popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name d84d810b8f8819f4_nsdialogs.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nseFFE5.tmp\nsDialogs.dll
Size 182.6KB
Processes 996 (FreeMaps.af75d672c26d4cc59fc74465083f473c.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 b9a5a272154fc0dd652ef9c59c5d63a0
SHA1 a5c72fd5e6080ce7ee8377240f5ced5e908a80af
SHA256 d84d810b8f8819f4a34d5e033b72951eadda1bbb5ed0b8c76874b6c25001caa9
CRC32 7F5F9F19
ssdeep 3072:NEF3K1gSVKhZXpsYOebeCqilqlu7LF6CnsYjXGx52J6RWYbzgt6R1YyAbyLpl:KfOGe5ilUkVjXGs6oizgsPYBmf
Yara
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • IsPE32 - (no description)
  • IsDLL - (no description)
  • IsWindowsGUI - (no description)
  • HasOverlay - Overlay Check
  • HasDigitalSignature - DigitalSignature Check
  • HasDebugData - DebugData Check
  • HasRichSignature - Rich Signature Check
VirusTotal Search for analysis
Name e3b0c44298fc1c14_nspFFD5.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\nspFFD5.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 5a1c20a3e2e2eb18_system.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nseFFE5.tmp\System.dll
Size 11.0KB
Processes 996 (FreeMaps.af75d672c26d4cc59fc74465083f473c.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 7399323923e3946fe9140132ac388132
SHA1 728257d06c452449b1241769b459f091aabcffc5
SHA256 5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3
CRC32 290AE4CE
ssdeep 192:eF2HS5ih/7i00dWz9T7PH6lOFcQMI5+Vw+bPFomi7dJWsP:rSUmlw9T7DmnI5+N273FP
Yara
  • PE_Header_Zero - PE File Signature Zero
  • IsPE32 - (no description)
  • IsDLL - (no description)
  • IsWindowsGUI - (no description)
  • HasRichSignature - Rich Signature Check
VirusTotal Search for analysis
Name ddeb1a235c5fbb98_cancel_blue_1473354968093.bmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nseFFE5.tmp\cancel_blue_1473354968093.bmp
Size 5.8KB
Processes 996 (FreeMaps.af75d672c26d4cc59fc74465083f473c.exe)
Type PC bitmap, Windows 3.x format, 140 x 36 x 8
MD5 c20f972bb1e321bcf007a11d1433496c
SHA1 ad305eb993bd34a44a1eb27fe723c0e004e36220
SHA256 ddeb1a235c5fbb989fadf287a627736894f62406c0258b2a8b73379ada7a6775
CRC32 1B10A982
ssdeep 96:WCrI+9+ek4wErORzrbdOoDQfP1NcX+I/:Wk9+eXrizrsoMX1NcXN
Yara None matched
VirusTotal Search for analysis
Name df2bd2e2781daa4d_install_eng_1435615485061.bmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nseFFE5.tmp\Install_ENG_1435615485061.bmp
Size 6.0KB
Processes 996 (FreeMaps.af75d672c26d4cc59fc74465083f473c.exe)
Type PC bitmap, Windows 3.x format, 140 x 36 x 8
MD5 7078777f775a58435028c19515955085
SHA1 29517b333192b7919f0a82e4d43ba86df65d0f75
SHA256 df2bd2e2781daa4d3270ff3bac2cfae49fcb42e2a331d10f4f0cbda2e3b1dddc
CRC32 F02191A9
ssdeep 48:5xYXTKlEaCv3kfz47yqT5s7VBEuvXQKEUuHWIZLrlh:5qTK2z3MSD1aEOEUYZ/lh
Yara None matched
VirusTotal Search for analysis
Name 5c8ac33fba9eeb09_freemaps_msi_bg-copy_1501776774504.bmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nseFFE5.tmp\FreeMaps_msi_bg-copy_1501776774504.bmp
Size 226.3KB
Processes 996 (FreeMaps.af75d672c26d4cc59fc74465083f473c.exe)
Type PC bitmap, Windows 3.x format, 568 x 406 x 8
MD5 0b46d31b580266e486f4ccde194be242
SHA1 4eb5ee3feb341f66360ca13dfa40cdb5c039a9f7
SHA256 5c8ac33fba9eeb09116e996d4f0d00b289d02dedffad151671d2f38ed0f14cf1
CRC32 76EFAE95
ssdeep 768:TNUrBIq5y01avxjxFRovp2uunCnVuvZx4Y3d:TaBw8avxjxFRC2uwCnVu9d
Yara None matched
VirusTotal Search for analysis