popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 9ef508c77abe5469_Invece.msi
Submit file
Filepath C:\Users\test22\AppData\Roaming\ieBjZPIwrfYTIGFlspmRCLiHMokMPmlPcKhNkxSfoosYGYzWBAYSlPqvVTmQDWkDtonXzSYWslJxzoqNPfkfBaFF\Invece.msi
Size 140.0KB
Processes 7144 (vpn.exe) 9168 (Trascinava.exe.com)
Type data
MD5 47ebadd7365c2186dacce71f058e30f0
SHA1 3ed2838977d943570245762f220ab6e790cc1a05
SHA256 9ef508c77abe54699966ce4bb3328e7fc76f3b8ad3b22e53ff5e449f238b7b2f
CRC32 7E570412
ssdeep 3072:DlyHKJ4XlLqK+M2P0soeydci9kdlvrwHfWfx1EhNo9PnSTGAq:Bm/1vE0so7QdlvAWAgcGAq
Yara None matched
VirusTotal Search for analysis
Name 2f7f8fc05dc4fd0d_UAC.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nszFFC6.tmp\UAC.dll
Size 14.5KB
Processes 4656 (lv.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 adb29e6b186daa765dc750128649b63d
SHA1 160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA256 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
CRC32 1FE27A66
ssdeep 192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Yara
  • escalate_priv - Escalade priviledges
  • win_token - Affect system token
  • PE_Header_Zero - PE File Signature Zero
  • IsPE32 - (no description)
  • IsDLL - (no description)
  • IsWindowsGUI - (no description)
  • HasRichSignature - Rich Signature Check
VirusTotal Search for analysis
Name aefe8c340ebcceae_tese.msi
Submit file
Filepath C:\Users\test22\AppData\Roaming\ieBjZPIwrfYTIGFlspmRCLiHMokMPmlPcKhNkxSfoosYGYzWBAYSlPqvVTmQDWkDtonXzSYWslJxzoqNPfkfBaFF\Tese.msi
Size 921.8KB
Processes 7144 (vpn.exe)
Type data
MD5 c5de73401a4ad08730d7448f9db41add
SHA1 81bc3db1099aba71c987f8fd889d706a23618ca7
SHA256 aefe8c340ebcceae51f9017ccf56a74a6f5efc5012523d68a76b2d397dbc238a
CRC32 D1091CEF
ssdeep 24576:wJs7DlG83U/hcSO3UTyYPeuZtxY+8aiB8ea:wC7hGOSPT/PxebaiO
Yara
  • inject_thread - Code injection with CreateRemoteThread in a remote process
  • network_http - Communications over HTTP
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_files_operation - Affect private profile
  • Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration
  • Str_Win32_Wininet_Library - Match Windows Inet API library declaration
  • Str_Win32_Internet_API - Match Windows Inet API call
  • Str_Win32_Http_API - Match Windows Http API call
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • AutoIt - www.autoitscript.com/site/autoit/
VirusTotal Search for analysis
Name 7f8560f97d2f23f4_aprile.msi
Submit file
Filepath C:\Users\test22\AppData\Roaming\ieBjZPIwrfYTIGFlspmRCLiHMokMPmlPcKhNkxSfoosYGYzWBAYSlPqvVTmQDWkDtonXzSYWslJxzoqNPfkfBaFF\Aprile.msi
Size 111.4KB
Processes 7144 (vpn.exe)
Type ASCII text, with very long lines, with CRLF line terminators
MD5 8467341efcb627b3b7c7997b9d18a2b3
SHA1 7902e7833c474f2fe4bd88669fcb103c8191617e
SHA256 7f8560f97d2f23f4006ca8bef5d9682f1e621636f821cc03ba2187835443dab4
CRC32 5DBADC1C
ssdeep 3072:WziwOzRqNi51jcM5sDltmhMmeRsX8siHkBALAuG:hpf1A4Mg8ppVG
Yara None matched
VirusTotal Search for analysis
Name d6b7cb431b16723b_vpn.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\New Feature\vpn.exe
Size 1.1MB
Processes 4656 (lv.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
MD5 5a4f537ffd75be93484d34543127898c
SHA1 3b70254cce9cfcae221637c00610c6a7543f0272
SHA256 d6b7cb431b16723bce5523e0ac0c99fe0e583afaf1154f51cffee7420fe4dd74
CRC32 780DC8C0
ssdeep 24576:wx4tQdKLXCSDZGQQi8h+GT7cVhn6hxEx1FATbticaqKd:wx4tx1oh+G7cv6hOSicaqe
Yara
  • Malicious_Library_Zero - Malicious_Library
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
  • win_files_operation - Affect private profile
  • PE_Header_Zero - PE File Signature Zero
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • IsPacked - Entropy Check
  • HasOverlay - Overlay Check
  • HasModified_DOS_Message - DOS Message Check
VirusTotal Search for analysis
Name 39bd8e41114014fa_4.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\New Feature\4.exe
Size 261.5KB
Processes 4656 (lv.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 9b0d9deaa1d72cf93d725696475c7162
SHA1 80e7371d7341108145aeaca0773d22ed71e1c701
SHA256 39bd8e41114014fabc285af712fde3b70ccae2e89ccfa91c9bcb4373055a7c2a
CRC32 D804B1B4
ssdeep 6144:uXlQfuisgXLVOQ4fFJauTzrsVyChOhbzdie:uOfuiXoQ4f7auTzrsUChOxdh
Yara
  • Library_Malware_Zero - Library Malware
  • win_files_operation - Affect private profile
  • PE_Header_Zero - PE File Signature Zero
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • IsPacked - Entropy Check
VirusTotal Search for analysis
Name e3b0c44298fc1c14_nsjFFB5.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\nsjFFB5.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 1c62c5b0f8c9f1f6_Y
Submit file
Filepath C:\Users\test22\AppData\Roaming\ieBjZPIwrfYTIGFlspmRCLiHMokMPmlPcKhNkxSfoosYGYzWBAYSlPqvVTmQDWkDtonXzSYWslJxzoqNPfkfBaFF\Y
Size 635.3KB
Type ASCII text, with very long lines, with CRLF, CR, LF line terminators
MD5 ca9ab8aa57ce91b56ea5f97fc2ff6deb
SHA1 0aed949c17de918b8fcdc28112279bd949660369
SHA256 1c62c5b0f8c9f1f6ebbe1df515175b6a5620c6c623d3c51b05042a1646bb4d02
CRC32 647EF5E5
ssdeep 6144:aaa7DtXSlm4ngDXJlp6QRPJ5KdfAgm9vlQhxrwYp1apUv49h:aaa+nGX/tPJ5Btvlyxrlp1apUvM
Yara None matched
VirusTotal Search for analysis