Dropped Files

Name f015f9be08ab4d37_lfdyvqniga.exe
Download Submit file
Filepath C:\Temp\lfdyvqniga.exe
Size 361.0KB
Processes 2448 (mhfzxrpjhczurmke.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ae9dadd0541d12f0ec8cc73375635cd6
SHA1 aaf72fce4879d6e0766a1fce56436e97b1ee68f4
SHA256 f015f9be08ab4d37094891ee709100440631fb4395769b94fca49a8a0bab3553
CRC32 0E13C6BD
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • anti_dbg - Checks if being debugged
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • create_service - Create a windows service
  • network_http - Communications over HTTP
  • network_dropper - File downloader/dropper
  • network_tcp_socket - Communications over RAW socket
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
VirusTotal Search for analysis
Name a66e226c7e03049e_i_lfdyvqniga.exe
Download Submit file
Filepath C:\Temp\i_lfdyvqniga.exe
Size 361.0KB
Processes 2448 (mhfzxrpjhczurmke.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 2dae49ebd4309f4ae238a03c2c0c91ae
SHA1 846a07b75c5357f72ee12a36a6166f4616882eee
SHA256 a66e226c7e03049efb654c7fcb42ece20c727140bb0cd3ee85282929d17653a5
CRC32 1C74CFFD
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • anti_dbg - Checks if being debugged
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • create_service - Create a windows service
  • network_http - Communications over HTTP
  • network_dropper - File downloader/dropper
  • network_tcp_socket - Communications over RAW socket
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.