popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name be9f69b76e474d8d_xbzhuklrmzrba.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\XBZhuKLRmzrBA.exe
Size 902.5KB
Processes 7948 (KL7MR6mZz2acpSc.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 aef6e395b99c7a52423cff98251b2a4b
SHA1 7698419415bcbb14a8c0c501c900a9a4080186dc
SHA256 be9f69b76e474d8d7e8a751f390b707bd840a24f5713b259a816da06b912b812
CRC32 1127CFEC
ssdeep 12288:zZ7x2pstd/fuqqkthojxddqn6RcvUXUxBhPtj6lnqENlpFDFo:11dtd/jrax7qCGhPtj6MSFo
Yara
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • Win32_Trojan_PWS_Azorult_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • IsPE32 - (no description)
  • IsNET_EXE - (no description)
  • IsWindowsGUI - (no description)
  • IsPacked - Entropy Check
VirusTotal Search for analysis
Name 09ac594d2ede91ee_tmpCCF8.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmpCCF8.tmp
Size 1.6KB
Processes 7948 (KL7MR6mZz2acpSc.exe)
Type XML 1.0 document, ASCII text, with CRLF line terminators
MD5 1579bcf66a8f97020c879ea8b18f5275
SHA1 4878522066cf539e0b1c51a456eab493cf493cfd
SHA256 09ac594d2ede91ee79912cfe44d56f0e8a05a10055ab2faf659a1360beefa074
CRC32 278DA82E
ssdeep 24:2dH4+SEqCH/7IlNMFQ/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBNXYtn:cbhf7IlNQQ/rydbz9I3YODOLNdq3m
Yara None matched
VirusTotal Search for analysis