Dropped Files

Name 474a7a501a62b30d_sqkidanlfd.exe
Download Submit file
Filepath C:\Temp\sqkidanlfd.exe
Size 361.0KB
Processes 2432 (wugezwrpjhbztrmj.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 92aeb5c35ebc1d594bb5da846c05e68b
SHA1 1418ac024f4802fcbcf9694e42e2bcb1d7d82372
SHA256 474a7a501a62b30d5b75bc19f83977bec66865e97db0a76d845a2e571c8f9a4a
CRC32 8C8209CC
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • anti_dbg - Checks if being debugged
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • create_service - Create a windows service
  • network_http - Communications over HTTP
  • network_dropper - File downloader/dropper
  • network_tcp_socket - Communications over RAW socket
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
VirusTotal Search for analysis
Name b5f1f50cf6cd8657_i_sqkidanlfd.exe
Download Submit file
Filepath C:\Temp\i_sqkidanlfd.exe
Size 361.0KB
Processes 2432 (wugezwrpjhbztrmj.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d1c744f64d143998f342b144a2659a6c
SHA1 f696bbc7a320d3671cc584c3726f21af3494fd6a
SHA256 b5f1f50cf6cd8657a9145ac2082bd60446eb8e92e8afac6407e4d9c182f91cd9
CRC32 856DE2B9
ssdeep None
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • anti_dbg - Checks if being debugged
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • create_service - Create a windows service
  • network_http - Communications over HTTP
  • network_dropper - File downloader/dropper
  • network_tcp_socket - Communications over RAW socket
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
VirusTotal Search for analysis
Cuckoo

We're processing your submission... This could take a few seconds.