popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 0c85dba919ca891d_profondata.mui
Submit file
Filepath C:\Users\test22\AppData\Roaming\FYmkuAFJptiVL\Profondata.mui
Size 921.8KB
Processes 3872 (vpn.exe)
Type data
MD5 768cb44a2b75023b582663503484dd71
SHA1 f7188b5b4313d5d4fa8191f66ac2cc5e13ae4553
SHA256 0c85dba919ca891dafc7c5d8519bcf43ef4a56ed55159b4bb79c93da47ae3f1c
CRC32 E5CD7436
ssdeep 24576:TJs7DlG83U/hcSO3UTyYPeuZtxY+8aiB8ea:TC7hGOSPT/PxebaiO
Yara
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • network_http - Communications over HTTP
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_files_operation - Affect private profile
  • Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration
  • Str_Win32_Wininet_Library - Match Windows Inet API library declaration
  • Str_Win32_Internet_API - Match Windows Inet API call
  • Str_Win32_Http_API - Match Windows Http API call
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • AutoIt - www.autoitscript.com/site/autoit/
VirusTotal Search for analysis
Name 4132c4bb6379db32_vpn.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\New Feature\vpn.exe
Size 1.1MB
Processes 8024 (lv.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
MD5 4402cf08ffc7af71fc2fe28070fbe2e5
SHA1 a45a015f2a8f8206ba349350c07202edfb62de24
SHA256 4132c4bb6379db32fb14aab90717c9b9e8cada860656a4cda2c33f73e81f6bc0
CRC32 05138980
ssdeep 24576:Ex4tQd2AP1BQ1h383QTrOGyi4Nk9wU1rQ0oqcSgeg:Ex4tEM1y3Qjyi7pg
Yara
  • Malicious_Library_Zero - Malicious_Library
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
  • win_files_operation - Affect private profile
  • PE_Header_Zero - PE File Signature Zero
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • IsPacked - Entropy Check
  • HasOverlay - Overlay Check
  • HasModified_DOS_Message - DOS Message Check
VirusTotal Search for analysis
Name 2f7f8fc05dc4fd0d_UAC.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsu53.tmp\UAC.dll
Size 14.5KB
Processes 8024 (lv.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 adb29e6b186daa765dc750128649b63d
SHA1 160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA256 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
CRC32 1FE27A66
ssdeep 192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Yara
  • escalate_priv - Escalade priviledges
  • win_token - Affect system token
  • PE_Header_Zero - PE File Signature Zero
  • IsPE32 - (no description)
  • IsDLL - (no description)
  • IsWindowsGUI - (no description)
  • HasRichSignature - Rich Signature Check
VirusTotal Search for analysis
Name 13b302300f48ee0e_K
Submit file
Filepath C:\Users\test22\AppData\Roaming\FYmkuAFJptiVL\K
Size 574.9KB
Type ASCII text, with very long lines, with CRLF, CR, LF line terminators
MD5 3ab81fd892c2b701a1d284c85718209b
SHA1 10219f3f01c527012581f26b2c980050eb04e2a5
SHA256 13b302300f48ee0e50fdddf343676e7717e0bc434225d2d4c39f315c7fe666e4
CRC32 140AF734
ssdeep 12288:TWCx+XOXOamGPgvChxZal1XjAruNX/wtRQHG/nsYp4hUCzYhTWWxRyIEIu2Sl1fn:d8Ham6gvChxZr59qHYwGyIERd1l4MC8J
Yara None matched
VirusTotal Search for analysis
Name 57e2edeb4273c17b_4.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\New Feature\4.exe
Size 192.0KB
Processes 8024 (lv.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 19ca8e40307dc5017609b4c8084e629a
SHA1 659992217d69898aa2bbbc989227e406d335282f
SHA256 57e2edeb4273c17bd3cc4b86bb9c20d6b9eaecb3e0775e6a7ff9d72bec1c38a0
CRC32 A7FF6CC0
ssdeep 3072:6jZE8flj6cBWTS0N5gRW95eODS4/oBgUbVF8xvc97Wx4RgJ5:6j3j6cBASPRW90/6UcISKR
Yara
  • Trojan_Win32_Glupteba_1_Zero - Trojan Win32 Glupteba
  • win_mutex - Create or check mutex
  • win_files_operation - Affect private profile
  • PE_Header_Zero - PE File Signature Zero
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • IsPacked - Entropy Check
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check
VirusTotal Search for analysis
Name a189fc90d382efdb_Frecce.mui
Submit file
Filepath C:\Users\test22\AppData\Roaming\FYmkuAFJptiVL\Frecce.mui
Size 140.0KB
Processes 3872 (vpn.exe) 4368 (Osato.exe.com)
Type data
MD5 857644237e15045a0978acd8f64070ce
SHA1 8406170f63641693ce0b11e89418cc52701872a7
SHA256 a189fc90d382efdb3c00d396d60be8ed7b5e6f7db9bdda96bb21b95b002586dc
CRC32 AA3C126E
ssdeep 3072:PITaNwH/YRG6Bq8bXyU6bo1xNiY5OSjl4PjnjsKCyd+32lRh:PITaeH+ZRXIEEY5ODAKCq
Yara None matched
VirusTotal Search for analysis
Name 0f7a7b1b05eeca93_ecco.mui
Submit file
Filepath C:\Users\test22\AppData\Roaming\FYmkuAFJptiVL\Ecco.mui
Size 109.4KB
Processes 3872 (vpn.exe)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 a2c055692d535eeb0d41990f533ac147
SHA1 a9c5c92079e453ccad3c50657c9ce94584c1af2f
SHA256 0f7a7b1b05eeca930d60918f66bbe5a1fa83343050b9a4e8d2b55f44a4a6a3ae
CRC32 263BF362
ssdeep 3072:wcw3HIcz0PlSGMBHSoUmqcybVcTQR7USzpDH:wZ5z045SoUmqcyb2TQZU+H
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_nsu52.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\nsu52.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis