Dropped Files

Name 5b022bc3a058c0a8_5b022bc3a058c0a8_wuauclt.exe
Download Submit file
Filepath C:\Users\Administrator\AppData\Local\Temp\5b022bc3a058c0a8_wuauclt.exe
Size 135.3KB
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5 fe3f38b69d38dbf5ffc64238e6a1a3e7
SHA1 e9de7e567e09bb891b5d3d2f0c01d07ccc40cf8f
SHA256 5b022bc3a058c0a87cabe842039403aab374d57612ee557509d010e33b87f14f
CRC32 7F3292D0
ssdeep None
Yara
  • suspicious_packer_section - The packer/protector section names/keywords
  • CrowdStrike_CSIT_18197_01 - Detects plaintext version of strings observed in SILENT CHOLLIMA Rifdoor malware
  • anti_dbg - Checks if being debugged
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_files_operation - Affect private profile
VirusTotal Search for analysis
Name 3f38fb1f1eac2c7f_wuauclt.exe
Download Submit file
Filepath C:\ProgramData\Update\wuauclt.exe
Size 135.4KB
Processes 1972 (5b022bc3a058c0a8_wuauclt.exe)
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5 d1ed15d91674fe22a2680dc2b33196d9
SHA1 b9a7a2d61325b05909e06d8d0f8aae87ee29694b
SHA256 3f38fb1f1eac2c7f1c84f8ffe1e1cf1eb751b67fe842495bff12710f738b2aa9
CRC32 7B732C63
ssdeep None
Yara
  • suspicious_packer_section - The packer/protector section names/keywords
  • CrowdStrike_CSIT_18197_01 - Detects plaintext version of strings observed in SILENT CHOLLIMA Rifdoor malware
  • anti_dbg - Checks if being debugged
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_files_operation - Affect private profile
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.