popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 59df8a62108bbf31_update.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\Update.exe
Size 916.5KB
Processes 2112 (xcopy.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 048aa5b804cde0768111c633e0faa028
SHA1 464870f8e6df7a11041315379b52365dfd7ff630
SHA256 59df8a62108bbf3120e6699e616417f393aefaf0574b1fd1ae2bcb7802d543da
CRC32 8D57E6F7
ssdeep 12288:21oYI63MyxbFvw5pQKEjp9JsAAs0UWUKRHhhWV0EYn0v7KytlZTVtMh1FP8TjOu:WLr9RAphLWyEY0veytNWh1un
Yara
  • PE_Header_Zero - PE File Signature Zero
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • IsPacked - Entropy Check
  • HasRichSignature - Rich Signature Check
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis
Name a2f3ecd329d27138_moduleinstaller.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\ModuleInstaller.exe
Size 2.0MB
Processes 2332 (BrowserUpdate.exe)
Type PE32+ executable (console) x86-64, for MS Windows
MD5 a7013a2c7fd3a6168a7c0d9eed825c32
SHA1 a3b6cf6090a425466606125aa881fdf56c1c2a67
SHA256 a2f3ecd329d2713855257bf922b8a092cbb1193327ba197351804275286df7dd
CRC32 290817F3
ssdeep 49152:jMoW3QuuTUF6MSQeVlIJyBnmjtOv8MpphRznUspZ6icSO4HiK:j502MSQeVlIonoOvv7NpF8K
Yara
  • create_service - Create a windows service
  • network_udp_sock - Communications over UDP network
  • network_tcp_listen - Listen for incoming communication
  • network_tcp_socket - Communications over RAW socket
  • network_dns - Communications use DNS
  • escalate_priv - Escalade priviledges
  • keylogger - Run a keylogger
  • win_token - Affect system token
  • win_files_operation - Affect private profile
  • Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • IsPE64 - (no description)
  • IsConsole - (no description)
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check
VirusTotal Search for analysis
Name 11bd2c9f9e2397c9_winring0x64.sys
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\WinRing0x64.sys
Size 14.2KB
Processes 2332 (BrowserUpdate.exe)
Type PE32+ executable (native) x86-64, for MS Windows
MD5 0c0195c48b6b8582fa6f6373032118da
SHA1 d25340ae8e92a6d29f599fef426a2bc1b5217299
SHA256 11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5
CRC32 6B0323EB
ssdeep 192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
Yara
  • PE_Header_Zero - PE File Signature Zero
  • IsPE64 - (no description)
  • HasOverlay - Overlay Check
  • HasDigitalSignature - DigitalSignature Check
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check
VirusTotal Search for analysis