Dropped Files

Name 32f17ff293f96f7e_jgbztrljeb.exe
Download Submit file
Filepath C:\Temp\jgbztrljeb.exe
Size 361.0KB
Processes 2708 (nkfdxvpnifaxsqki.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f6a4bee566b71d7b6fc9243202f1aed0
SHA1 69781b5faa80063c24f6c55db9b406b7d1e6a877
SHA256 32f17ff293f96f7e818feedd9b659b7afa9809e65f992e4af2ceb4727dd6513d
CRC32 ED3CB87A
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • anti_dbg - Checks if being debugged
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • create_service - Create a windows service
  • network_http - Communications over HTTP
  • network_dropper - File downloader/dropper
  • network_tcp_socket - Communications over RAW socket
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
VirusTotal Search for analysis
Name 2471dac2fab0b6f9_i_jgbztrljeb.exe
Download Submit file
Filepath C:\Temp\i_jgbztrljeb.exe
Size 361.0KB
Processes 2708 (nkfdxvpnifaxsqki.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 2fdd95c498a3bf52b96ec32f44df5d59
SHA1 25d5cc40bf854a99f84ac33f0d28b6d2ad1e66f6
SHA256 2471dac2fab0b6f97afae0f985c06703c15b6d10685f4929ee48aa52e4efdbe2
CRC32 E6F67E47
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • anti_dbg - Checks if being debugged
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • create_service - Create a windows service
  • network_http - Communications over HTTP
  • network_dropper - File downloader/dropper
  • network_tcp_socket - Communications over RAW socket
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.