
SHA1 c1ea81706841e6df54e750e37e16c0ac308e093e
SHA256 0bf281ef94246e4ce9ea3c4db209ea29f7299c2726da1c45482e6b88ac04dc9e
CRC32 6E19C6D4
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • anti_dbg - Checks if being debugged
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • create_service - Create a windows service
  • network_http - Communications over HTTP
  • network_dropper - File downloader/dropper
  • network_tcp_socket - Communications over RAW socket
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
VirusTotal Search for analysis
Name e401d24399c08ba3_i_qnifaysqki.exe
Download Submit file
Filepath C:\Temp\i_qnifaysqki.exe
Size 361.0KB
Processes 2632 (smkecwupmhfzpjhb.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4bf1de8f405a0f44aa2f0f88c2e9672b
SHA1 08283c81fe2453696d6217a38fbaf23fb241e70b
SHA256 e401d24399c08ba3c0a346bbef83ecc34c3c3f74b8ee403b9406946958ddc9d4
CRC32 8D8E6D82
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • anti_dbg - Checks if being debugged
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • create_service - Create a windows service
  • network_http - Communications over HTTP
  • network_dropper - File downloader/dropper
  • network_tcp_socket - Communications over RAW socket
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.