popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 3354bdd8ccc26fcd_rzxbpdihpjy.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\rzxBPDIHpjY.exe
Size 1.3MB
Processes 3024 (Gracia.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 9c4d38ba3433603d3fe4a2f69a369c7c
SHA1 a49bd33547d0521d241aa95067af627487410993
SHA256 3354bdd8ccc26fcde720560773a0a3fa4f808dae9010a3fdc5af003858b23e2b
CRC32 62AF0CB4
ssdeep 24576:K9m8RPz7mftuAiydQ84w9IQ0+mUuKkKdTeK0QA2VN:fMg0Aiyio90hnKXdKK0QdVN
Yara
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • Win32_Trojan_PWS_Azorult_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • IsPE32 - (no description)
  • IsNET_EXE - (no description)
  • IsWindowsGUI - (no description)
  • IsPacked - Entropy Check
VirusTotal Search for analysis
Name bb9181b3935b8681_tmpEFD8.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmpEFD8.tmp
Size 1.3KB
Processes 1080 (Ultimate.exe)
Type XML 1.0 document, ASCII text, with CRLF line terminators
MD5 be81f72fa4dbc827132836ee2af92c96
SHA1 fe5ded04ab4932dea6cf414e9e4428f43da70d03
SHA256 bb9181b3935b8681a71b578f8166883e61380de6181df82d05f14829323fbf0f
CRC32 7AA438E3
ssdeep 24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0Rb5xtn:cbk4oL600QydbQxIYODOLedq3Sb5j
Yara None matched
VirusTotal Search for analysis
Name cfa3b97d863ac26b_sub.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\sub.exe
Size 216.0KB
Processes 3052 (Gracia.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 9f2e6359e0fbebbdcd732820fefc5bde
SHA1 33d92b0807a38d234b4a26bd57aac9eb244b066b
SHA256 cfa3b97d863ac26b06dd334fa503c68020b6e49f4b8dd49049828aa81f09e061
CRC32 386E0023
ssdeep 3072:YVQRd5aKER3Su9hg2oyUvVldMdMnKXrVgVS6A0P6aUdz0TTO8u4lBNO+a8YUy4g:Ygfu9JUS6nWYMb0XVuABSZUy
Yara
  • PE_Header_Zero - PE File Signature Zero
  • network_smtp_dotNet - Communications smtp
  • keylogger - Run a keylogger
  • IsPE32 - (no description)
  • IsNET_EXE - (no description)
  • IsWindowsGUI - (no description)
VirusTotal Search for analysis
Name 3b8373a365f3fa98_task.dat
Submit file
Filepath C:\Users\test22\AppData\Roaming\017BD04F-B3BF-45B6-8167-9E8F41FF87BF\task.dat
Size 44.0B
Processes 1080 (Ultimate.exe)
Type ASCII text, with no line terminators
MD5 6c39835edf914200272626cc44829cf3
SHA1 f73993d6530ed98580cdfdf328a065cb0ccca6ac
SHA256 3b8373a365f3fa98c8df57acc673863d0c4cb9d104870507ed71749dab4cd547
CRC32 DF5D4E39
ssdeep 3:oNmWxpcL4EaKC59a:oNmQpcLJaZ5o
Yara None matched
VirusTotal Search for analysis
Name e7dde88d29302587_tmpE79A.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmpE79A.tmp
Size 1.6KB
Processes 3024 (Gracia.exe)
Type XML 1.0 document, ASCII text, with CRLF line terminators
MD5 bcc4230f451a94438ba70e1c782bba97
SHA1 8032745498958f2d8b6f078180ed45d10a99070e
SHA256 e7dde88d29302587e333b7181da321996a199aa391a75e1ac25a6a6d0cdddf03
CRC32 B036CE01
ssdeep 24:2dH4+SEqCH/7IlNMFQ/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKButn:cbhf7IlNQQ/rydbz9I3YODOLNdq3G
Yara None matched
VirusTotal Search for analysis
Name 50c6407093469c70_tmpEEBE.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmpEEBE.tmp
Size 1.3KB
Processes 1080 (Ultimate.exe)
Type XML 1.0 document, ASCII text, with CRLF line terminators
MD5 60b1732ac1e8294952dfb75b94d00ae1
SHA1 cacbd277397bdb1548745358f85ec39837bd8880
SHA256 50c6407093469c70b32b561aeaf343cb1f82b13ea0135a89cd18ed9a803da743
CRC32 4BC594C3
ssdeep 24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0qxtn:cbk4oL600QydbQxIYODOLedq3Lj
Yara None matched
VirusTotal Search for analysis
Name 909ea6bd515439ab_ultimate.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\Ultimate.exe
Size 203.0KB
Processes 3052 (Gracia.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 96d038bab6adb9397e5a1013cfcb67e8
SHA1 47a01f03fb9d3999253ee3f833c0e3be9dd595e2
SHA256 909ea6bd515439abb13ff254c49c71bae5edab2c04f9057a82a29d01b9e1392f
CRC32 16E4D78F
ssdeep 6144:sLV6Bta6dtJmakIM5DEN/wjwJsvle+o9f/q:sLV6BtpmkVElepa
Yara
  • PE_Header_Zero - PE File Signature Zero
  • network_dns - Communications use DNS
  • win_registry - Affect system registries
  • IsPE32 - (no description)
  • IsNET_EXE - (no description)
  • IsWindowsGUI - (no description)
  • IsPacked - Entropy Check
VirusTotal Search for analysis
Name b1c45a19dd18372b_asyclient.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\asyClient.exe
Size 47.5KB
Processes 3052 (Gracia.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 0821b905c4238437b802c25a246fdc60
SHA1 6e848c51ebe2f98560a053f39938bd4d869e8f10
SHA256 b1c45a19dd18372bf6dfc4827289f5d49b4e2a924238ca0061fbee4d447beffb
CRC32 10908D12
ssdeep 768:CuScq5TAYGTqWU8j+zmo2qLr55BFI1SPIGr1r0bgPnahIMxQDYnRwecVLBDZkx:CuScq5TA5c2YsRGr1gbg/aheDYnEddkx
Yara
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • Win32_Trojan_PWS_Azorult_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • IsPE32 - (no description)
  • IsNET_EXE - (no description)
  • IsWindowsGUI - (no description)
VirusTotal Search for analysis
Name 6f856bece0269f16_run.dat
Submit file
Filepath C:\Users\test22\AppData\Roaming\017BD04F-B3BF-45B6-8167-9E8F41FF87BF\run.dat
Size 8.0B
Processes 1080 (Ultimate.exe)
Type data
MD5 a7b9ca2eee1ab8683046ba7aaabea7f1
SHA1 81813d6e85329a55c781c7a14efee9e43831d48a
SHA256 6f856bece0269f166d1a2a619c873a9ff38484abda5a0450f79fdb2ec247bbb3
CRC32 D7F72919
ssdeep 3:T8n:Yn
Yara None matched
VirusTotal Search for analysis