popup
Dropped Burrfers | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Buffers

Name 3d1741b7260b14dbec004b713851e755ece05312
Size 315.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 94b3f3df1ba62795a9dade01ef25277b
SHA1 3d1741b7260b14dbec004b713851e755ece05312
SHA256 dff312f6b44094d6f940eba7d174e9155d786df2946dbfc66b430306cda664bf
CRC32 B4FCFA39
ssdeep 6144:37cQZ4wlTF+NgIec/j+APROqgceRjV7r0eb1:gE74Ngbc/64Rlne9Vk
Yara
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • Antivirus - Contains references to security software
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • network_tcp_listen - Listen for incoming communication
  • network_irc - Communications over IRC network
  • network_http - Communications over HTTP
  • network_tcp_socket - Communications over RAW socket
  • network_dns - Communications use DNS
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
  • spreading_share - Malware can spread east-west using share drive
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_files_operation - Affect private profile
  • Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration
  • Str_Win32_Wininet_Library - Match Windows Inet API library declaration
  • Str_Win32_Internet_API - Match Windows Inet API call
  • Str_Win32_Http_API - Match Windows Http API call
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name 928595a385c8ae5dee032046e94777761c128a8a
Size 2.5MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d23d7544c6cf713a32e93b5bc6dfc352
SHA1 928595a385c8ae5dee032046e94777761c128a8a
SHA256 84f80169782411833bc3b22d9a75017052870fc91e66484003b27ccf027b5b2e
CRC32 9249690C
ssdeep 6144:IpA/3lQY0TykwLOGGn8BOCugceRj57r0e9:IiyT9wLOh8B9une95k
Yara
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • Antivirus - Contains references to security software
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • network_tcp_listen - Listen for incoming communication
  • network_irc - Communications over IRC network
  • network_http - Communications over HTTP
  • network_tcp_socket - Communications over RAW socket
  • network_dns - Communications use DNS
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
  • spreading_share - Malware can spread east-west using share drive
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_files_operation - Affect private profile
  • Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration
  • Str_Win32_Wininet_Library - Match Windows Inet API library declaration
  • Str_Win32_Internet_API - Match Windows Inet API call
  • Str_Win32_Http_API - Match Windows Http API call
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • HasOverlay - Overlay Check
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis