Dropped Files | ZeroBOX

Name	2cd59d4258475495_sihost64.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Libs\sihost64.exe
Size	10.5KB
Processes	2752 (SmartPDF.exe) 2136 (Services.exe)
Type	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5	`bf22027e42a9dd3cc69b7298721d8ebc`
SHA1	`910d3b7bc580a95c241e148adefe20948bde33e9`
SHA256	`2cd59d4258475495c54133c8b9fc409634c246b010af9b5cf26fdea0f96c5db4`
CRC32	`C4861263`
ssdeep	`192:2CqPe8akzfKIgDbuME2EhXyjbROdlU14DlWyU2anGlAnKY4uJ1:9zBIu+x0EltlHuGlA3`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	11bd2c9f9e2397c9_wr64.sys Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Libs\WR64.sys
Size	14.2KB
Processes	2752 (SmartPDF.exe) 2136 (Services.exe)
Type	PE32+ executable (native) x86-64, for MS Windows
MD5	`0c0195c48b6b8582fa6f6373032118da`
SHA1	`d25340ae8e92a6d29f599fef426a2bc1b5217299`
SHA256	`11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5`
CRC32	`6B0323EB`
ssdeep	`192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis