Dropped Files

Name d988dd99072dab95_daoc + serial.exe
Download Submit file
Filepath C:\Windows\win32dc\DAoC + serial.exe
Size 208.0KB
Processes 2940 (1a3a6bd44c84e0f9_quake3 + serial.exe)
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5 f9c04a9975675de562b1289003b8d328
SHA1 5e92d96046cbfdaf67a52e574e6cce138cb3ea09
SHA256 d988dd99072dab95d92fec23ddeae4c675896f99e65cf7af2283d1ec019df9d3
CRC32 6D195FF1
ssdeep None
Yara
  • suspicious_packer_section - The packer/protector section names/keywords
  • network_irc - Communications over IRC network
  • network_dropper - File downloader/dropper
  • network_tcp_socket - Communications over RAW socket
  • network_dns - Communications use DNS
  • keylogger - Run a keylogger
  • spreading_share - Malware can spread east-west using share drive
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_private_profile - Affect private profile
VirusTotal Search for analysis
Name 5f8f87c03002169a_daoc(codes).exe
Download Submit file
Filepath C:\Windows\win32dc\DAoC(codes).exe
Size 210.0KB
Processes 2940 (1a3a6bd44c84e0f9_quake3 + serial.exe)
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5 fecfc63bef2bbb54d4e9be4f9e6d7162
SHA1 09199a5486210c5954753b7e5395f63c292642c3
SHA256 5f8f87c03002169a4b172a8e75d238be22f626f68e8cc0413c93d1f36c4cc26e
CRC32 08CF322B
ssdeep None
Yara
  • suspicious_packer_section - The packer/protector section names/keywords
  • network_irc - Communications over IRC network
  • network_dropper - File downloader/dropper
  • network_tcp_socket - Communications over RAW socket
  • network_dns - Communications use DNS
  • keylogger - Run a keylogger
  • spreading_share - Malware can spread east-west using share drive
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_private_profile - Affect private profile
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.