Dropped Files

Name e804eb3a8618c3a1_pnhfaxsqki.exe
Download Submit file
Filepath C:\Temp\pnhfaxsqki.exe
Size 361.0KB
Processes 1072 (wuomgezwrpjhbztr.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 3978ca18cee38d38b54384caec94cd5e
SHA1 4e820c6587e8d50082acd6e12d038b975da7514d
SHA256 e804eb3a8618c3a1429eb0125657bf9ca9efa4abdffd5eae6d3d3b7c271be50b
CRC32 72C273F7
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • anti_dbg - Checks if being debugged
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • create_service - Create a windows service
  • network_http - Communications over HTTP
  • network_dropper - File downloader/dropper
  • network_tcp_socket - Communications over RAW socket
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
VirusTotal Search for analysis
Name 3a193231bf5d75e4_i_pnhfaxsqki.exe
Download Submit file
Filepath C:\Temp\i_pnhfaxsqki.exe
Size 361.0KB
Processes 1072 (wuomgezwrpjhbztr.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 33d0204cd238aa01b730ea53f957efbc
SHA1 9fffc8d972924e1fb74edd939921ff714e1d6e1c
SHA256 3a193231bf5d75e44be9880af6a5a56ddeac54f90bc8fa462d1b888f2182542b
CRC32 A9CBF2E0
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • anti_dbg - Checks if being debugged
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • create_service - Create a windows service
  • network_http - Communications over HTTP
  • network_dropper - File downloader/dropper
  • network_tcp_socket - Communications over RAW socket
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.