popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name c07e41dfb14b4cb1_r.vbs
Submit file
Filepath C:\ProgramData\LKBNMTFJgl\r.vbs
Size 654.0B
Type data
MD5 634710f107a4f915e37402f4e0b54e1e
SHA1 090330ecf6d24a0ce61de23c35af669091e7b8a0
SHA256 c07e41dfb14b4cb197006842e7817a9a3fbe2cb53a641aba95398d9a132f8e69
CRC32 22589963
ssdeep 12:DJhvugypjBQMyod/MJsW+jCRAbjMwCdKIiDHvhFkqy30mgZM3LCKKvbMX4FHkqm3:DJhL7yjCyjMKFNyEmgZMbaDMoFHNc
Yara None matched
VirusTotal Search for analysis
Name 33085b2ebed5b8bf_csrss.exe
Submit file
Filepath C:\ProgramData\LKBNMTFJgl\csrss.exe
Size 2.7MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 435a80fb4927d98a770e8f04dc7615c7
SHA1 c66d9a1cc5e5d7cb213bbb6e10f04c25927b8788
SHA256 33085b2ebed5b8bf0c796012eeae95811c6a2d247869beb41666db07737bb761
CRC32 58AC0BDD
ssdeep 49152:jADBsFHMuxW0dpFEjZFgwa0aTuyDAkD4qfFqlYCd6/0ihTFjKiq2:jA9sFsMWoFKAhHcCqJ47hTBKiq2
Yara
  • PE_Header_Zero - PE File Signature Zero
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • IsPacked - Entropy Check
  • HasOverlay - Overlay Check
  • HasRichSignature - Rich Signature Check
  • Antivirus - Contains references to security software
  • win_registry - Affect system registries
  • win_files_operation - Affect private profile
VirusTotal Search for analysis
Name f45992d5769523b5_csrss.exe
Submit file
Filepath C:\ProgramData\LKBNMTFJgl\csrss.exe
Size 1.8MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c952383a9e62b399001ebbb03468d786
SHA1 1e45c19599479a6673c137ed59386b56696b4949
SHA256 f45992d5769523b5380d45fe1a40f2c921eabf98b695d2c2b272bcde12cab75e
CRC32 0100365A
ssdeep 49152:xA6ESVrsSkp1tRzRHON1ykC24GecSjPzUNSdnRG:xA6xRkt9RH8vLccSjPl
Yara
  • PE_Header_Zero - PE File Signature Zero
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • IsPacked - Entropy Check
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check
  • Antivirus - Contains references to security software
  • network_http - Communications over HTTP
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_files_operation - Affect private profile
  • Str_Win32_Wininet_Library - Match Windows Inet API library declaration
  • Str_Win32_Internet_API - Match Windows Inet API call
  • Str_Win32_Http_API - Match Windows Http API call
VirusTotal Search for analysis