Dropped Files | ZeroBOX
Name 68288944f411f451_daemon.exe
Submit file
Filepath C:\ProgramData\DaemonL\Daemon.exe
Size 908.5KB
Processes 3576 (Daemon.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 dd3de309df5791a357534b613270ca3a
SHA1 24c97362e10444d3233145671919a206fd58c247
SHA256 68288944f411f451612a76069d22ba5ec804d649d992cafeb75bce96e8c7ae69
CRC32 62CB30E8
ssdeep 24576:wAHnh+eWsN3skA4RV1Hom2KXMmHafoKn5:nh+ZkldoPK8YafV
Yara
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check
  • AutoIt - www.autoitscript.com/site/autoit/
  • CryptGenKey_Zero - CryptGenKey Zero
  • FindFirstVolume_Zero - FindFirstVolume Zero
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • network_http - Communications over HTTP
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_files_operation - Affect private profile
  • Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration
  • Str_Win32_Wininet_Library - Match Windows Inet API library declaration
  • Str_Win32_Internet_API - Match Windows Inet API call
  • Str_Win32_Http_API - Match Windows Http API call
  • Process_Snapshot_Kill_Zero - Process Kill Zero
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • Device_Check_Zero - Device Check Zero
VirusTotal Search for analysis
Name cf407f08781291b9_phoenixminer.exe
Submit file
Filepath C:\ProgramData\DaemonL\PhoenixMiner.exe
Size 7.6MB
Processes 3576 (Daemon.exe)
Type PE32+ executable (console) x86-64, for MS Windows
MD5 5038518141ebf317a75d61cb9b5030db
SHA1 4dbf14aaa259ab2fd99b7c544397e5b1c4c037e3
SHA256 cf407f08781291b9470743ddee1a4136a3470efa388ea617c487cce75c0f2a5e
CRC32 8E5EC5D0
ssdeep 98304:4Dqif72Rv0KNeL0g9Jwd+myxf9OwRw3nIJVVZ6l5qRAL7t:EV0eL0gwd+55Y3IPFI7t
Yara
  • IsPE64 - (no description)
  • IsConsole - (no description)
  • IsPacked - Entropy Check
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check
  • network_tcp_listen - Listen for incoming communication
  • network_tcp_socket - Communications over RAW socket
  • network_dns - Communications use DNS
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_files_operation - Affect private profile
  • Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
VirusTotal Search for analysis