Dropped Files

Name 3198c065e76cee1e_uomgeywroj.exe
Download Submit file
Filepath C:\Temp\uomgeywroj.exe
Size 361.0KB
Processes 640 (bvtnlfdyvqoigays.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ad5492348c8f8b9744d6e08327bc8cbc
SHA1 dc6ef45c81b61a33d74ecde597191f8d03fe49eb
SHA256 3198c065e76cee1ef872e669b1dae0c9bf5af8024380e2111547a3598235d39e
CRC32 0DF23779
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • anti_dbg - Checks if being debugged
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • create_service - Create a windows service
  • network_http - Communications over HTTP
  • network_dropper - File downloader/dropper
  • network_tcp_socket - Communications over RAW socket
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
VirusTotal Search for analysis
Name 361b705e59617815_i_uomgeywroj.exe
Download Submit file
Filepath C:\Temp\i_uomgeywroj.exe
Size 361.0KB
Processes 640 (bvtnlfdyvqoigays.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 11e0d4fcf7ffd79b72e8c0c46183a434
SHA1 b806ff73be822f39435e1c4833da3bc7fe62247f
SHA256 361b705e59617815fc804a7850886581a7fcfcbafc8987492277f1ef02f78e74
CRC32 2C7E9F1A
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • anti_dbg - Checks if being debugged
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • create_service - Create a windows service
  • network_http - Communications over HTTP
  • network_dropper - File downloader/dropper
  • network_tcp_socket - Communications over RAW socket
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.