Dropped Files

Name 6b490819a7dd93fb_omhezwrpjh.exe
Download Submit file
Filepath C:\Temp\omhezwrpjh.exe
Size 361.0KB
Processes 2320 (ytqlidbvtnlgdyvq.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 414d9b96d0860c0927130bcb58102c8d
SHA1 ceee4a20da5bff689106db8c8d1312b84e5acd57
SHA256 6b490819a7dd93fbc34e06ef4ceaf434a3d4f54005b7f747322815687a809ebd
CRC32 0918D583
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • anti_dbg - Checks if being debugged
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • create_service - Create a windows service
  • network_http - Communications over HTTP
  • network_dropper - File downloader/dropper
  • network_tcp_socket - Communications over RAW socket
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
VirusTotal Search for analysis
Name 11ade02e3450116e_i_omhezwrpjh.exe
Download Submit file
Filepath C:\Temp\i_omhezwrpjh.exe
Size 361.0KB
Processes 2320 (ytqlidbvtnlgdyvq.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 5bd4ce5fc5adba0d73910740a0ec7494
SHA1 ad056d222b9cac9db18f7afb7c008e75c6f08082
SHA256 11ade02e3450116e38719853560645550b6118ea277ce704ddcbd3fe97bb0929
CRC32 E7E4066C
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • anti_dbg - Checks if being debugged
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • create_service - Create a windows service
  • network_http - Communications over HTTP
  • network_dropper - File downloader/dropper
  • network_tcp_socket - Communications over RAW socket
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.