Dropped Files

Name 48a96e765f308053_backup.exe
Download Submit file
Filepath C:\Users\Administrator\AppData\Local\Temp\hsperfdata_Administrator\backup.exe
Size 446.8KB
Processes 344 (31dd8659295a736da45c388fc176cc573d6bf008a83c5457f7193c8b1e32dcf5.exe)
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5 b86226e2c045b62bda08a86419e2c97b
SHA1 49bede46f22f74fafe36cbd582b760f030776f04
SHA256 48a96e765f30805323edb29586c20d20d17e27d6935df1e241805d5c1c012f0f
CRC32 F429A5DF
ssdeep None
Yara
  • UPX - (no description)
  • suspicious_packer_section - The packer/protector section names/keywords
  • SEH__vba - (no description)
  • escalate_priv - Escalade priviledges
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_token - Affect system token
VirusTotal Search for analysis
Name 85f1986c9af0a2a2_backup.exe
Download Submit file
Filepath C:\backup.exe
Size 446.8KB
Processes 2936 (update.exe)
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5 198b64edaff020cd716fb81ef91f285b
SHA1 5778a8f5cdb5d3a1a2eaeb57e06159d00c32801b
SHA256 85f1986c9af0a2a2d3b03223f2e49a850c783a7ab5d58c23c664dc2c163001fd
CRC32 C805BAC8
ssdeep None
Yara
  • UPX - (no description)
  • suspicious_packer_section - The packer/protector section names/keywords
  • SEH__vba - (no description)
  • escalate_priv - Escalade priviledges
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_token - Affect system token
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.