popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 04f1bb6ba8481316_modern-wizard.bmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsl6386.tmp\modern-wizard.bmp
Size 139.4KB
Processes 2444 (download.blog)
Type PC bitmap, Windows 3.x format, 164 x 290 x 24
MD5 22157800afb6e69c9cc7721879577dcd
SHA1 e50a5058c02d3db6543cdc7744843d24897085dc
SHA256 04f1bb6ba8481316681eda978125238f6b27a9a0e555f235526f708906db5548
CRC32 94DC5A75
ssdeep 768:APU8L9mhPfvhg4yipGIve5WW9kGe5Je+aPBaUWyriu8K2Tc/XjU8YrX8kTRVIGrn:L+onhgXiad+ox2700Eu7h3
Yara None matched
VirusTotal Search for analysis
Name 551e6042dd494ea0_installoptions.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsl6386.tmp\InstallOptions.dll
Size 13.5KB
Processes 2444 (download.blog)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 d765c492c21689e3d9d61634371fd861
SHA1 ac200933671ae52c9d5544d0e2e8e9144d286c83
SHA256 551e6042dd494ea01549555ffc194ab9729da09058ec714eb368dd06642c9bbc
CRC32 8F5E21EE
ssdeep 192:9B6RvrfvOuJQDghBy/X7QKq3TLGciZJf0EzWzMnz6WoF1dBs:v6RrviWaX7eiZJ7nz6bB
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name ae2f1658656e554f_killprocdll.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsl6386.tmp\KillProcDLL.dll
Size 32.0KB
Processes 2444 (download.blog)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 83142eac84475f4ca889c73f10d9c179
SHA1 dbe43c0de8ef881466bd74861b2e5b17598b5ce8
SHA256 ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729
CRC32 C39B9788
ssdeep 384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name ed52bdad7b383a17_dllwaitforkillprogram.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsl6386.tmp\DLLWaitForKillProgram.dll
Size 28.0KB
Processes 2444 (download.blog)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 9c4b8ec42d89f7557bfd90798ce52787
SHA1 2376dde426ea65aa27c30e304086310605382475
SHA256 ed52bdad7b383a179b9b0e21fefdda2d72695c5263a815d5e1e0bfac6c718548
CRC32 1BA6B619
ssdeep 96:EP5ZuFye0MyQW4uPwhs+R/+gFrE1m/U/uG98bp2y+HS21kEZ1b+4Tu9C1uGg8wBu:akFyFRQ5wIzlH/UGq36EZY4T+Gul8U
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name d400b8fce7bfe70f_modern-header.bmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsl6386.tmp\modern-header.bmp
Size 23.4KB
Processes 2444 (download.blog)
Type PC bitmap, Windows 3.x format, 150 x 53 x 24
MD5 15f86e13d3e2003c7b1e3c8150a2a44a
SHA1 5e0beabad30a5eb43543ef18e007482d237912a9
SHA256 d400b8fce7bfe70f188d22e53bdd7832e14ede49e0720c35789001fef37bdebb
CRC32 8DE3642B
ssdeep 192:ejpKo+bxztKAhLaEzxf9xAV/LvC6HmHA+VkaSPqts:ejEo+hAREzWV/LrHOKaSCO
Yara None matched
VirusTotal Search for analysis
Name e8dcde519040e861_iospecial.ini
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsl6386.tmp\ioSpecial.ini
Size 684.0B
Processes 2444 (download.blog)
Type ISO-8859 text, with CRLF line terminators
MD5 83205ce88d68469a060b0f64e08395f9
SHA1 92b79d32989f7818a61abd829d7cf3b700afe383
SHA256 e8dcde519040e861e2a4efe0a22697f81a8f23408b92a6011f0d1670be2e64b8
CRC32 E5CE3805
ssdeep 12:lOu8dfAgQRvAPOLMpmFhvs4gNhyrtTKj+4gNDcVfrItIWDXaeVkivFSXsZko:6kRvAZEFhU1e4j+1Z2+IWmSkizh
Yara None matched
VirusTotal Search for analysis