popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name f27dd87003761daa_ee.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\csrss\wup\e\ee.exe
Size 54.4MB
Processes 3024 (ethm17041.exe)
Type PE32+ executable (console) x86-64, for MS Windows
MD5 3a66ed3c47958347a427417810e3b80a
SHA1 9fb091f1b33c4422f71f2a1eecb5222e9d325c7a
SHA256 f27dd87003761daac2ae271069f82bf2f39e7a906d4d38ade13941e2822727fd
CRC32 E2A162FC
ssdeep 1572864:UHzzPJr2IKqLlMP1FLM47NUuYhnCk0+vJ/wNSVnt4HkJb02uDGoE7SxmtxsI3C87:UHzTx26KHNJYhne+R/w8tt4EJb02u4Cg
Yara
  • PE_Header_Zero - PE File Signature Zero
  • IsPE64 - (no description)
  • IsConsole - (no description)
  • IsPacked - Entropy Check
  • HasRichSignature - Rich Signature Check
  • network_tcp_listen - Listen for incoming communication
  • win_registry - Affect system registries
  • Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration
  • UPX_Zero - UPX packed file
VirusTotal Search for analysis